Scanned pages/files
Request | Server response | Status |
http://blackjackskolan.se/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 15 Aug 2014 08:56:37 GMT Location: http://www.blackjackskolan.se/ Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.blackjackskolan.se/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.blackjackskolan.se/ | 200 OK Content-Length: 7312 Content-Type: text/html | clean |
http://www.blackjackskolan.se/wp-content/themes/blackjackskolanse/jquery.js?ver=3.7.4 | 200 OK Content-Length: 92629 Content-Type: application/javascript | clean |
http://www.blackjackskolan.se/wp-content/themes/blackjackskolanse/jquery-migrate-1.1.1.js?ver=3.7.4 | 200 OK Content-Length: 16174 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function( jQuery, window, undefined ) { var warnedAbout = {}; jQuery.migrateWarnings = []; jQuery.migrateMute = true; if ( !jQuery.migrateMute && window.console && console.log ) { console.log("JQMIGRATE: Logging is active"); } if ( jQuery.migrateTrace === undefined ) { jQuery.migrateTrace = true; } jQuery.migrateReset = function() { warnedAbout = {}; jQuery.migrateWarnings.length = 0; }; function migrateWarn( msg) { jQuery.event.add( document, name + "." + jQuery.guid, function() { jQuery.event.trigger( name, null, elem, true ); }); jQuery._data( this, name, jQuery.guid++ ); } return false; }, teardown: function() { if ( this !== document ) { jQuery.event.remove( document, name + "." + jQuery._data( this, name ) ); } return false; } }; } ); })( jQuery, window ); Antivirus reports:
| ||
http://www.blackjackskolan.se/wp-content/themes/blackjackskolanse/script.js?ver=3.7.4 | 200 OK Content-Length: 48712 Content-Type: application/javascript | clean |
http://js.affiliatelounge.com/javascript.php?prefix=tNfnoKN1YL530LgpPv-Es2Nd7ZgqdRLk&media=36547&campaign=49&payload=49 | 200 OK Content-Length: 396 Content-Type: application/javascript | clean |
http://blackjackskolan.se/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 15 Aug 2014 08:56:43 GMT Pragma: no-cache Location: http://www.blackjackskolan.se/test404page.js Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.blackjackskolan.se/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.blackjackskolan.se/test404page.js | 404 Not Found Content-Length: 179 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: blackjackskolan.se
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 15 Aug 2014 08:56:37 GMT
Location: http://www.blackjackskolan.se/
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.blackjackskolan.se/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: blackjackskolan.se
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 15 Aug 2014 08:56:37 GMT
Location: http://www.blackjackskolan.se/
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.blackjackskolan.se/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: blackjackskolan.se
Referer: http://www.google.com/search?q=blackjackskolan.se
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: blackjackskolan.se
Referer: http://www.google.com/search?q=blackjackskolan.se
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=blackjackskolan.se
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://blackjackskolan.se/
Result: blackjackskolan.se is not infected or malware details are not published yet.
Result: blackjackskolan.se is not infected or malware details are not published yet.