Scanned pages/files
Request | Server response | Status |
http://wintricks.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 10:35:33 GMT Location: http://www.wintricks.it/ Server: Apache Vary: Accept-Encoding Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.wintricks.it/ | 200 OK Content-Length: 57512 Content-Type: text/html | clean |
http://www.wintricks.it/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://www.wintricks.it/themes/barratech/pi.js | 200 OK Content-Length: 513 Content-Type: application/javascript | clean |
http://www.wintricks.it/js/writeCapture.js | 200 OK Content-Length: 22233 Content-Type: application/javascript | clean |
http://www.wintricks.it/js/jquery.writeCapture.js | 200 OK Content-Length: 4134 Content-Type: application/javascript | clean |
http://www.wintricks.it/js/criteo.js | 200 OK Content-Length: 1070 Content-Type: application/javascript | clean |
http://forum.wintricks.it/clientscript/vbulletin_md5.js | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://eas8.emediate.eu/eas?cu=5034;cre=mu;js=y;target=_blank | 200 OK Content-Length: 292 Content-Type: application/x-javascript | clean |
http://js.qrius.me/qrius.it.js | 200 OK Content-Length: 343 Content-Type: application/x-javascript | clean |
http://eas8.emediate.eu/eas?cu_key=homepage_wnt_boxlinksxuno;cre=mu;js=y;target=_blank | 200 OK Content-Length: 48 Content-Type: application/x-javascript | clean |
http://eas8.emediate.eu/eas?cu_key=homepage_wnt_boxlinksxdue;cre=mu;js=y;target=_blank | 200 OK Content-Length: 48 Content-Type: application/x-javascript | clean |
http://wintricks.it/js_box_160x100.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 10:35:35 GMT Location: http://www.wintricks.it/js_box_160x100.js Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.wintricks.it/js_box_160x100.js | 200 OK Content-Length: 533 Content-Type: application/javascript | clean |
http://wintricks.it/js_sky.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 10:35:36 GMT Location: http://www.wintricks.it/js_sky.js Server: Apache Vary: Accept-Encoding Content-Length: 241 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.wintricks.it/js_sky.js | 200 OK Content-Length: 1393 Content-Type: application/javascript | clean |
http://eas8.emediate.eu/eas?cu=5033;cre=mu;js=y;target=_blank | 200 OK Content-Length: 48 Content-Type: application/x-javascript | clean |
http://wintricks.it.intellitxt.com/intellitxt/front.asp?ipid=30075 | 200 OK Content-Length: 402 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wintricks.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 10:35:33 GMT
Location: http://www.wintricks.it/
Server: Apache
Vary: Accept-Encoding
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
...232 bytes of data.
GET / HTTP/1.1
Host: wintricks.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 10:35:33 GMT
Location: http://www.wintricks.it/
Server: Apache
Vary: Accept-Encoding
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
...232 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: wintricks.it
Referer: http://www.google.com/search?q=wintricks.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wintricks.it
Referer: http://www.google.com/search?q=wintricks.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wintricks.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wintricks.it/
Result: wintricks.it is not infected or malware details are not published yet.
Result: wintricks.it is not infected or malware details are not published yet.