Scanned pages/files
Request | Server response | Status |
http://29pollici.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:26 GMT Location: http://29pollici.com/hubpub/ Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 377 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/ | 200 OK Content-Length: 71249 Content-Type: text/html | clean |
http://29pollici.com/hubpub/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384 | 200 OK Content-Length: 36628 Content-Type: application/x-javascript | clean |
http://29pollici.com/clientscript/yui/connection/connection-min.js?v=384 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:28 GMT Location: http://29pollici.com/hubpub/clientscript/yui/connection/connection-min.js?v=384 Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 428 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/clientscript/yui/connection/connection-min.js?v=384 | 200 OK Content-Length: 11604 Content-Type: application/x-javascript | clean |
http://29pollici.com/clientscript/vbulletin_global.js?v=384 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:28 GMT Location: http://29pollici.com/hubpub/clientscript/vbulletin_global.js?v=384 Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 415 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/clientscript/vbulletin_global.js?v=384 | 200 OK Content-Length: 26027 Content-Type: application/x-javascript | clean |
http://29pollici.com/clientscript/vbulletin_menu.js?v=384 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:29 GMT Location: http://29pollici.com/hubpub/clientscript/vbulletin_menu.js?v=384 Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 413 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/clientscript/vbulletin_menu.js?v=384 | 200 OK Content-Length: 9440 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 11733 Content-Type: application/javascript | clean |
http://www.google.it/coop/cse/brand?form=cse-search-box&lang=it | 200 OK Content-Length: 2510 Content-Type: text/javascript | clean |
http://29pollici.com/clientscript/vbulletin_md5.js?v=384 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:30 GMT Location: http://29pollici.com/hubpub/clientscript/vbulletin_md5.js?v=384 Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 412 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/clientscript/vbulletin_md5.js?v=384 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 22296 Content-Type: text/javascript | clean |
http://29pollici.com/clientscript/vbulletin_read_marker.js?v=384 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:30 GMT Location: http://29pollici.com/hubpub/clientscript/vbulletin_read_marker.js?v=384 Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 420 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/clientscript/vbulletin_read_marker.js?v=384 | 200 OK Content-Length: 3408 Content-Type: application/x-javascript | clean |
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php | 200 OK Content-Length: 166093 Content-Type: application/x-javascript | clean |
http://www.29pollici.com/hubpub/clientscript/fbconnect.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:31 GMT Location: http://forum.29pollici.com/hubpub/clientscript/fbconnect.js Server: Apache/2.2.3 (CentOS) Vary: Accept-Encoding Content-Length: 349 Content-Type: text/html; charset=iso-8859-1 | clean |
http://forum.29pollici.com/hubpub/clientscript/fbconnect.js | 200 OK Content-Length: 963 Content-Type: application/x-javascript | clean |
http://29pollici.com/mobiquo/tapatalkdetect.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:32 GMT Location: http://29pollici.com/hubpub/mobiquo/tapatalkdetect.js Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 402 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/mobiquo/tapatalkdetect.js | 200 OK Content-Length: 2518 Content-Type: application/x-javascript | clean |
http://29pollici.com/index.php?s=24b30a9b3497da86c641b2e9c33e1bef | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 09:15:32 GMT Location: http://29pollici.com/hubpub/index.php?s=24b30a9b3497da86c641b2e9c33e1bef Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5 Content-Length: 421 Content-Type: text/html; charset=iso-8859-1 | clean |
http://29pollici.com/hubpub/index.php?s=24b30a9b3497da86c641b2e9c33e1bef | 200 OK Content-Length: 71263 Content-Type: text/html | clean |
http://29pollici.com/hubpub/register.php?s=24b30a9b3497da86c641b2e9c33e1bef | 200 OK Content-Length: 21813 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 29pollici.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 07 May 2014 09:15:26 GMT
Location: http://29pollici.com/hubpub/
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5
Content-Length: 377
Content-Type: text/html; charset=iso-8859-1
...377 bytes of data.
GET / HTTP/1.1
Host: 29pollici.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 07 May 2014 09:15:26 GMT
Location: http://29pollici.com/hubpub/
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_chroot/0.5
Content-Length: 377
Content-Type: text/html; charset=iso-8859-1
...377 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 29pollici.com
Referer: http://www.google.com/search?q=29pollici.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 29pollici.com
Referer: http://www.google.com/search?q=29pollici.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=29pollici.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://29pollici.com/
Result: 29pollici.com is not infected or malware details are not published yet.
Result: 29pollici.com is not infected or malware details are not published yet.