Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=speranza.no
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://speranza.no/ | 200 OK Content-Length: 11256 Content-Type: text/html | clean |
http://speranza.no/swfobject.js | 200 OK Content-Length: 8407 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept=="undefined"){var deconcept=new Object();} if(typeof deconcept.util=="undefined"){deconcept.util=new Object();} if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();} deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a,_b){if(!document.getElementById){return;} this.DETECT_KEY=_b?_b:"detectflash"; this.skipDetect=deconcept.util.getRequestParameter(this.DETECT_KEY); this.params=new Object(); this.varia Antivirus reports:
| ||
http://speranza.no/swfobject_modified.js | 200 OK Content-Length: 23913 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", SHOCKWAVE_FLASH_AX = "ShockwaveFlash.ShockwaveFlash", FLASH_MIME_TYPE = "application/x-shockwave-flash", EXPRESS_INSTALL_ID = "SWFObjectExprInst", win = window, doc = document, nav = navigator, domLoadFnArr = [], regObjArr = [], timer = null, storedAltContent = nul / Antivirus reports:
| ||
http://speranza.no/include/nmanagerpro.js | 200 OK Content-Length: 2775 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function winOpen(theUrl,w,h){
newsletterpopup = window.open(theUrl,'i','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,width='+w+',height='+h+',top=100,left=100') newsletterpopup.focus(); } function emailvalidation(field, alertbox) { var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\.info)|(\.sex)|(\.biz)|(\.aero)|(\.coop)|(\.museum)|(\.name)|(\.pro)|(\..{2,2}))$)\b/gi); Antivirus reports:
| ||
http://speranza.no/default.asp | 200 OK Content-Length: 11256 Content-Type: text/html | clean |
http://speranza.no/langswitch.asp | 500 Internal Server Error Content-Length: 316 Content-Type: text/html | clean |
http://speranza.no/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://speranza.no/info/info.asp | 200 OK Content-Length: 16743 Content-Type: text/html | clean |
http://speranza.no/info/swfobject.js | 200 OK Content-Length: 8407 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept=="undefined"){var deconcept=new Object();} if(typeof deconcept.util=="undefined"){deconcept.util=new Object();} if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();} deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a,_b){if(!document.getElementById){return;} this.DETECT_KEY=_b?_b:"detectflash"; this.skipDetect=deconcept.util.getRequestParameter(this.DETECT_KEY); this.params=new Object(); this.varia Antivirus reports:
| ||
http://speranza.no/info/swfobject_modified.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://speranza.no/info/include/nmanagerpro.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://speranza.no/news.asp | 200 OK Content-Length: 128068 Content-Type: text/html | clean |
http://speranza.no/films/ | 200 OK Content-Length: 17885 Content-Type: text/html | clean |
http://speranza.no/films/swfobject.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://speranza.no/films/swfobject_modified.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: speranza.no
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 13 Jan 2015 14:59:22 GMT
Server: Microsoft-IIS/6.0
Content-Length: 11256
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSBADRBB=BPCPAOICACMAFMBEFEIDJJMG; path=/
X-Powered-By: ASP.NET
...11256 bytes of data.
GET / HTTP/1.1
Host: speranza.no
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 13 Jan 2015 14:59:22 GMT
Server: Microsoft-IIS/6.0
Content-Length: 11256
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSBADRBB=BPCPAOICACMAFMBEFEIDJJMG; path=/
X-Powered-By: ASP.NET
...11256 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: speranza.no
Referer: http://www.google.com/search?q=speranza.no
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: speranza.no
Referer: http://www.google.com/search?q=speranza.no
Result:
The result is similar to the first query. There are no suspicious redirects found.