Scanned pages/files
| Request | Server response | Status |
http://telecomitalia.it/ | 200 OK Content-Length: 54236 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://1597775.fls.doubleclick.net/activityi;src=1597775;type=landi001;cat=landi575;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://1597775.fls.doubleclick.net/activityi;src=1597775;type=landi001;cat=landi575;ord= <iframe src="http://1597775.fls.doubleclick.net/activityi;src=1597775;type=landi001;cat=landi575;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://1597775.fls.doubleclick.net/activityi;src=1597775;type=landi001;cat=landi575;ord=1? <iframe src="http://1597775.fls.doubleclick.net/activityi;src=1597775;type=landi001;cat=landi575;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/jquery/1.10/jquery.min.js?v=1.10.2 | 200 OK Content-Length: 93107 Content-Type: application/javascript | clean |
http://telecomitalia.it/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/javascript | clean |
http://telecomitalia.it/misc/drupal.js?nfjjkz | 200 OK Content-Length: 14544 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/custom/ti_customizations/theme/js/jquery_dollar.js?nfjjkz | 200 OK Content-Length: 176 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/custom/ti_customizations/theme/js/jquery-migrate-1.2.1.min.js?nfjjkz | 200 OK Content-Length: 7199 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.core.min.js?v=1.10.2 | 200 OK Content-Length: 4289 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.widget.min.js?v=1.10.2 | 200 OK Content-Length: 6488 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.button.min.js?v=1.10.2 | 200 OK Content-Length: 7143 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.mouse.min.js?v=1.10.2 | 200 OK Content-Length: 2841 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.draggable.min.js?v=1.10.2 | 200 OK Content-Length: 18345 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.position.min.js?v=1.10.2 | 200 OK Content-Length: 6273 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.resizable.min.js?v=1.10.2 | 200 OK Content-Length: 17273 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery.ui.dialog.min.js?v=1.10.2 | 200 OK Content-Length: 11185 Content-Type: application/javascript | clean |
http://telecomitalia.it/sites/all/modules/custom/ti_customizations/theme/js/conditional_field_group.js?nfjjkz | 200 OK Content-Length: 517 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: telecomitalia.it
Result:
HTTP/1.1 200 OK
Cache-Control: public, max-age=10800
Connection: close
Date: Thu, 27 Nov 2014 08:28:54 GMT
ETag: "1417076878-0"
Server: Apache
Vary: Cookie,Accept-Encoding
Content-Language: it
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 27 Nov 2014 08:27:58 GMT
Link: </node/1>; rel="canonical",</node/1>; rel="shortlink"
Set-Cookie: ArrowPointCookie=R3168447159; path=/
Set-Cookie: ArrowPointCookie=R1938538843; path=/
X-Drupal-Cache: HIT
X-Generator: Drupal 7 (http://drupal.org)
GET / HTTP/1.1
Host: telecomitalia.it
Result:
HTTP/1.1 200 OK
Cache-Control: public, max-age=10800
Connection: close
Date: Thu, 27 Nov 2014 08:28:54 GMT
ETag: "1417076878-0"
Server: Apache
Vary: Cookie,Accept-Encoding
Content-Language: it
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 27 Nov 2014 08:27:58 GMT
Link: </node/1>; rel="canonical",</node/1>; rel="shortlink"
Set-Cookie: ArrowPointCookie=R3168447159; path=/
Set-Cookie: ArrowPointCookie=R1938538843; path=/
X-Drupal-Cache: HIT
X-Generator: Drupal 7 (http://drupal.org)
Second query (visit from search engine):
GET / HTTP/1.1
Host: telecomitalia.it
Referer: http://www.google.com/search?q=telecomitalia.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: telecomitalia.it
Referer: http://www.google.com/search?q=telecomitalia.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=telecomitalia.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://telecomitalia.it/
Result: telecomitalia.it is not infected or malware details are not published yet.
Result: telecomitalia.it is not infected or malware details are not published yet.