Overview

URL jossiacastaldi.com/affecta.php
IP89.46.106.37
ASNAS31034 Aruba S.p.A.
Location Italy
Report completed2018-03-25 08:09:01 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-03-25 08:14:56 CEST 2 Client IP  Internal IP ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2018-03-25 08:14:55 CEST 2 Client IP  Internal IP ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2018-03-25 08:14:56 CEST 1 Client IP  194.67.220.215 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-03-25 2 bestserviceclub.su/ Phishing
2018-03-25 2 bestserviceclub.su/ Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 7 reports on IP: 89.46.106.37

Date UQ / IDS / BL URL IP
2019-05-16 01:02:59 +0200
0 - 0 - 0 https://www.claudiabruschini.com/ 89.46.106.37
2019-03-17 17:44:53 +0100
0 - 0 - 0 www.officinedellusso.com/fr/de/index_3.php 89.46.106.37
2018-11-19 16:52:18 +0100
0 - 0 - 0 www.centrodiculturacondominiale.com/forums/to (...) 89.46.106.37
2018-10-04 17:29:48 +0200
0 - 0 - 0 leonrabi.com/ 89.46.106.37
2018-03-25 08:08:46 +0200
0 - 4 - 6 jossiacastaldi.com/affecta.php%22 89.46.106.37
2017-09-14 02:47:22 +0200
0 - 0 - 1 https://www.passsecuriter.info/ 89.46.106.37
2017-09-14 00:56:36 +0200
0 - 0 - 1 https://www.passsecuriter.info/ 89.46.106.37

Last 10 reports on ASN: AS31034 Aruba S.p.A.

Date UQ / IDS / BL URL IP
2019-06-19 12:15:20 +0200
0 - 0 - 0 www.web121.it/ 80.88.86.8
2019-06-19 11:43:40 +0200
0 - 0 - 0 www.rifomet.net/ 62.149.140.142
2019-06-19 08:19:56 +0200
0 - 0 - 0 accelleratedorthodontics.com 62.149.128.160
2019-06-18 19:59:03 +0200
0 - 0 - 0 www.eroticiracconti.it 5.249.157.234
2019-06-17 23:46:07 +0200
0 - 0 - 0 firstfamilygroup.ru 95.110.232.65
2019-06-17 22:18:02 +0200
0 - 0 - 0 www.laruotainternazionale.it/ 31.11.33.33
2019-06-17 20:37:00 +0200
0 - 1 - 1 https://fastdrugsassist.su/ 95.110.232.65
2019-06-17 13:01:08 +0200
0 - 0 - 0 www.safehomeitaly.it 89.46.106.85
2019-06-17 12:40:24 +0200
0 - 0 - 0 89.36.222.85 89.36.222.85
2019-06-15 08:04:38 +0200
0 - 0 - 0 herbalbestoutlet.ru/ 95.110.232.65

Last 1 reports on domain: jossiacastaldi.com

Date UQ / IDS / BL URL IP
2018-03-25 08:08:46 +0200
0 - 4 - 6 jossiacastaldi.com/affecta.php%22 89.46.106.37


JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (12)


Request Response
                                        
                                            GET /affecta.php HTTP/1.1 
Host: jossiacastaldi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         89.46.106.37
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: aruba-proxy
Date: Sun, 25 Mar 2018 06:14:55 GMT
Content-Length: 182
Connection: keep-alive
Location: http://www.jossiacastaldi.com/affecta.php
X-ServerName: ipvsproxy80.ad.aruba.it


--- Additional Info ---
Magic:  HTML document text
Size:   182
Md5:    b9d44ae5ca75a352070be23a6e9c70f6
Sha1:   a3aa893ef50506ec0f1fdf60ccfbf5e48f142e81
Sha256: e3631af1efa5be63f728619833a5a8a23a1f72ca40d6f6b6c71d80bca51975c0
                                        
                                            GET /affecta.php HTTP/1.1 
Host: www.jossiacastaldi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         89.46.106.37
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: aruba-proxy
Date: Sun, 25 Mar 2018 06:14:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.38
X-ServerName: ipvsproxy80.ad.aruba.it
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   733
Md5:    64adad94e20fbd48e8042e27d090d8a4
Sha1:   dd5657864246c3c5affa0ef9ad00b92e487efa10
Sha256: 9896a76bdf74ced815878cbb3f74d2755a13431513c949aeebe5dc007ba69bdf
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.jossiacastaldi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         89.46.106.37
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: aruba-proxy
Date: Sun, 25 Mar 2018 06:14:55 GMT
Content-Length: 210
Connection: keep-alive
Location: http://bestserviceclub.su/
X-ServerName: ipvsproxy80.ad.aruba.it


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   210
Md5:    85a70456d3e20151556a9531fcf9fb73
Sha1:   beea001d202597ada90f14b7dfca15eef615ac86
Sha256: 83fabc5aeeb5852de3c95e9e7b31b29f1220163c5fd431666da43ba9eb4de3a9
                                        
                                            GET / HTTP/1.1 
Host: bestserviceclub.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         5.101.179.167
HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html
                                        
Server: nginx
Date: Sun, 25 Mar 2018 06:14:55 GMT
Content-Length: 206
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   206
Md5:    7772594fc0fcc01b962246dff814fcfd
Sha1:   95a192cbae5e0156e647d22c1e200af103d0c2d6
Sha256: 1e2ea44c8bb71ad3a3195b4625c66b931827a2eb5e4099533860bf4270f67bcb

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /?s=27012018&a=401336&c=cpcdiet HTTP/1.1 
Host: lostforeverfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.jossiacastaldi.com/affecta.php

                                         
                                         185.248.160.20
HTTP/1.1 303 See Other
                                        
Server: nginx/1.12.2
Date: Sun, 25 Mar 2018 06:13:42 GMT
Content-Length: 0
Connection: keep-alive
Location: http://lostforeverfat.world/all/asca/cpc?bhu=CWpXPZNqNE3qDq1aGWDeHdf5hntcGWXLTEHG7
Set-Cookie: UUID=U1284-90-1934-401336-207054; expires=Mon, 26 Mar 2018 06:14:56 GMT; path=/ _data=2suFRKf93JBHsHfNmtsf1EHvxZxzpYuzPLFff48vrix


--- Additional Info ---
                                        
                                            GET /all/asca/cpc?bhu=CWpXPZNqNE3qDq1aGWDeHdf5hntcGWXLTEHG7 HTTP/1.1 
Host: lostforeverfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.jossiacastaldi.com/affecta.php
Cookie: UUID=U1284-90-1934-401336-207054; _data=2suFRKf93JBHsHfNmtsf1EHvxZxzpYuzPLFff48vrix

                                         
                                         185.248.160.20
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.12.2
Date: Sun, 25 Mar 2018 06:13:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: ARR/2.5(39925cc76)


--- Additional Info ---
Magic:  ASCII text
Size:   279
Md5:    dc80a38f9758c6da84cf090cea4c3f72
Sha1:   41c55d9a31c9aab5be1f0a4346a22d3aa7cce2a8
Sha256: 064971823cc5d76f338259aaecb5930e425ccddae5041f10edc7e63aa2b40cc8
                                        
                                            GET /assets/CWpXPZNqNE3qDq1aGWDeHdf5hntcGWXLTEHG7/theme_y5d9z0.css?CID=411298 HTTP/1.1 
Host: lostforeverfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lostforeverfat.world/all/asca/cpc?bhu=CWpXPZNqNE3qDq1aGWDeHdf5hntcGWXLTEHG7
Cookie: UUID=U1284-90-1934-401336-207054; _data=2suFRKf93JBHsHfNmtsf1EHvxZxzpYuzPLFff48vrix

                                         
                                         185.248.160.20
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.12.2
Date: Sun, 25 Mar 2018 06:13:42 GMT
Content-Length: 21
Connection: keep-alive
Set-Cookie: _view=true; expires=Mon, 26 Mar 2018 06:14:56 GMT; path=/


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   21
Md5:    18344450471966e26d48e47bf2171ee3
Sha1:   aac149a94aa35965e088a6a63c428d6056275ab2
Sha256: 4e0f2cb203e4cbd5c7433d348c079f8e08f305de9b8fc88ae19ff4c57974962f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: lostforeverfat.world
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: UUID=U1284-90-1934-401336-207054; _data=2suFRKf93JBHsHfNmtsf1EHvxZxzpYuzPLFff48vrix; _view=true

                                         
                                         185.248.160.20
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx/1.12.2
Date: Sun, 25 Mar 2018 06:13:42 GMT
Content-Length: 790
Connection: keep-alive
Last-Modified: Tue, 30 May 2017 11:53:02 GMT
Etag: "592d5d1e-316"
Expires: Sun, 01 Apr 2018 06:13:42 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
Size:   790
Md5:    2aa1fc87608f47af9fbe7a28537d83a6
Sha1:   126b18b5ab5a1df8fdfd5435c91d93c314d770b3
Sha256: 3ffde8a57281c9b5377702644247b38bed27dcd0e97b6307c6514add01233a28
                                        
                                            GET / HTTP/1.1 
Host: realsaleclub.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lostforeverfat.world/all/asca/cpc?bhu=CWpXPZNqNE3qDq1aGWDeHdf5hntcGWXLTEHG7

                                         
                                         194.67.220.215
HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html
                                        
Server: nginx
Date: Sun, 25 Mar 2018 06:14:57 GMT
Content-Length: 206
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   206
Md5:    7772594fc0fcc01b962246dff814fcfd
Sha1:   95a192cbae5e0156e647d22c1e200af103d0c2d6
Sha256: 1e2ea44c8bb71ad3a3195b4625c66b931827a2eb5e4099533860bf4270f67bcb

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: realsaleclub.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         194.67.220.215
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx
Date: Sun, 25 Mar 2018 06:14:57 GMT
Content-Length: 5430
Connection: keep-alive
Last-Modified: Mon, 21 Aug 2017 12:29:51 GMT
Etag: "1536-55742a29feec7"
Cache-Control: public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 256-colors
Size:   5430
Md5:    88eba8e4763360469235d491fd3abbf3
Sha1:   2b8f0b11a419212105f409064f5e399ea0e31f40
Sha256: 60ebec9e0b08eb0d7ab7bfc081d6a2cb91ce012f5c919b6b25e3ed5c31a7bec9
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.jossiacastaldi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         89.46.106.37
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: aruba-proxy
Date: Sun, 25 Mar 2018 06:14:58 GMT
Content-Length: 210
Connection: keep-alive
Location: http://bestserviceclub.su/
X-ServerName: ipvsproxy80.ad.aruba.it


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   210
Md5:    85a70456d3e20151556a9531fcf9fb73
Sha1:   beea001d202597ada90f14b7dfca15eef615ac86
Sha256: 83fabc5aeeb5852de3c95e9e7b31b29f1220163c5fd431666da43ba9eb4de3a9
                                        
                                            GET / HTTP/1.1 
Host: bestserviceclub.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         5.101.179.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Sun, 25 Mar 2018 06:14:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Set-Cookie: buy_count=186 ga_tracking=; path=/ city=Oslo; path=/ short_domain_name=su; path=/ holiday=; path=/ is_mobile=0; path=/ ga_linkers=; path=/ full_requested=0; path=/ mf_tracking=; path=/ flag_country=no; path=/ domain_name=bestserviceclub.su; path=/ redirect=; path=/ site_id=505; path=/ no_holiday=1; path=/ CGISESSID=80a0b6fa3c50d9731a1208544b280c40; path=/; expires=Wed, 04-Jul-2136 06:14:58 GMT
Expires: Sun, 25 Mar 2018 06:14:57 GMT
Cache-Control: no-cache, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sun, 25 Mar 2018 06:14:57 GMT


--- Additional Info ---
Magic:  gzip compressed data
Size:   24526
Md5:    272030041186fec599ff6362655680d9
Sha1:   f58f508824010b9fceefc4df5898e7f078be3018
Sha256: 78404ee6d04865d2e1f23b8805f0a1e823a8db45f241094284f40df25cc97bca

Alerts:
  Blacklists:
    - fortinet: Phishing