Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=parolamia.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://parolamia.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: parolamia.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 12:36:20 GMT Location: http://mampoks.ru/track.php Server: Apache Content-Length: 298 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://parolamia.com/ | 200 OK Content-Length: 2715 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) window.scrollBy(0, 1) window.resizeTo(0,0) window.moveTo(0,0) setTimeout("move()", 1); var mxm=50 var mym=25 var mx=0 var my=0 var sv=50 var status=1 var szx=0 var szy=0 var c=255 var n=0 var sm=30 var cycle=2 var done=2 function move() { if (status == 1) { mxm=mxm/1.05 mym=mym/1.05 mx=mx+mxm my=my-mym mxm=mxm+(400-mx)/100 mym=mym-(300-my)/100 window.moveTo } } if (status == 6) { document.title = "INC Team" alert("INC Team") cycle=2 status=4 done=1 } if (status == 7) { c=c+4 document.bgColor=c*65536 document.fgColor=(255-c)*65536 if (c > 128) {status=8} } if (status == 8) { window.moveTo(0,0) sx=screen.availWidth sy=screen.availHeight window.resizeTo(sx,sy) status=9 } var timer=setTimeout("move()",0.9) } Antivirus reports:
Deface/Content modification. The following signature was found: HaCKeD By CeLLaTReiS ...[2359 bytes skipped]... } var timer=setTimeout("move()",0.9) } </script> <center><img src="http://b1303.hizliresim.com/17/p/l9xgq.png" /> <body bgcolor = black> <font size=5><font color=white><h2><p align=center> HaCKeD By CeLLaTReiS </p></h2></font> <h1> <p align=center><font color=red>wWw.TurkHackArmy.Org</font> </p></h1> </div> <b></b><h5> <p align=center><font color=red>CeLLaTReiS</font><font color=white> SiKeR </font></p></h ...[451 bytes skipped]... | ||
http://parolamia.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 28 Aug 2014 12:36:21 GMT Location: http://pyatnickiy.ru/track.php Server: Apache Content-Length: 277 Content-Type: text/html; charset=iso-8859-1 | clean |
http://pyatnickiy.ru/track.php | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Thu, 28 Aug 2014 12:36:22 GMT Pragma: no-cache Server: nginx Vary: User-Agent,Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Thu, 28 Aug 2014 12:36:21 GMT Set-Cookie: tu=7b7e356fa36f260a7bd58f1e4e615f15; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=pyatnickiy.ru; httponly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RP/M8ryTcSSNN3AP3VcQGI/EcYXse9e8ZMOldBxn0RzITrJlAsjZXaylfQt+1q7+1o8tyEr2YTkhVrqBsVd+XA== X-Cache: MISS from 831149 X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://pyatnickiy.ru/track.php/?gtnjs=1 | 200 OK Content-Length: 22373 Content-Type: text/html | clean |
http://img.sedoparking.com/js/jquery-1.4.2.min.js | 200 OK Content-Length: 52579 Content-Type: application/x-javascript | clean |
http://www.google.com/adsense/domains/caf.js | 200 OK Content-Length: 258 Content-Type: text/javascript | clean |