Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=terencehill.it
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.terencehill.it/ | HTTP/1.1 200 OK Date: Tue, 07 Oct 2014 07:42:26 GMT Accept-Ranges: bytes ETag: "6658d39ed3dec51:53f117" Server: Microsoft-IIS/6.0 Content-Length: 1969 Content-Location: http://www.terencehill.it/index.html Content-Type: text/html Last-Modified: Tue, 01 Nov 2005 11:01:33 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET | clean |
http://www.terencehill.it/index.html | 200 OK Content-Length: 1969 Content-Type: text/html | clean |
http://www.terencehill.it/fc/fc.html | 200 OK Content-Length: 3870 Content-Type: text/html | clean |
http://www.terencehill.it/fc/js/fc.js | 200 OK Content-Length: 6701 Content-Type: application/x-javascript | clean |
http://www.terencehill.it/fc/fc_en.html | 200 OK Content-Length: 3898 Content-Type: text/html | clean |
http://www.terencehill.it/fc/js/fc_en.js | 200 OK Content-Length: 6764 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function right(e) {
if (navigator.appName == 'Netscape' && (e.which == 3 || e.which == 2)) return false; else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 || event.button == 3)) { alert("The Stuff presented in this page has been published to allow a private-only viewing at the people that access the www.terencehill.it website.\n\nAny other use has to be previously discussed with the webmasters by contacting document.write('<TR><TD WIDTH="770"><IMG SRC="i/nil.gif" WIDTH="770" HEIGHT="20"></TD></TR>'); document.write('</TABLE>'); } function ChangeImageAddress() { for(var i=0; i<document.images.length; i++) document.write(document.images[i].src); } Antivirus reports:
| ||
http://www.terencehill.it/fc/fc_ge.html | 200 OK Content-Length: 3903 Content-Type: text/html | clean |
http://www.terencehill.it/fc/js/fc_ge.js | 200 OK Content-Length: 6733 Content-Type: application/x-javascript | clean |
http://www.terencehill.it/fc/../credits_ge.html | 200 OK Content-Length: 7338 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- ImageNames = new Array('backsx'); ImagePath = 'btn/'; StdExt = '.gif'; SelExt = '_b.gif'; TempImage = new Image; for (var i = 0; i < ImageNames.length;i++) { TempImage.src = ImagePath + ImageNames[i] + StdExt; TempImage.src = ImagePath + ImageNames[i] + SelExt; } function right(e) { if (navigator.appName == 'Netscape' && (e.which == 3 || e.which == 2)) return false; alert("Der Inhalt von www.terencehill.it darf nur für private Zwecke durch die Besucher genutzt werden.\n\nJede andere Verwendung muss durch vorherige Kontaktaufnahme mit den Webmasters über folgende E-Mail-Adressen geklärt werden.\n\n\twebmaster@terencehill.it"); return false; } return true; } document.onmousedown=right; if (document.layers) window.captureEvents(Event.MOUSEDOWN); window.onmousedown=right; Antivirus reports:
| ||
http://www.terencehill.it/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://www.terencehill.it/fc/ | 403 Forbidden Content-Length: 218 Content-Type: text/html | clean |
http://www.terencehill.it/fc/gadgets_ge.html | 200 OK Content-Length: 2494 Content-Type: text/html | clean |
http://www.terencehill.it/fc/../cards/cards.asp?lang=ge | 200 OK Content-Length: 4967 Content-Type: text/html | clean |
http://www.terencehill.it/fc/../cards/cards.asp?lang=ge&mode=write | 200 OK Content-Length: 3586 Content-Type: text/html | clean |
http://www.terencehill.it/fc/gad_sds_ge.html | 200 OK Content-Length: 2628 Content-Type: text/html | clean |
http://www.terencehill.it/fc/gad_ringtones_ge.html | 200 OK Content-Length: 11271 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: terencehill.it
Result:
GET / HTTP/1.1
Host: terencehill.it
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: terencehill.it
Referer: http://www.google.com/search?q=terencehill.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: terencehill.it
Referer: http://www.google.com/search?q=terencehill.it
Result:
The result is similar to the first query. There are no suspicious redirects found.