We help IT Professionals succeed at work.

typing website address opens the correct website but google link takes me to different website

uilli asked
a friend has a website http://fondazioneroberthollman.it that works fine when typing the address in the address bar.
However if the link is opened through a search engine, it opens up a website that sells bags.
It isn't a virus on the client side since I've tried it on different computers on different network, it seems more of a dns problem, or some website hack maybe (it's a very old website).

For example on google it shows the correct name but the description is the one of the bags website

and on bing the name is the one of the bags website

by accessing the page by typing the address and viewing the page source I cannot find any redirect, so I'm not sure if it's a dns problem of the provider or some kind of hack I'm not aware of
Watch Question

Chris HInfrastructure Manager

I'm also not ruling out that the web host has port 80 bindings correct.  You may also want to contact your web host.

Correction:  Closer examination shows that neither host is related by any means.  This is Google's fault.


what is strange is that it's not only google, but I tried bing and yahoo and I get the same problem
Infrastructure Manager
This webserver is compromised.  

This script is called on a non-indexed page:
3/31/2015 2:20:50 PM      http://www.drdrebeats.eu/ugg/airmax-it.js|>{gzip} [L] HTML:Iframe-inf (0)

I can no longer access this script on the server side now, so it's either tamper-aware, you're in the process of fixing it or a hacker just cloaked.  

I do a google search and it shows several nike airmax ads in different languages.  Your's appears to be in Italian.


See for yourself.

The only valid answer here is to rebuild from scratch.  Ethically, you should too, as this is probably a jump point for malware now.

Is this a hosted server?
Chris HInfrastructure Manager

Also, I'd remove any mention to any email addresses listed.  Those guys have to get a buttload of spam.


thanks for the research. the website is hosted by a company and doing a search on the company domain like you suggested it seems it's their webserver that has been compromised


this shows advertising websites on their domain as well. Does this mean their webserver got hacked?
Chris HInfrastructure Manager

The host is definitely compromised to where it's effecting your product.  I'd walk and try a different host.  Does he have a backup of the website before this happened?  I'd consider using that or at least comparing the original source (espeically scripts) to the code that exists.  With encryption and randomization, the only person who could probably tell you how and what got compromised is the person who compromised it.  It may be time, too, that he updates the website technology to a more efficient, search engine friendly, mobile supported platform.