Scanned pages/files
Request | Server response | Status |
http://cektir.net/ | 200 OK Content-Length: 37965 Content-Type: text/html | clean |
http://www.cektir.net/js/thumb.js | 200 OK Content-Length: 2529 Content-Type: application/javascript | clean |
http://www.hikayesexli.com/mobil/mobil.php | 200 OK Content-Length: 122 Content-Type: text/html | clean |
http://rapor.mobi/call.php?id=144&tur=yonlenme&user=bayi | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://rapor.mobi/test404page.js | 404 Not Found Content-Length: 440 Content-Type: text/html | clean |
http://www.hikayesexli.com/reklam/reklam2.php | 200 OK Content-Length: 346 Content-Type: text/html | clean |
http://www.hikayesexli.com/reklam/ads-msn-pop.js | 200 OK Content-Length: 1079 Content-Type: application/javascript | clean |
http://www.hikayesexli.com/reklam/advertising.php | 200 OK Content-Length: 1607 Content-Type: text/html | clean |
http://www.hikayesexli.com/reklam/ads-pop-upss.js | 200 OK Content-Length: 8373 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var site=document.URL; var domain=document.domain; var adres='http://www.hikayesexli.com/porno-izle'; oV1=window; function fStart(u,n,v) { if (!oV1.opera) var twin=oV1.open(u,n,v); if (!window.fV1) {fV13();} var w=oV2(u,n,v); var wo=vWA[w]; wo.pw=twin; fV3("fV10(" + w + ")",100); return (wo.pw&&fV35)?wo.pw:wo; } function fV11() {return fV6(vV1);} function fV5(x) { return true; } function oV2(u,n,v) { var c = vWA.length; vWA[c] = new Array; var cw = vWA[c]; var tn=new Date( } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://www.hikayesexli.com/porno-izle'); setCookie('popundr', 1, 24*60*60*1000); } } if(navigator.userAgent.toLowerCase().indexOf('chrome') > -1){ initPu(); } Antivirus reports:
| ||
http://www.reklam10.com/splash.php?id=824 | 200 OK Content-Length: 3383 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cektir.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 16 Apr 2014 10:42:14 GMT
Server: cloudflare-nginx
Content-Type: Text/html; Charset=utf8
CF-RAY: 11bfc666bb6f07af-MIA
Set-Cookie: __cfduid=d2a3091ae723cb19a07b0b27fa761dd6e1397644934194; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.cektir.net; HttpOnly
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: cektir.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 16 Apr 2014 10:42:14 GMT
Server: cloudflare-nginx
Content-Type: Text/html; Charset=utf8
CF-RAY: 11bfc666bb6f07af-MIA
Set-Cookie: __cfduid=d2a3091ae723cb19a07b0b27fa761dd6e1397644934194; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.cektir.net; HttpOnly
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: cektir.net
Referer: http://www.google.com/search?q=cektir.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cektir.net
Referer: http://www.google.com/search?q=cektir.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cektir.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cektir.net/
Result: cektir.net is not infected or malware details are not published yet.
Result: cektir.net is not infected or malware details are not published yet.