Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=elelesigorta.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://elelesigorta.com/ | 200 OK Content-Length: 49339 Content-Type: text/html | clean |
http://elelesigorta.com/balloontip.js | 200 OK Content-Length: 11472 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var disappeardelay=250 var verticaloffset=10 var enablearrowhead=1 var arrowheadimg=["arrowdown.gif", "arrowup.gif"] var arrowheadheight=11 var ie=document.all var ns6=document.getElementById&&!document.all verticaloffset=(enablearrowhead)? verticaloffset arrowheadheight : verticaloffset function getposOffset(what, offsettype){ var totaloffset=(offsettype=="left")? what.offsetLeft : what.offsetTop; var parentEl=what.offsetParent; whi Antivirus reports:
| ||
http://elelesigorta.com/dropdowncontent.js | 200 OK Content-Length: 12287 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var dropdowncontent={ disableanchorlink: true, hidedivmouseout: [true, 200], ajaxloadingmsg: "Loading content. Please wait...", ajaxbustcache: true, getposOffset:function(what, offsettype){ return (what.offsetParent)? what[offsettype] this.getposOffset(what.offsetParent, offsettype) : what[offsettype] }, isContained:function(m, e){ var e=window.event || e var c=e.relatedTarget || ((e.type=="mouseover")? e.fromElement : e.toElement) Antivirus reports:
| ||
http://elelesigorta.com/default.asp | 200 OK Content-Length: 49339 Content-Type: text/html | clean |
http://elelesigorta.com/oku.asp?ana=438 | 200 OK Content-Length: 23410 Content-Type: text/html | clean |
http://elelesigorta.com/jquery-1.2.2.pack.js | 200 OK Content-Length: 35525 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a))) ((c=c%a)>35?String.fromCharCode(c 29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w '};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b' e(c) '\\b','g'),k[c]);return p}('(J(){7(1e.19)L w=1e.19;L E=1e.19=J(a,b){K 1D E.2m.4Y(a,b)};7(1e.$)L D=1e.$;1e.$=E;L u=/^[^<]*(<(.|\\s) >)[^>]*$|^#(\\w )$/;L G=/^.[^:#\\[\\.]*$/;E.1i= Antivirus reports:
| ||
http://elelesigorta.com/ddaccordion.js | 200 OK Content-Length: 16914 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ddaccordion={ contentclassname:{}, expandone:function(headerclass, selected){ this.toggleone(headerclass, selected, "expand") }, collapseone:function(headerclass, selected){ this.toggleone(headerclass, selected, "collapse") }, expandall:function(headerclass){ var $=jQuery var $headers=$('.' headerclass) $('.' this.contentclassname[headerclass] ':hidden').each(function(){ $headers.eq(pa Antivirus reports:
| ||
http://elelesigorta.com/oku.asp?ana=439 | 200 OK Content-Length: 19382 Content-Type: text/html | clean |
http://elelesigorta.com/oku.asp?ana=440 | 200 OK Content-Length: 22062 Content-Type: text/html | clean |
http://elelesigorta.com/oku.asp?ana=441 | 200 OK Content-Length: 19903 Content-Type: text/html | clean |
http://elelesigorta.com/icerik.asp?cat=odul | 200 OK Content-Length: 29275 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: sigortacim.net ...[17368 bytes skipped]... ight="352"> </td> <td rowspan="2" bgcolor="#FFFFFF" width="905" height="352" valign="top"> <font size="2" face="Arial"> <table border="0" style="border-collapse: collapse" width="100%" cellpadding="0"> <tr> <td> </td> </tr> <tr> <td> </td> </tr> </table> <h2>sigortacim.net'e Hoþgeldiniz<br/> <b><font size="2"><font color="#000000">Teklif almak istediðiniz bölümü seçiniz</font></font></b></h2> <h3 class="mypets">Saðlýk Sigortasý (Ferdi)</h3> <div class="thepet"> <div align="center"> <table id="table2" height="131" cellspacing="0" cellpadding="0" width="87%" border="0"> <form action="teklifal.a ...[19762 bytes skipped]... | ||
http://elelesigorta.com/oku.asp?ana=442 | 200 OK Content-Length: 18998 Content-Type: text/html | clean |
http://elelesigorta.com/oku.asp?ana=443 | 200 OK Content-Length: 26320 Content-Type: text/html | clean |
http://elelesigorta.com/oku.asp?ana=443&id=456 | 200 OK Content-Length: 26320 Content-Type: text/html | clean |
http://elelesigorta.com/test404page.js | 404 Not Found Content-Length: 1071 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: elelesigorta.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 05 Jul 2014 09:17:08 GMT
Server: Microsoft-IIS/6.0
Content-Length: 49339
Content-Type: text/html
MicrosoftOfficeWebServer: 5.0_Pub
Set-Cookie: ASPSESSIONIDSABCCAQR=NAPNNHNDINNDGNOPCKKHEDGK; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...49339 bytes of data.
GET / HTTP/1.1
Host: elelesigorta.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 05 Jul 2014 09:17:08 GMT
Server: Microsoft-IIS/6.0
Content-Length: 49339
Content-Type: text/html
MicrosoftOfficeWebServer: 5.0_Pub
Set-Cookie: ASPSESSIONIDSABCCAQR=NAPNNHNDINNDGNOPCKKHEDGK; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...49339 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: elelesigorta.com
Referer: http://www.google.com/search?q=elelesigorta.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: elelesigorta.com
Referer: http://www.google.com/search?q=elelesigorta.com
Result:
The result is similar to the first query. There are no suspicious redirects found.