Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ilmus.com.tr
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 16 Jan 2015 17:00:37 GMT
Pragma: no-cache
Server: nginx
Content-Encoding: none
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cfc8c22af954be8995c343ceba41e139=bf5c4f68a697bc2471ceede6f1435d42; path=/
GET / HTTP/1.1
Host: ilmus.com.tr
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 16 Jan 2015 17:00:37 GMT
Pragma: no-cache
Server: nginx
Content-Encoding: none
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cfc8c22af954be8995c343ceba41e139=bf5c4f68a697bc2471ceede6f1435d42; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: ilmus.com.tr
Referer: http://www.google.com/search?q=ilmus.com.tr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ilmus.com.tr
Referer: http://www.google.com/search?q=ilmus.com.tr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://ilmus.com.tr/ | 200 OK Content-Length: 14677 Content-Type: text/html | clean |
http://ilmus.com.tr//ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js/ | HTTP/1.1 303 See other Connection: close Date: Fri, 16 Jan 2015 17:01:02 GMT Location: http://ilmus.com.tr/index.php?option=com_virtuemart Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: cfc8c22af954be8995c343ceba41e139=7276922c2d52607b93f90b38b1116297; path=/ | clean |
http://ilmus.com.tr/index.php?option=com_virtuemart | 200 OK Content-Length: 20393 Content-Type: text/html | clean |
http://ilmus.com.tr/components/com_virtuemart/assets/js/jquery.noConflict.js | 200 OK Content-Length: 20 Content-Type: application/javascript | clean |
http://ilmus.com.tr/components/com_virtuemart/assets/js/vmsite.js | 200 OK Content-Length: 3418 Content-Type: application/javascript | clean |
http://ilmus.com.tr/components/com_virtuemart/assets/js/facebox.js | 200 OK Content-Length: 10400 Content-Type: application/javascript | clean |
http://ilmus.com.tr/components/com_virtuemart/assets/js/vmprices.js | 200 OK Content-Length: 5161 Content-Type: application/javascript | clean |
http://ilmus.com.tr/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
http://ilmus.com.tr/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/javascript | clean |
http://ilmus.com.tr/media/system/js/modal.js | 200 OK Content-Length: 9732 Content-Type: application/javascript | clean |
http://ilmus.com.tr/cache/widgetkit/widgetkit-144d84cb.js | 200 OK Content-Length: 13369 Content-Type: application/javascript | clean |
http://ilmus.com.tr//letcaro.com/js/couter.js?ver=1.038/ | HTTP/1.1 303 See other Connection: close Date: Fri, 16 Jan 2015 17:01:36 GMT Location: http://ilmus.com.tr/index.php?option=com_virtuemart Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: cfc8c22af954be8995c343ceba41e139=7f2b5b85384dac918dfe77135a5ce0c0; path=/ | clean |
http://ilmus.com.tr/test404page.js | HTTP/1.1 303 See other Connection: close Date: Fri, 16 Jan 2015 17:01:36 GMT Location: http://ilmus.com.tr/index.php?option=com_virtuemart Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: cfc8c22af954be8995c343ceba41e139=efda60ca6831c97ef3745894af5e9c0f; path=/ | clean |
http://ilmus.com.tr/templates/yoo_nano2/warp/js/warp.js | 200 OK Content-Length: 8462 Content-Type: application/javascript | clean |
http://ilmus.com.tr/templates/yoo_nano2/warp/js/responsive.js | 200 OK Content-Length: 2033 Content-Type: application/javascript | clean |
http://ilmus.com.tr/templates/yoo_nano2/warp/js/accordionmenu.js | 200 OK Content-Length: 1504 Content-Type: application/javascript | clean |
http://ilmus.com.tr/templates/yoo_nano2/warp/js/dropdownmenu.js | 200 OK Content-Length: 5639 Content-Type: application/javascript | clean |
http://ilmus.com.tr/templates/yoo_nano2/js/template.js | 200 OK Content-Length: 2931 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ilmus.com.tr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ilmus.com.tr/
Result: ilmus.com.tr is not infected or malware details are not published yet.
Result: ilmus.com.tr is not infected or malware details are not published yet.