Scanned pages/files
| Request | Server response | Status |
http://kralvurucu.us/ | 200 OK Content-Length: 29261 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://www.reklamiyi.com/rklm/ppp.js | 200 OK Content-Length: 8341 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var site=document.URL; var domain=document.domain; var adres='http://www.hiamina.com'; oV1=window; function fStart(u,n,v) { if (!oV1.opera) var twin=oV1.open(u,n,v); if (!window.fV1) {fV13();} var w=oV2(u,n,v); var wo=vWA[w]; wo.pw=twin; fV3("fV10(" + w + ")",100); return (wo.pw&&fV35)?wo.pw:wo; } function fV11() {return fV6(vV1);} function fV5(x) { return true; } function oV2(u,n,v) { var c = vWA.length; vWA[c] = new Array; var cw = vWA[c]; var tn=new Date(); if (!v) var } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://www.hiamina.com'); setCookie('popundr', 1, 24*60*60*1000); } } if(navigator.userAgent.toLowerCase().indexOf('chrome') > -1){ initPu(); } Antivirus reports:
| ||
http://www.reklamiyi.com/rklm/slah.php | 200 OK Content-Length: 2714 Content-Type: text/html | clean |
http://www.reklamiyi.com/test404page.js | 404 Not Found Content-Length: 2207 Content-Type: text/html | clean |
http://www.reklamiyi.com/rklm/sex-videosu-izle27957arap-tecavuz-sikis.html | 200 OK Content-Length: 108 Content-Type: text/html | clean |
http://adspaces.ero-advertising.com/adspace/299039.js | 200 OK Content-Length: 1831 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/299041.js | 200 OK Content-Length: 3631 Content-Type: application/javascript | clean |
http://sayac.onlinewebstat.com/c4.js | 200 OK Content-Length: 9633 Content-Type: application/x-javascript | clean |
http://www.reklamiyi.com/rklm/mobilim.php | 200 OK Content-Length: 108 Content-Type: text/html | clean |
http://www.reklamiyi.com/niko/cfunction.js | 200 OK Content-Length: 244 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kralvurucu.us
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 21 Apr 2014 10:35:20 GMT
Server: LiteSpeed
Content-Type: Text/html; Charset=utf8
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: kralvurucu.us
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 21 Apr 2014 10:35:20 GMT
Server: LiteSpeed
Content-Type: Text/html; Charset=utf8
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: kralvurucu.us
Referer: http://www.google.com/search?q=kralvurucu.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kralvurucu.us
Referer: http://www.google.com/search?q=kralvurucu.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kralvurucu.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kralvurucu.us/
Result: kralvurucu.us is not infected or malware details are not published yet.
Result: kralvurucu.us is not infected or malware details are not published yet.