Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: x-paylasim.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sun, 05 Oct 2014 03:13:27 GMT
Pragma: private
Server: LiteSpeed
Content-Type: text/html; charset=windows-1254
Set-Cookie: bbsessionhash=5d4b3c173fea0f1bdb05e9cdd09061b5; path=/; HttpOnly
Set-Cookie: bblastvisit=1412478807; expires=Mon, 05-Oct-2015 03:13:27 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Mon, 05-Oct-2015 03:13:27 GMT; path=/
Set-Cookie: vbseo_loggedin=deleted; expires=Sat, 05-Oct-2013 03:13:26 GMT; path=/
X-Powered-By: PHP/5.2.17
X-UA-Compatible: IE=7
GET / HTTP/1.1
Host: x-paylasim.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sun, 05 Oct 2014 03:13:27 GMT
Pragma: private
Server: LiteSpeed
Content-Type: text/html; charset=windows-1254
Set-Cookie: bbsessionhash=5d4b3c173fea0f1bdb05e9cdd09061b5; path=/; HttpOnly
Set-Cookie: bblastvisit=1412478807; expires=Mon, 05-Oct-2015 03:13:27 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Mon, 05-Oct-2015 03:13:27 GMT; path=/
Set-Cookie: vbseo_loggedin=deleted; expires=Sat, 05-Oct-2013 03:13:26 GMT; path=/
X-Powered-By: PHP/5.2.17
X-UA-Compatible: IE=7
Second query (visit from search engine):
GET / HTTP/1.1
Host: x-paylasim.com
Referer: http://www.google.com/search?q=x-paylasim.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: x-paylasim.com
Referer: http://www.google.com/search?q=x-paylasim.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://x-paylasim.com/ | 200 OK Content-Length: 64719 Content-Type: text/html | clean |
http://x-paylasim.com/js/jquery-1.3.2.js | 200 OK Content-Length: 120685 Content-Type: application/javascript | clean |
http://x-paylasim.com/js/facebox/facebox.js | 200 OK Content-Length: 9299 Content-Type: application/javascript | clean |
http://x-paylasim.com/js/mbox/lib/prototype.js | 200 OK Content-Length: 96046 Content-Type: application/javascript | clean |
http://x-paylasim.com/js/mbox/lib/scriptaculous.js?¬
load=builder,effects | 200 OK Content-Length: 2665 Content-Type: application/javascript | clean |
http://x-paylasim.com/js/mbox/mbox.js | 200 OK Content-Length: 19335 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://x-paylasim.com/js/xpaylasim_facebook.html | 200 OK Content-Length: 416 Content-Type: text/html | clean |
http://x-paylasim.com/test404page.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://x-paylasim.com/js/giris.php | 200 OK Content-Length: 1931 Content-Type: text/html | clean |
http://www.x-paylasim.com/clientscript/vbulletin_md5.js?v=$vboptions[simpleversion] | 200 OK Content-Length: 5466 Content-Type: application/javascript | clean |
http://x-paylasim.com/showthread.php?t=74352 | 200 OK Content-Length: 13141 Content-Type: text/html | clean |
http://www.x-paylasim.com/js/imgresize.js | 200 OK Content-Length: 959 Content-Type: application/javascript | clean |
http://x-paylasim.com/clientscript/vbulletin_md5.js?v=382 | 200 OK Content-Length: 5466 Content-Type: application/javascript | clean |
http://x-paylasim.com/uye-kaydi.php | 200 OK Content-Length: 11240 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=x-paylasim.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://x-paylasim.com/
Result: x-paylasim.com is not infected or malware details are not published yet.
Result: x-paylasim.com is not infected or malware details are not published yet.