Scanned pages/files
| Request | Server response | Status |
http://www.almudon.com/ | 200 OK Content-Length: 76421 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY MAHMOUD AMIN <html> <head> <meta name="google-site-verification" content="-WQnNlk10Y6_MKi2BnDT_vBiTHn1tO0ucQrR_WN9Pvs" /> <title>HACKED BY MAHMOUD AMIN</title> <meta name="Title" content="HACKED BY MAHMOUD AMIN"> <meta name="description" content="اÙ٠د٠اÙعÙارÙØ© ÙÙعÙار ÙبÙع Ùشراء اÙأراضÙ"> <meta name="keywords" content="بÙع أراض٠,تأجÙر أراض٠,عÙارات,Ø´ÙÙ, اÙ٠د٠اÙعÙارÙØ©, تأجÙر ÙÙÙ, Ù ÙÙع اÙ٠د٠ÙÙعÙار ÙبÙع اÙأراض٠,almudon.com,اÙÙ Ø¯Ù Ø ...[91920 bytes skipped]... | ||
http://www.almudon.com/js/jquery-1.7.1.min.js | 200 OK Content-Length: 93868 Content-Type: application/javascript | clean |
http://www.almudon.com/js/raphael-min.js | 200 OK Content-Length: 90647 Content-Type: application/javascript | clean |
http://www.almudon.com/js/jquery.easing.js | 200 OK Content-Length: 8063 Content-Type: application/javascript | clean |
http://www.almudon.com/js/iview.js | 200 OK Content-Length: 50872 Content-Type: application/javascript | clean |
http://www.almudon.com/js/jquery.fullscreen.js | 200 OK Content-Length: 2378 Content-Type: application/javascript | clean |
http://c520866.r66.cf2.rackcdn.com/1/js/easy_rotator.min.js | 200 OK Content-Length: 155522 Content-Type: application/javascript | clean |
http://widget.supercounters.com/online_i.js | 200 OK Content-Length: 4233 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var sc_olimg_var = sc_olimg_var || [];
function sc_online_i(id, fcolor, bgcolor) { var info; if (fcolor.indexOf("#") !== 0) fcolor = "#" + fcolor; bgcolor = bgcolor.replace(/#/, ""); if (encodeURIComponent) { info = '&ua=' + encodeURIComponent(navigator.userAgent); info = info + '&ref=' + encodeURIComponent(document.referrer); info = info + '&url=' + encodeURIComponent(window.location); } else { cd.style.fontSize = "12px"; cd.style.color = "#ff0000"; cd.style.borderColor = "#ffffff"; cd.style.borderWidth = "1px"; cd.style.borderStyle = "solid"; cd.style.backgroundColor = sc_olimg_var['bgcolor']; cd.title = "Supercounters"; cd.innerHTML = msg; cd.onclick = function() { window.location = "http://www.supercounters.com/"; }; ct_insert(cd, "supercounters.com/online_i.js"); } Antivirus reports:
| ||
http://www.almudon.com/index.php | 200 OK Content-Length: 76421 Content-Type: text/html | clean |
http://www.almudon.com/About_Us.php | 200 OK Content-Length: 6206 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://ajax.microsoft.com/ajax/jquery.validate/1.7/jquery.validate.pack.js | 200 OK Content-Length: 14367 Content-Type: application/x-javascript | clean |
http://www.almudon.com/index.php?ids=2 | 200 OK Content-Length: 74074 Content-Type: text/html | clean |
http://www.almudon.com/index.php?ids=3 | 200 OK Content-Length: 70780 Content-Type: text/html | clean |
http://www.almudon.com/index.php?ids=5 | 200 OK Content-Length: 53353 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: almudon.com
Result:
GET / HTTP/1.1
Host: almudon.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: almudon.com
Referer: http://www.google.com/search?q=almudon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: almudon.com
Referer: http://www.google.com/search?q=almudon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=almudon.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://almudon.com/
Result: almudon.com is not infected or malware details are not published yet.
Result: almudon.com is not infected or malware details are not published yet.