Scanned pages/files
| Request | Server response | Status |
http://www.ashahitravel.com/ | HTTP/1.1 200 OK Date: Sun, 19 Apr 2015 19:36:18 GMT Accept-Ranges: bytes ETag: "a8f469aef479d01:8ce5" Server: Microsoft-IIS/6.0 Content-Length: 3921 Content-Location: http://www.ashahitravel.com/index.html Content-Type: text/html Last-Modified: Sat, 18 Apr 2015 16:28:19 GMT X-Powered-By: ASP.NET | clean |
http://www.ashahitravel.com/index.html | 200 OK Content-Length: 3921 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Achraf Dz ...[2371 bytes skipped]... x = parseInt(x, 10); x = (bodyWidth*x)/100; } else { x = parseInt(bgpos[0], 10); } if (bgpos[1].match(/%/)) { y = bgpos[1].replace(/%/, ''); y = parseInt(y, 10); y = (bodyHeight*y)/100; } else { y = parseInt(bgpos[1], 10); } body.style.backgroundPosition = x+'px '+ (y+elemHeight)+'px'; return false; } </script><title>Hacked By Achraf Dz</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head><body style="background-position: 0px 90px;"> <br> <center><img src="http://www.arabic-calligraphy.net/wp-content/uploads/2010/07/allah-akbar.jpg" alt=""> <h1><font color="red"><font size="7">Hacked By </font></font>Achraf Dz</h1> <br> <embed src="htt ...[1401 bytes skipped]... | ||
http://pagead2.googlesyndication.com/pub-config/ca-pub-3055459289472636.js | 200 OK Content-Length: 108 Content-Type: text/javascript | clean |
http://www.ashahitravel.com//ro.adocean.pl/files/js/ado.js/ | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.ashahitravel.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://ro.adocean.pl/_1431791531286/ad.js?id=9o_nnmMOl7DVtYDXaZt4a6fiYvE4HBI1Yn6GfTZu5v3.E7 | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Connection: keep-alive Date: Sun, 19 Apr 2015 19:36:20 GMT Pragma: no-cache Location: /__/_1431791531286/ad.js?id=9o_nnmMOl7DVtYDXaZt4a6fiYvE4HBI1Yn6GfTZu5v3.E7 Server: GAD Content-Length: 0 Expires: Sat, 18 Apr 2015 19:36:20 GMT Keep-Alive: timeout=10 P3P: CP="NOI DSP COR NID PSAo OUR IND" Set-Cookie: GAD=KlQk1RaGQMQG0FWcoeM3sMiIssGMXP8c9R6SssX6Sssa; Domain=ro.adocean.pl; Path=/; Expires=Fri, 19 Jun 2020 00:00:00 GMT | clean |
http://ro.adocean.pl/__/_1431791531286/ad.js?id=9o_nnmmol7dvtydxazt4a6fiyve4hbi1yn6gftzu5v3.e7 | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://adocean-ro.hit.gemius.pl/_1431791531867/redot.js/id=nXcwF.NqyzqdyjeMHu5BgsRpfeBWDq79YON2pjISgQb.y7/stparam=mohlqkphhi/fastid=ixhsraybbnhukanmwocewdfjjylc/sarg=552C037AA12FFFA6 | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Connection: keep-alive Date: Sun, 19 Apr 2015 19:36:20 GMT Pragma: no-cache Accept-Ranges: none Location: /__/_1431791531867/redot.js/id=nXcwF.NqyzqdyjeMHu5BgsRpfeBWDq79YON2pjISgQb.y7/stparam=mohlqkphhi/fastid=ixhsraybbnhukanmwocewdfjjylc/sarg=552C037AA12FFFA6 Server: GHC Content-Length: 0 Expires: Sat, 18 Apr 2015 19:36:20 GMT Keep-Alive: timeout=10 P3P: CP="NOI DSP COR NID PSAo OUR IND" Set-Cookie: Gtest=KlSdXRMGQMQGKPnAEvM3sMiIssGMXP8c9RgG; Domain=hit.gemius.pl; Path=/; Expires=Fri, 19 Jun 2020 00:00:00 GMT | clean |
http://adocean-ro.hit.gemius.pl/__/_1431791531867/redot.js/id=nxcwf.nqyzqdyjemhu5bgsrpfebwdq79yon2pjisgqb.y7/stparam=mohlqkphhi/fastid=ixhsraybbnhukanmwocewdfjjylc/sarg=552c037aa12fffa6 | 200 OK Content-Length: 108 Content-Type: application/x-javascript | clean |
http://ro.adocean.pl/_1431791531291/ad.js?id=ieNW1CDMQjjXmEZV9bA2wQPHfySS2W7Qf4VhvHIpPx3.f7/x=1024/y=768/fv=Shockwave%20Flash%2011.3%20r300 | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Connection: keep-alive Date: Sun, 19 Apr 2015 19:36:20 GMT Pragma: no-cache Location: /__/_1431791531291/ad.js?id=ieNW1CDMQjjXmEZV9bA2wQPHfySS2W7Qf4VhvHIpPx3.f7/x=1024/y=768/fv=Shockwave%20Flash%2011.3%20r300 Server: GAD Content-Length: 0 Expires: Sat, 18 Apr 2015 19:36:20 GMT Keep-Alive: timeout=10 P3P: CP="NOI DSP COR NID PSAo OUR IND" Set-Cookie: GAD=KlSV0RXGQMQGKOVX1vX3sMiIssGMXP8c9R6SssX6Sssa; Domain=ro.adocean.pl; Path=/; Expires=Fri, 19 Jun 2020 00:00:00 GMT | clean |
http://ro.adocean.pl/__/_1431791531291/ad.js?id=ienw1cdmqjjxmezv9ba2wqphfyss2w7qf4vhvhippx3.f7/x=1024/y=768/fv=shockwave%20flash%2011.3%20r300 | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ashahitravel.com
Result:
GET / HTTP/1.1
Host: ashahitravel.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ashahitravel.com
Referer: http://www.google.com/search?q=ashahitravel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ashahitravel.com
Referer: http://www.google.com/search?q=ashahitravel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ashahitravel.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ashahitravel.com/
Result: ashahitravel.com is not infected or malware details are not published yet.
Result: ashahitravel.com is not infected or malware details are not published yet.