Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://atfalalmostakbal.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: atfalalmostakbal.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 17 Jan 2015 02:26:33 GMT Location: http://35598.3d-tablet.mobi/url?sa=X&source=web&cd=50&ved=06wmlzVI7&url=http://atfalalmostakbal.com/&ei=2ZMtf6XH56+1rI2DzF04+J4=&usg=qZcNEUWg0TKj4Bf3bCFwAx&sig2=KcOr4x560O7Ibo4aowzaXF Server: Apache Content-Length: 395 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: oVo=100; path=/; domain=atfalalmostakbal.com; expires=Sun, 25-Jan-2015 06:45:33 GMT | suspicious |
Scanned pages/files
Request | Server response | Status |
http://atfalalmostakbal.com/ | 200 OK Content-Length: 12435 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Pharaoh - Egyptian Shell Team ...[461 bytes skipped]... br/>} } } if (document.layers){ document.captureEvents(Event.MOUSEDOWN); document.onmousedown=clickNS4; } else if (document.all&&!document.getElementById){ document.onmousedown=clickIE4; } document.oncontextmenu=new Function("alert(message);return false") // --> </script> <head> <title> Hacked By Pharaoh - Egyptian Shell Team </title> <script> <!--Egyptian Shell Team - Pharaoh--> var text= new Array( "Welcome", "Site Defacer :: Pharaoh", "Site Down !", "Msh 3aref a2olkm eh el sr7a", "El E5tark Dh Lel Tslya Msh Aktr :P :P", "w Asehl Meno Mafesh Elsr7a Sho8l 5 D2e2 Kda Fe El Sare3 :P", "Mtnsosh Tezrona http://facebook.com/egyshell", "Pharaoh Ba ...[13188 bytes skipped]... | ||
http://atfalalmostakbal.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=atfalalmostakbal.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://atfalalmostakbal.com/
Result: atfalalmostakbal.com is not infected or malware details are not published yet.
Result: atfalalmostakbal.com is not infected or malware details are not published yet.