Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: egy3.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 11 Sep 2014 05:19:25 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1256
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=d2af03360e69047f34674d98803827da; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: egy3.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 11 Sep 2014 05:19:25 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1256
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=d2af03360e69047f34674d98803827da; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: egy3.com
Referer: http://www.google.com/search?q=egy3.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: egy3.com
Referer: http://www.google.com/search?q=egy3.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://egy3.com/ | 200 OK Content-Length: 112838 Content-Type: text/html | clean |
http://egy3.com/js/reflection.js | 200 OK Content-Length: 5051 Content-Type: application/javascript | clean |
http://egy3.com/js/effects.js | 200 OK Content-Length: 135509 Content-Type: application/javascript | clean |
http://xslt.alexa.com/site_stats/js/s/a?url=http://www.egy3.com/ | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://egy3.com/index.php?show=home | 200 OK Content-Length: 112928 Content-Type: text/html | clean |
http://egy3.com/goto-5674-Ìíá-ÈÑíß-6.1-6.0-6.0.1-jailbreak-ios-ÛíÑ-ãÞíÏ-áÌãíÚ-ÇáÇÌåÒÉ | HTTP/1.1 200 OK Connection: close Date: Thu, 11 Sep 2014 05:19:27 GMT Server: Apache Vary: Accept-Encoding Content-Length: 1180 Content-Type: text/html; charset=windows-1256 X-Powered-By: PHP/5.2.17 | clean |
http://www.egy3.com/vb/97267-a | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Thu, 11 Sep 2014 05:19:27 GMT Pragma: private Location: http://www.egy3.com/vb/97267-%D8%AC%D9%8A%D9%84-%D8%A8%D8%B1%D9%8A%D9%83-6-1-6-0-6-0-1-jailbreak-ios-%D8%BA%D9%8A%D8%B1-%D9%85%D9%82%D9%8A%D8%AF-%D9%84%D8%AC%D9%85%D9%8A%D8%B9-%D8%A7%D9%84%D8%A7%D8%AC%D9%87%D8%B2%D8%A9/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Last-Modified: Mon, 04 Feb 2013 19:30:25 GMT Set-Cookie: bbsessionhash=f3fac26aca1be5ff9177002afbe5c2a4; path=/; HttpOnly Set-Cookie: bblastvisit=1410412767; expires=Fri, 11-Sep-2015 05:19:27 GMT; path=/ Set-Cookie: bblastactivity=0; expires=Fri, 11-Sep-2015 05:19:27 GMT; path=/ Set-Cookie: vbseo_loggedin=deleted; expires=Wed, 11-Sep-2013 05:19:27 GMT; path=/ X-Pingback: http://www.egy3.com/vb/vbseo-xmlrpc/ X-Powered-By: PHP/5.2.17 X-UA-Compatible: IE=7 | clean |
http://www.egy3.com/vb/97267-%d8%ac%d9%8a%d9%84-%d8%a8%d8%b1%d9%8a%d9%83-6-1-6-0-6-0-1-jailbreak-ios-%d8%ba%d9%8a%d8%b1-%d9%85%d9%82%d9%8a%d8%af-%d9%84%d8%ac%d9%85%d9%8a%d8%b9-%d8%a7%d9%84%d8%a7%d8%ac%d9%87%d8%b2%d8%a9/ | 200 OK Content-Length: 99191 Content-Type: text/html | clean |
http://www.egy3.com/vb/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=387 | 200 OK Content-Length: 36628 Content-Type: application/javascript | clean |
http://www.egy3.com/vb/clientscript/yui/connection/connection-min.js?v=387 | 200 OK Content-Length: 11604 Content-Type: application/javascript | clean |
http://www.egy3.com/vb/clientscript/vbulletin_global.js?v=387 | 200 OK Content-Length: 25864 Content-Type: application/javascript | clean |
http://www.egy3.com/vb/clientscript/vbulletin_menu.js?v=387 | 200 OK Content-Length: 9277 Content-Type: application/javascript | clean |
http://www.egy3.com/vb/clientscript/ame.js | 200 OK Content-Length: 502 Content-Type: application/javascript | clean |
http://www.egy3.com/vb/clientscript/vbulletin_post_loader.js?v=387 | 200 OK Content-Length: 1874 Content-Type: application/javascript | clean |
http://www.misrday.com/widgets.js | 404 Not Found Content-Length: 1446 Content-Type: text/html | clean |
http://www.misrday.com//ajax.cloudflare.com/cdn-cgi/nexp/dokv=dccf16c0cc/appsh.min.js/ | 404 Not Found Content-Length: 5350 Content-Type: text/html | clean |
http://www.misrday.com/cdn-cgi/se/javascripts/modernizr.js | 200 OK Content-Length: 7305 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=egy3.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://egy3.com/
Result: egy3.com is not infected or malware details are not published yet.
Result: egy3.com is not infected or malware details are not published yet.