Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://kingsdubai.info/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: kingsdubai.info Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 29 Aug 2014 05:00:23 GMT Location: http://46.161.41.152/sds/go.php?sid=1 Server: Apache Content-Length: 310 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://46.161.41.152/sds/go.php?sid=1 (imitation of visitor from search engine) GET /sds/go.php?sid=1 HTTP/1.1 Host: 46.161.41.152 Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Fri, 29 Aug 2014 05:00:28 GMT Referer: http://www.google.com/url?sa=t&rct=j&q=kingsdubai.info&source=web&cd=1&ved=0CDEQFjAG&url=http:%2F%2Fkingsdubai.info%2F&ei=wC7yT5qCJbCCkQKtnwE&usg=AFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg Location: http://doctorsro.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: schema1=true; expires=Fri, 05-Sep-2014 05:00:28 GMT Set-Cookie: visited1=1; expires=Fri, 05-Sep-2014 05:00:28 GMT X-Powered-By: PHP/5.4.4-14+deb7u14 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://kingsdubai.info/ | 200 OK Content-Length: 9778 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by TeaM System Dz <head>
<meta name="keywords" content="Hacked by TeaM System Dz"> <meta name="description" content="Hacked by TeaM System Dz"> <script src="http://www.google-analytics.com/ga.js" async="" type="text/javascript"></script><script src="//ajax.cloudflare.com/cdn-cgi/nexp/abv=2531684052/cloudflare.min.js" async=""></script><script src="http://www.google-analytics ...[11125 bytes skipped]... | ||
http://www.google-analytics.com/ga.js | 200 OK Content-Length: 40754 Content-Type: text/javascript | clean |
http://kingsdubai.info//ajax.cloudflare.com/cdn-cgi/nexp/abv=2531684052/cloudflare.min.js/ | HTTP/1.1 302 Found Connection: close Date: Fri, 29 Aug 2014 05:00:24 GMT Location: http://46.161.41.152/sds/go.php?sid=1 Server: Apache Content-Length: 286 Content-Type: text/html; charset=iso-8859-1 | clean |
http://46.161.41.152/sds/go.php?sid=1 | HTTP/1.1 302 Found Connection: close Date: Fri, 29 Aug 2014 05:00:29 GMT Referer: Location: http://doctorsro.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: schema1=true; expires=Fri, 05-Sep-2014 05:00:29 GMT Set-Cookie: visited1=1; expires=Fri, 05-Sep-2014 05:00:29 GMT X-Powered-By: PHP/5.4.4-14+deb7u14 | clean |
http://doctorsro.com/ | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://doctorsro.com/test404page.js | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://kingsdubai.info//ajax.cloudflare.com/cdn-cgi/nexp/v=3037830340/cloudflare.min.js/ | HTTP/1.1 302 Found Connection: close Date: Fri, 29 Aug 2014 05:00:24 GMT Location: http://46.161.41.152/sds/go.php?sid=1 Server: Apache Content-Length: 286 Content-Type: text/html; charset=iso-8859-1 | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kingsdubai.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kingsdubai.info/
Result: kingsdubai.info is not infected or malware details are not published yet.
Result: kingsdubai.info is not infected or malware details are not published yet.