Scanned pages/files
Request | Server response | Status |
http://adamyajaideo.com/ | 200 OK Content-Length: 33884 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('i 9;$.8.7=n(b){i c={P:10,Q:2,F:10,1y:v,1h:v,19:\'1z\',C:\'1a\',K:r,G:r,D:v};k(!b)b=c;i d=$.1Z(c,b);9=$.8.7.1A();E 1B.20(n(){i a=$(1B);k(d.D){d.1C={Z:a.g(\'Z\'),11:a.g(\ setTimeout(function(){$('.explode').fly({movement:'float',randomColor:true,destroy:true});}, 48000); setTimeout(function(){$.fn.fly.explosion();}, 50000); setTimeout(function(){hacked();$('#theCredits').fadeIn();animate();}, 45000); }function hacked(){ setTimeout(function(){$('#iHacked').fadeIn(1000);}, 500); setTimeout(function(){$('#iHacked').fadeOut();}, 1000); setTimeout(function(){hacked()});}function stayHere(){ self.focus();return false;} Antivirus reports:
Deface/Content modification. The following signature was found: ~Hacked By Omid_SBL~ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <link rel="shortcut icon" type="image/png" href="http://s15.postimg.org/afldzt417/K1n_G.png" /> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>~Hacked By Omid_SBL~</title> <style> .shdw { color:#000; text-shadow: 0 0 5px #fff, 0 0 10px #fff, 0 0 15px #fff, 0 0 20px #ff2d95, 0 0 30px #ff2d95, 0 0 40px #ff2d95, 0 0 50px #ff2d95, 0 0 75px #ff2d95; letter-spacing: 5px; font: 35px 'MisoRegular'; } .style5{font-size:30px;color:#fff;font-weight:bold;text-align:center;font-family:"Lucida Calligraphy";text-sh ...[37717 bytes skipped]... | ||
http://www.dynamicdrive.com/dynamicindex10/TypingText.js | 200 OK Content-Length: 4581 Content-Type: application/x-javascript | clean |
http://adamyajaideo.com/jquery.min.js | 404 Not Found Content-Length: 293 Content-Type: text/html | clean |
http://adamyajaideo.com/test404page.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://adamyajaideo.com/jquery.text-effects.js | 404 Not Found Content-Length: 302 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: adamyajaideo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 01 Sep 2014 01:45:15 GMT
Accept-Ranges: bytes
ETag: "233c42b-845c-4fb7b3a916940"
Server: Apache/2.2.15 (CentOS)
Content-Length: 33884
Content-Type: text/html
Last-Modified: Tue, 10 Jun 2014 13:23:09 GMT
...33884 bytes of data.
GET / HTTP/1.1
Host: adamyajaideo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 01 Sep 2014 01:45:15 GMT
Accept-Ranges: bytes
ETag: "233c42b-845c-4fb7b3a916940"
Server: Apache/2.2.15 (CentOS)
Content-Length: 33884
Content-Type: text/html
Last-Modified: Tue, 10 Jun 2014 13:23:09 GMT
...33884 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: adamyajaideo.com
Referer: http://www.google.com/search?q=adamyajaideo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: adamyajaideo.com
Referer: http://www.google.com/search?q=adamyajaideo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=adamyajaideo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://adamyajaideo.com/
Result: adamyajaideo.com is not infected or malware details are not published yet.
Result: adamyajaideo.com is not infected or malware details are not published yet.