Scanned pages/files
| Request | Server response | Status |
http://canoscanlide25.com/ | 200 OK Content-Length: 37803 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) function nextSize(i,incMethod,textLength) { if (incMethod == 1) { return (22*Math.abs(Math.sin(i/(textLength/3.14))) ); } if (incMethod == 2) { return (255*Math.abs(Math.cos(i/(textLength/3.14)))); } return(0) } function sizeCycle(text,method,dis) { var output = ""; for (i = 0; i < text.length; i++) { size = parseInt(nextSize(i +dis,method,text.length)); output += "<font style='font-size: "+ size +"pt'>" +text.substr el.appendChild(htmlFrag);} else if (document.layers){ document.theDiv.document.write("<font face='Arial'point-size=11>"+output+"</font>"); document.theDiv.document.close();} } function doWave(n) { var theText = 'Victory2u haS 0wneD y0uR Syst3m !!'; sizeCycle(theText,1,n); if (n > theText.length) { n=0 } setTimeout("doWave(" + (n+1) + ")", 50); } Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By Cyb3rw0rM ...[2947 bytes skipped]... t face='Arial'point-size=11>"+output+"</font>"); document.theDiv.document.close();} } function doWave(n) { var theText = 'Victory2u haS 0wneD y0uR Syst3m !!'; sizeCycle(theText,1,n); if (n > theText.length) { n=0 } setTimeout("doWave(" + (n+1) + ")", 50); } </script> <br><img src="http://oi49.tinypic.com/ac7t46.jpg" alt="Hacked By Cyb3rw0rM" width="650" height="350"></td></tr></tbody></table></p></td></tr></tbody></table> <style type="text/css">.matrix { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 8pt; PADDING-BOTTOM: 0px; MARGIN: 0px; WIDTH: 10px; PADDING-TOP: 0px; FONT-FAMILY: Lucida Console, Courier, Monotype; TEXT-ALIGN: center } </style> <p></p> <script language="JavaScript ...[39369 bytes skipped]... | ||
http://canoscanlide25.com/test404page.js | 200 OK Content-Length: 37803 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function nextSize(i,incMethod,textLength) { if (incMethod == 1) { return (22*Math.abs(Math.sin(i/(textLength/3.14))) ); } if (incMethod == 2) { return (255*Math.abs(Math.cos(i/(textLength/3.14)))); } return(0) } function sizeCycle(text,method,dis) { var output = ""; for (i = 0; i < text.length; i++) { size = parseInt(nextSize(i +dis,method,text.length)); output += "<font style='font-size: "+ size +"pt'>" +text.substr el.appendChild(htmlFrag);} else if (document.layers){ document.theDiv.document.write("<font face='Arial'point-size=11>"+output+"</font>"); document.theDiv.document.close();} } function doWave(n) { var theText = 'Victory2u haS 0wneD y0uR Syst3m !!'; sizeCycle(theText,1,n); if (n > theText.length) { n=0 } setTimeout("doWave(" + (n+1) + ")", 50); } Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: canoscanlide25.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 May 2014 08:23:05 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.4.23
GET / HTTP/1.1
Host: canoscanlide25.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 May 2014 08:23:05 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.4.23
Second query (visit from search engine):
GET / HTTP/1.1
Host: canoscanlide25.com
Referer: http://www.google.com/search?q=canoscanlide25.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: canoscanlide25.com
Referer: http://www.google.com/search?q=canoscanlide25.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=canoscanlide25.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://canoscanlide25.com/
Result: canoscanlide25.com is not infected or malware details are not published yet.
Result: canoscanlide25.com is not infected or malware details are not published yet.