Scanned pages/files
Request | Server response | Status |
http://daileymale.info/ | 200 OK Content-Length: 10228 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) function nextSize(i,incMethod,textLength) { if (incMethod == 1) { return (22*Math.abs(Math.sin(i/(textLength/3.14))) ); } if (incMethod == 2) { return (255*Math.abs(Math.cos(i/(textLength/3.14)))); } return(0) } function sizeCycle(text,method,dis) { var output = ""; for (i = 0; i < text.length; i++) { size = parseInt(nextSize(i +dis,method,text.length)); output += "<font style='font-size: "+ size +"pt'>" +text.substr while (el.hasChildNodes()) el.removeChild(el.lastChild); el.appendChild(htmlFrag);} else if (document.layers){ document.theDiv.document.write("<font face='Arial'point-size=11>"+output+"</font>"); document.theDiv.document.close();} } function doWave(n) { var theText = 'yeah i get your fvckin system'; sizeCycle(theText,1,n); if (n > theText.length) { n=0 } setTimeout("doWave(" + (n+1) + ")", 50); } Antivirus reports:
Deface/Content modification. The following signature was found: HaCked By : ...[10641 bytes skipped]... BR> i am moslem hacker<BR> i am black hat hacker<BR> Where is Your Security<BR> So ..<BR> watch out Brother :)<br> IM Beside U <b>kaMtiEz OwnzYou</b><BR> Kill-9 Crew We are : arianom -=- tiw0L -=- Contrex -=- Pathloader -=- kaMtiEz -=- <BR> Thx To : -=- tukulesto -=- and who hate MALINGSIAL -=- INDONESIANCODER -=-<BR>HaCked By :<BR><BR>kaMtiEz</p> <script type="text/javascript"> //Define first typing example: new TypingText(document.getElementById("example1")); //Define second typing example (use "slashing" cursor at the end): new TypingText(document.getElementById("example2"), 70, function(i){ var ar = new Array("\\", "|", "/", "-"); return " " + ar[i.length % ar.length]; }); //Type out examples: TypingText.runAll(); < ...[389 bytes skipped]... | ||
http://daileymale.info/test404page.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: daileymale.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Dec 2015 04:34:30 GMT
Accept-Ranges: bytes
ETag: "c05637-27f4-4174d6e0b5640"
Server: Apache
Content-Length: 10228
Content-Type: text/html
Last-Modified: Wed, 28 Jun 2006 19:00:33 GMT
...10228 bytes of data.
GET / HTTP/1.1
Host: daileymale.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Dec 2015 04:34:30 GMT
Accept-Ranges: bytes
ETag: "c05637-27f4-4174d6e0b5640"
Server: Apache
Content-Length: 10228
Content-Type: text/html
Last-Modified: Wed, 28 Jun 2006 19:00:33 GMT
...10228 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: daileymale.info
Referer: http://www.google.com/search?q=daileymale.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: daileymale.info
Referer: http://www.google.com/search?q=daileymale.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=daileymale.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://daileymale.info/
Result: daileymale.info is not infected or malware details are not published yet.
Result: daileymale.info is not infected or malware details are not published yet.