Scanned pages/files
Request | Server response | Status |
http://kidelicia.net/ | 200 OK Content-Length: 36831 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function nextSize(i,incMethod,textLength) { if (incMethod == 1) { return (22*Math.abs(Math.sin(i/(textLength/3.14))) ); } if (incMethod == 2) { return (255*Math.abs(Math.cos(i/(textLength/3.14)))); } return(0) } function sizeCycle(text,method,dis) { var output = ""; for (i = 0; i < text.length; i++) { size = parseInt(nextSize(i +dis,method,text.length)); output += "<font style='font-size: "+ size +"pt'>" +text.substr el.appendChild(htmlFrag);} else if (document.layers){ document.theDiv.document.write("<font face='Verdana'point-size=11>"+output+"</font>"); document.theDiv.document.close();} } function doWave(n) { var theText = 'Ki Delicia Marmitex Delivery direto para sua Empresa!!!!!!!'; sizeCycle(theText,1,n); if (n > theText.length) { n=0 } setTimeout("doWave(" + (n+1) + ")", 50); } Decoded script: function s() { a.P(r); f[z](r); } Antivirus reports:
| ||
http://kidelicia.net/jquery.js?v=86c | 200 OK Content-Length: 93868 Content-Type: application/javascript | clean |
http://kidelicia.net/webacappella_core.js?v=1vag | 200 OK Content-Length: 55099 Content-Type: application/javascript | clean |
http://kidelicia.net/wa_gallery/webacappella_gallery.js?v=1dmo | 200 OK Content-Length: 35568 Content-Type: application/javascript | clean |
http://kidelicia.net/jquery.mousewheel.js?v=use | 200 OK Content-Length: 1395 Content-Type: application/javascript | clean |
http://kidelicia.net/wa_fancybox/jquery.easing-1.3.pack.js?v=1gkg | 200 OK Content-Length: 6720 Content-Type: application/javascript | clean |
http://kidelicia.net/wa_fancybox/jquery.fancybox-1.3.4.js?v=d3c | 200 OK Content-Length: 24377 Content-Type: application/javascript | clean |
http://kidelicia.net/webacappella_tools.js?v=vek | 200 OK Content-Length: 9327 Content-Type: application/javascript | clean |
http://blogutils.net/olct/online.php?site=www.kidelicia.net&interval=600 | 200 OK Content-Length: 572 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://www.blogutils.net/o.html <iframe frameborder="0" marginwidth="0" marginheight="0" scrolling="no" width="0" height="0" src="http://www.blogutils.net/o.html"> | ||
http://blogutils.net/test404page.js | 500 Internal Server Error Content-Length: 674 Content-Type: text/html | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 6844 Content-Type: text/javascript | clean |
http://kidelicia.net/wa_common_messages_pt.js?v= | 200 OK Content-Length: 13151 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kidelicia.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Jun 2014 13:25:37 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 36831
Content-Type: text/html
Last-Modified: Sat, 07 Jun 2014 02:16:29 GMT
...36831 bytes of data.
GET / HTTP/1.1
Host: kidelicia.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Jun 2014 13:25:37 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 36831
Content-Type: text/html
Last-Modified: Sat, 07 Jun 2014 02:16:29 GMT
...36831 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kidelicia.net
Referer: http://www.google.com/search?q=kidelicia.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kidelicia.net
Referer: http://www.google.com/search?q=kidelicia.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kidelicia.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kidelicia.net/
Result: kidelicia.net is not infected or malware details are not published yet.
Result: kidelicia.net is not infected or malware details are not published yet.