Scanned pages/files
Request | Server response | Status |
http://adzmob.net/ | 200 OK Content-Length: 6488 Content-Type: application/vnd.wap.xhtml+xml | clean |
http://adzmob.net/go.php?t=1430961&1430961=&link=new-downloads | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 04 Mar 2015 00:31:29 GMT Pragma: no-cache Location: http://nextwap.topz.mobi/in/64192 Server: Apache Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: clicks=1; expires=Fri, 06-Mar-2015 00:31:29 GMT X-Powered-By: PHP/5.4.25 | clean |
http://nextwap.topz.mobi/in/64192 | 200 OK Content-Length: 5651 Content-Type: application/xhtml+xml | clean |
http://nextwap.topz.mobi/out/64189/?sessid=6d1d12bee5f786169ad983f403f6e82d | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 04 Mar 2015 00:31:31 GMT Location: http://sex.linkxchanger.in/?id=nextwaptopzmobi Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | clean |
http://sex.linkxchanger.in/?id=nextwaptopzmobi | 200 OK Content-Length: 7081 Content-Type: application/vnd.wap.xhtml+xml | clean |
http://sex.linkxchanger.in/go.php?t=1040560&link=Free-downloads | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 04 Mar 2015 00:31:31 GMT Pragma: no-cache Location: http://goo.gl/2TXt4q Server: Apache Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: clicks=1; expires=Fri, 06-Mar-2015 00:31:31 GMT X-Powered-By: PHP/5.4.25 | clean |
http://goo.gl/2txt4q | 404 Not Found Content-Length: 4438 Content-Type: text/html | clean |
http://goo.gl/static/0052.urlshortener.js | 200 OK Content-Length: 66150 Content-Type: text/javascript | clean |
http://sex.linkxchanger.in/ | 200 OK Content-Length: 7081 Content-Type: application/vnd.wap.xhtml+xml | clean |
http://sex.linkxchanger.in/go.php?t=1040560&link=~1&ref=xvideostophitsmobi | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 04 Mar 2015 00:31:33 GMT Pragma: no-cache Location: http://xvideos.tophits.mobi/in/64924 Server: Apache Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: clicks=1; expires=Fri, 06-Mar-2015 00:31:33 GMT X-Powered-By: PHP/5.4.25 | clean |
http://xvideos.tophits.mobi/in/64924 | 200 OK Content-Length: 5960 Content-Type: application/xhtml+xml | suspicious |
Page code contains blacklisted domain: hitsweek.com <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8"/><meta http-equiv="Cache-Control" content="no-cache"/><meta name="description" content="xvideos.tophits.mobi"/><meta name="keywords" ...[4230 bytes skipped]... | ||
http://xvideos.tophits.mobi/in/ | 200 OK Content-Length: 5096 Content-Type: application/xhtml+xml | suspicious |
Page code contains blacklisted domain: hitsweek.com <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8"/><meta http-equiv="Cache-Control" content="no-cache"/><meta name="description" content="xvideos.tophits.mobi"/><meta name="keywords" ...[4422 bytes skipped]... | ||
http://xvideos.tophits.mobi/out/64905/?sessid= | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 04 Mar 2015 00:31:36 GMT Location: http://sex-mp4-3gp.com Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | clean |
http://sex-mp4-3gp.com/ | 200 OK Content-Length: 10096 Content-Type: text/html | clean |
http://widget.supercounters.com/online_i.js | 200 OK Content-Length: 4233 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var sc_olimg_var = sc_olimg_var || [];
function sc_online_i(id, fcolor, bgcolor) { var info; if (fcolor.indexOf("#") !== 0) fcolor = "#" + fcolor; bgcolor = bgcolor.replace(/#/, ""); if (encodeURIComponent) { info = '&ua=' + encodeURIComponent(navigator.userAgent); info = info + '&ref=' + encodeURIComponent(document.referrer); info = info + '&url=' + encodeURIComponent(window.location); } else { cd.style.fontSize = "12px"; cd.style.color = "#ff0000"; cd.style.borderColor = "#ffffff"; cd.style.borderWidth = "1px"; cd.style.borderStyle = "solid"; cd.style.backgroundColor = sc_olimg_var['bgcolor']; cd.title = "Supercounters"; cd.innerHTML = msg; cd.onclick = function() { window.location = "http://www.supercounters.com/"; }; ct_insert(cd, "supercounters.com/online_i.js"); } Antivirus reports:
| ||
http://xvideos.tophits.mobi/ | 200 OK Content-Length: 5097 Content-Type: application/xhtml+xml | suspicious |
Page code contains blacklisted domain: hitsweek.com <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8"/><meta http-equiv="Cache-Control" content="no-cache"/><meta name="description" content="xvideos.tophits.mobi"/><meta name="keywords" ...[4422 bytes skipped]... | ||
http://xvideos.tophits.mobi/out/64890/?sessid= | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 04 Mar 2015 00:31:39 GMT Location: http://m.xxxhotvideos.net Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | clean |
http://m.xxxhotvideos.net/ | HTTP/1.1 302 Found Cache-Control: Connection: close Date: Wed, 04 Mar 2015 00:31:38 GMT Pragma: Location: http://xxxhotvideos.net/ Server: nginx Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 Expires: X-Powered-By: PHP/5.4.32 | clean |
http://xxxhotvideos.net/ | 200 OK Content-Length: 10677 Content-Type: text/html | clean |
http://widget.supercounters.com/online_t.js | 200 OK Content-Length: 1614 Content-Type: application/javascript | clean |
http://xvideos.tophits.mobi/download/9902/Sexy+slut+reamed+from+behind | HTTP/1.1 302 Found Connection: close Date: Wed, 04 Mar 2015 00:31:40 GMT Location: http://mobilist.mobi Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 204 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://mobilist.mobi/ | 200 OK Content-Length: 3792 Content-Type: text/html | clean |
http://mobilist.mobi/create/?sessid=619254a078edb944cb0f4611a74fd58a | 200 OK Content-Length: 2058 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: adzmob.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 04 Mar 2015 00:31:28 GMT
Pragma: no-cache
Server: Apache
Content-Type: application/vnd.wap.xhtml+xml
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: refer=noref; expires=Fri, 06-Mar-2015 00:31:28 GMT
Set-Cookie: noref=visited; expires=Fri, 06-Mar-2015 00:31:28 GMT
Set-Cookie: page=main; expires=Fri, 06-Mar-2015 00:31:28 GMT
X-Powered-By: PHP/5.4.25
GET / HTTP/1.1
Host: adzmob.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 04 Mar 2015 00:31:28 GMT
Pragma: no-cache
Server: Apache
Content-Type: application/vnd.wap.xhtml+xml
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: refer=noref; expires=Fri, 06-Mar-2015 00:31:28 GMT
Set-Cookie: noref=visited; expires=Fri, 06-Mar-2015 00:31:28 GMT
Set-Cookie: page=main; expires=Fri, 06-Mar-2015 00:31:28 GMT
X-Powered-By: PHP/5.4.25
Second query (visit from search engine):
GET / HTTP/1.1
Host: adzmob.net
Referer: http://www.google.com/search?q=adzmob.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: adzmob.net
Referer: http://www.google.com/search?q=adzmob.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=adzmob.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://adzmob.net/
Result: adzmob.net is not infected or malware details are not published yet.
Result: adzmob.net is not infected or malware details are not published yet.