Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=berlin-nutten.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://berlin-nutten.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://berlin-nutten.com/ | 200 OK Content-Length: 37829 Content-Type: text/html | clean |
http://s1x.slimtrade.com/s3244.js | 200 OK Content-Length: 13336 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: verbotten-geil.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e p=u Y("5I 5t 5z (38)","1l 1a (33)","1l 1k (6)","5U 1m (3)","5W 5X (3)","5Z 1k (0)","5T 5S (0)","5N (0)","5M 5L (0)","5O 5P (0)","5R 1h (0)","5Q (0)","5s 5r (0)");e w=u Y("f://4V.4U-4T.i","f://4W-1j.1q","f://1j-1a.i","f://4X-1m.i","f://4Z-4 ...[3548 bytes skipped]... Decoded script: var stTrName=new Array("Wicked Top XXX (38)","Youporn deutsch (33)","Youporn Deutsch (6)","Verbotten geil (3)","Empflix Pornoflme (3)","Xvideo Deutsch (0)","Xtube Porno (0)","Xhamster (0)","Fruehreife Teenfotzen (0)","Vagosex Pornos (0)","Tini porn (0)","Knallerpornos (0)","Cliti TV (0)");var stTrUrl=new Array("http://toplist.traffic-hits.com","http://deutsches-youporn.net","http://youporn-deutsch.com","http://verbotten-geil.com","http://empflix-pornoflme.com","http://xvideo-deutsch.com","http://xtube-porno.com","http://xhamster-porno.com","http://fruehreif.com","http://vagosex-pornos.net","http://tini-porn.com","http://knallerpornos.com","http://cliti.tv");var stTrValues=new Array("29,51,15","17,33,2","25,78,6","1,14,6","7,22,5","2,7,5","3,14,3","3,10,2","2,6,1","11,33,1","1,20,0","1,5,0","541,412,456","1,9,0","34,56,16","8,23,10","4,12,6","16,44,5","4,12,1"," ...[24735 bytes skipped]... | ||
http://berlin-nutten.com/media/js/global.js | 200 OK Content-Length: 107438 Content-Type: application/javascript | clean |
http://px.pornorio.com/paref.js?s=3244 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://px.pornorio.com/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://adspaces.ero-advertising.com/adspace/214430.js | 200 OK Content-Length: 1553 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214431.js | 200 OK Content-Length: 1551 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214432.js | 200 OK Content-Length: 1543 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214422.js | 200 OK Content-Length: 1279 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214423.js | 200 OK Content-Length: 1279 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214419.js | 200 OK Content-Length: 2432 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214418.js | 200 OK Content-Length: 16355 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: berlin-nutten.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 24 Sep 2014 18:26:25 GMT
Pragma: no-cache
Server: lighttpd/1.4.28
Content-Type: text/html
Expires: Fri, 24 Oct 2014 18:26:25 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8r6laq3213ia8prjtaqeoujis2; path=/
Set-Cookie: ck=1; expires=Sat, 19-Sep-2015 18:26:25 GMT; path=/; domain=berlin-nutten.com
X-Powered-By: PHP/5.3.3-7+squeeze14
GET / HTTP/1.1
Host: berlin-nutten.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 24 Sep 2014 18:26:25 GMT
Pragma: no-cache
Server: lighttpd/1.4.28
Content-Type: text/html
Expires: Fri, 24 Oct 2014 18:26:25 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8r6laq3213ia8prjtaqeoujis2; path=/
Set-Cookie: ck=1; expires=Sat, 19-Sep-2015 18:26:25 GMT; path=/; domain=berlin-nutten.com
X-Powered-By: PHP/5.3.3-7+squeeze14
Second query (visit from search engine):
GET / HTTP/1.1
Host: berlin-nutten.com
Referer: http://www.google.com/search?q=berlin-nutten.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: berlin-nutten.com
Referer: http://www.google.com/search?q=berlin-nutten.com
Result:
The result is similar to the first query. There are no suspicious redirects found.