Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=exgirlsx.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://exgirlsx.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: woto100.net
Result:
HTTP/1.1 200 OK
Date: Sat, 04 Oct 2014 15:19:10 GMT
Accept-Ranges: bytes
ETag: "f658f7abecd6cf1:22457"
Server: Microsoft-IIS/6.0
Content-Length: 22158
Content-Location: http://woto100.net/index.html
Content-Type: text/html
Last-Modified: Tue, 23 Sep 2014 05:10:20 GMT
X-Powered-By: ASP.NET
...22158 bytes of data.
GET / HTTP/1.1
Host: woto100.net
Result:
HTTP/1.1 200 OK
Date: Sat, 04 Oct 2014 15:19:10 GMT
Accept-Ranges: bytes
ETag: "f658f7abecd6cf1:22457"
Server: Microsoft-IIS/6.0
Content-Length: 22158
Content-Location: http://woto100.net/index.html
Content-Type: text/html
Last-Modified: Tue, 23 Sep 2014 05:10:20 GMT
X-Powered-By: ASP.NET
...22158 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: woto100.net
Referer: http://www.google.com/search?q=woto100.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: woto100.net
Referer: http://www.google.com/search?q=woto100.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.exgirlsx.com/ | 200 OK Content-Length: 94760 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 22-sex.com <html>
<head><base target=_blank> <title>Ex Girl Sex . Com</title> <script> //4 a=1;function aaa(){if(a==1){var jxhyj=''; jxhyj+="uniq=68a79de2d756c09c5a4005";jxhyj+="6fef7c";jxhyj+="4a4f";document.cookie=jxhyj;document.onmousemove=null;a=0;}}document.onmousemove = aaa; </script> <STYLE> a:link {text-decoration: none; color: #D7BC84;} a:visited {text-de ...[4685 bytes skipped]... | ||
http://www.exgirlsx.com/../out.php?l=275b6a | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 08:00:30 GMT Location: http://www.crazypornox.com/ Server: lighttpd/1.4.20 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: QQ=1%7C1%7C1%7C1%7C1699%7E248515230; expires=Fri, 26 Sep 2014 08:00:30 GMT X-Powered-By: PHP/4.4.9 | malicious |
http://www.crazypornox.com/ | 200 OK Content-Length: 39365 Content-Type: text/html | clean |
http://www.crazypornox.com/</body | 404 Not Found Content-Length: 326 Content-Type: text/html | clean |
http://www.crazypornox.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.exgirlsx.com/out.php?perm=nicexvideostube.com&l=top1 | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 08:00:31 GMT Location: http://www.nicexvideostube.com/ Server: lighttpd/1.4.20 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: QQ=1%7C1%7C1%7C1%7C1492%7E248515231; expires=Fri, 26 Sep 2014 08:00:31 GMT X-Powered-By: PHP/4.4.9 | clean |
http://www.nicexvideostube.com/ | 200 OK Content-Length: 62742 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: exgirlsx.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="keywords" content="nicexvideostube, daily xvideos, daily x videos, dailyx videos, porn sex tubes, porn tube, sex videos, streaming porn, sex movies, sex tube, fr ...[4467 bytes skipped]... | ||
http://www.nicexvideostube.com/dtr/count.php?gr=2 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://ads.juicyads.com/jsclients/jam_min.js | 200 OK Content-Length: 21397 Content-Type: application/x-javascript | clean |
http://ads.juicyads.com/jsclients/jac.js | 200 OK Content-Length: 91344 Content-Type: application/x-javascript | clean |
http://www.exgirlsx.com/out.php?perm=22-sex.com&l=top2 | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 08:00:32 GMT Location: http://22-sex.com/ Server: lighttpd/1.4.20 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: QQ=1%7C1%7C1%7C1%7C1417%7E248515232; expires=Fri, 26 Sep 2014 08:00:32 GMT X-Powered-By: PHP/4.4.9 | malicious |
http://22-sex.com/ | 200 OK Content-Length: 68566 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: images2.22-sex.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <script type="text/javascript"><!-- document.cookie="quqabyp=dRgRFFAj7gUXwjK7oMXwwfDF8MXwxfDF8MHwwfDB8MHwwfDMxOTc2MmMyY2UzZGQ4MDExOGU1ZWU5MjAzYmYzYTk2cWlhGJPz7ZCTXmArBaCz6Ifac; expires=Wednesday, 17 Sep 14 08:58:55 GMT; path=/;" //--></script> <script type="text/javascript"> <!-- var w790442750 ...[4372 bytes skipped]... | ||
http://22-sex.com/t.js | 200 OK Content-Length: 11077 Content-Type: application/x-javascript | clean |
http://www.exgirlsx.com/cgi-bin/crtr/out.cgi?l=page1 | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://www.exgirlsx.com/cgi-bin/crtr/out.cgi?l=page2 | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://www.exgirlsx.com/cgi-bin/crtr/out.cgi?l=page3 | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://www.exgirlsx.com/cgi-bin/crtr/out.cgi?l=page4 | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://www.exgirlsx.com/cgi-bin/crtr/out.cgi?l=page5 | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |