Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hotdreamsxxx.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hotdreamsxxx.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hotdreamsxxx.com/ | 200 OK Content-Length: 89542 Content-Type: text/html | malicious |
Page code contains blacklisted domain: pornflavor.com <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- BEGIN EroAdvertising ADSPACE CODE --> <script type="text/javascript" language="javascript" charset="utf-8" src="http://adspaces.ero-advertising.com/adspace/164556.js"></script> <!-- END EroAdvertising ADSPACE CODE --> <base href="http://www.hotdreamsxxx.com/"> <title>Hot Dreams XXX-Amateur, Anal, Asia ...[4319 bytes skipped]... Malicious iFrame found. size: 300x300 src: http://www.hotdreamsxxx.com/ads/300x250_1.php This URL is marked by Yandex as suspicious <iframe src="http://www.hotdreamsxxx.com/ads/300x250_1.php" width="300" height="300" frameborder="0" scrolling="no"> | ||
http://adspaces.ero-advertising.com/adspace/164556.js | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://www.hotdreamsxxx.com/js/jquery.timer.js | 200 OK Content-Length: 3484 Content-Type: application/x-javascript | clean |
http://www.hotdreamsxxx.com/js/rotation.js | 200 OK Content-Length: 662 Content-Type: application/x-javascript | clean |
http://www.hotdreamsxxx.com/webmasters/mootools.svn.js | 200 OK Content-Length: 190748 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.11' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : ' obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; Antivirus reports:
| ||
http://www.hotdreamsxxx.com/popunder.js | 200 OK Content-Length: 2769 Content-Type: application/x-javascript | clean |
http://i3.putags.com/ce/ba/73/ceba738903fe05bf16474860bbd23365.js | 200 OK Content-Length: 5272 Content-Type: application/x-javascript | clean |
http://syndication.exoclick.com/ads.php?
type=300x250&login=forbiden&cat=139&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008
000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=40096&idsite=39403 | 200 OK Content-Length: 641 Content-Type: text/javascript | clean |
http://syndication.exoclick.com/ads.php?type=300x250&login=forbiden&cat=108&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=&text_only=0&show_thumb=&idzone=40096&idsite=39403 | 200 OK Content-Length: 645 Content-Type: text/javascript | clean |
http://beta.tumbswap.com/wcode/fxSp/ | 200 OK Content-Length: 93094 Content-Type: text/javascript | clean |
http://www.hotdreamsxxx.com/floater.js | 200 OK Content-Length: 5481 Content-Type: application/x-javascript | clean |
http://adserver.juicyads.com/js/jfc.js | 200 OK Content-Length: 1197 Content-Type: application/x-javascript | clean |
http://hotdreamsxxx.com/page_2.html | 200 OK Content-Length: 87870 Content-Type: text/html | malicious |
Page code contains blacklisted domain: pornflavor.com <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- BEGIN EroAdvertising ADSPACE CODE --> <script type="text/javascript" language="javascript" charset="utf-8" src="http://adspaces.ero-advertising.com/adspace/164556.js"></script> <!-- END EroAdvertising ADSPACE CODE --> <base href="http://www.hotdreamsxxx.com/"> <title>Hot Dreams XXX-Amateur, Anal, Asia ...[4319 bytes skipped]... Malicious iFrame found. size: 300x300 src: http://www.hotdreamsxxx.com/ads/300x250_1.php This URL is marked by Yandex as suspicious <iframe src="http://www.hotdreamsxxx.com/ads/300x250_1.php" width="300" height="300" frameborder="0" scrolling="no"> | ||
http://hotdreamsxxx.com/page_3.html | 200 OK Content-Length: 84375 Content-Type: text/html | malicious |
Page code contains blacklisted domain: pornflavor.com <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- BEGIN EroAdvertising ADSPACE CODE --> <script type="text/javascript" language="javascript" charset="utf-8" src="http://adspaces.ero-advertising.com/adspace/164556.js"></script> <!-- END EroAdvertising ADSPACE CODE --> <base href="http://www.hotdreamsxxx.com/"> <title>Hot Dreams XXX-Amateur, Anal, Asia ...[4319 bytes skipped]... Malicious iFrame found. size: 300x300 src: http://www.hotdreamsxxx.com/ads/300x250_1.php This URL is marked by Yandex as suspicious <iframe src="http://www.hotdreamsxxx.com/ads/300x250_1.php" width="300" height="300" frameborder="0" scrolling="no"> | ||
http://hotdreamsxxx.com/page_4.html | 200 OK Content-Length: 88832 Content-Type: text/html | malicious |
Page code contains blacklisted domain: pornflavor.com <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- BEGIN EroAdvertising ADSPACE CODE --> <script type="text/javascript" language="javascript" charset="utf-8" src="http://adspaces.ero-advertising.com/adspace/164556.js"></script> <!-- END EroAdvertising ADSPACE CODE --> <base href="http://www.hotdreamsxxx.com/"> <title>Hot Dreams XXX-Amateur, Anal, Asia ...[4319 bytes skipped]... Malicious iFrame found. size: 300x300 src: http://www.hotdreamsxxx.com/ads/300x250_1.php This URL is marked by Yandex as suspicious <iframe src="http://www.hotdreamsxxx.com/ads/300x250_1.php" width="300" height="300" frameborder="0" scrolling="no"> |
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://hotdreamsxxx.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: hotdreamsxxx.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 20 Sep 2014 18:26:22 GMT Location: http://smelma.berkshirecapitalholdings.com/t.gif?_=1340584462701&count=horizontal&counturl=http%3A%2F%2Fhotdreamsxxx.com%2F&id=twitter-widget-0&lang=en&original_referer=http%3A%2F%2Fhotdreamsxxx.com%2F&size=m&text=Penghormatan%20Terakhir%20Tim%20Dokter%20Pada%20Sang%20Bocah%20%5C%27Pemberi%20Harapan%5C%27&url=http%3A%2F%2Fhotdreamsxxx.com%2F&via=detikcom&type=share&twttr_referrer=http%3A%2F%2Fhotdreamsxxx.com%2F&twttr_widget=1&twttr_hask=0&twttr_li=0&twttr_pid=v3%3A1334537499779222933808815 Server: nginx Content-Length: 0 Content-Type: text/html Set-Cookie: OgM=6; expires=Sat, 27-Sep-2014 18:26:22 GMT; path=/ X-Cache: HIT from Backend X-Powered-By: PHP/5.4.23 | suspicious |
URL: http://smelma.berkshirecapitalholdings.com/t.gif?_=1340584462701&count=horizontal&counturl=http%3A%2F%2Fhotdreamsxxx.com%2F&id=twitter-widget-0&lang=en&original_referer=http%3A%2F%2Fhotdreamsxxx.com%2F&size=m&text=Penghormatan%20Terakhir%20Tim%20Dokter%20Pada%20Sang%20Bocah%20%5C%27Pemberi%20Harapan%5C%27&url=http%3A%2F%2Fhotdreamsxxx.com%2F&via=detikcom&type=share&twttr_referrer=http%3A%2F%2Fhotdreamsxxx.com%2F&twttr_widget=1&twttr_hask=0&twttr_li=0&twttr_pid=v3%3A1334537499779222933808815 (imitation of visitor from search engine) GET /t.gif?_=1340584462701&count=horizontal&counturl=http%3A%2F%2Fhotdreamsxxx.com%2F&id=twitter-widget-0&lang=en&original_referer=http%3A%2F%2Fhotdreamsxxx.com%2F&size=m&text=Penghormatan%20Terakhir%20Tim%20Dokter%20Pada%20Sang%20Bocah%20%5C%27Pemberi%20Harapan%5C%27&url=http%3A%2F%2Fhotdreamsxxx.com%2F&via=detikcom&type=share&twttr_referrer=http%3A%2F%2Fhotdreamsxxx.com%2F&twttr_widget=1&twttr_hask=0&twttr_li=0&twttr_pid=v3%3A1334537499779222933808815 HTTP/1.1 Host: smelma.berkshirecapitalholdings.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 20 Sep 2014 18:26:24 GMT Location: http://www.google.com/ Server: nginx/1.1.4 Content-Length: 160 Content-Type: text/html | suspicious |