Scanned pages/files
Request | Server response | Status |
http://kannou.s1.freexy.net/ | 200 OK Content-Length: 22661 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var str1=<<EOT <div align="center"> <table border="0"> <tr> <td><iframe src="http://click.dtiserv2.com/Click882/3006010-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td> <td><iframe src="http://click.dtiserv2.com/Click650/3103008-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td> <td><iframe src="http://www.mmaaxx.com/ </td> </tr> </table> </div> EOT var str2=<<EOT <iframe src="http://www.mmaaxx.com/carib/smapho/20060x/index04.html?affid=61755" width="310" height="190" frameborder="no" scrolling="no"></iframe> <br /> <a href="http://click.dtiserv2.com/Click/1403002-403-61755" target="_blank"><img src="http://affiliate.dtiserv.com/image/h0930_m/1403002.jpg" border="0"></a> EOT Antivirus reports:
| ||
http://freexy.net/ad/ad.js | 200 OK Content-Length: 1799 Content-Type: application/javascript | clean |
http://counter1.fc2.com/counter.php?id=964707 | 200 Ok Content-Length: 2826 Content-Type: application/x-javascript | clean |
http://freexy.net/ad/heredoc.js | 200 OK Content-Length: 2189 Content-Type: application/javascript | clean |
http://kannou.s1.freexy.net/link2.html | 200 OK Content-Length: 8389 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var str1=<<EOT <div align="center"> <table border="0"> <tr> <td><iframe src="http://click.dtiserv2.com/Click882/3006010-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td> <td><iframe src="http://click.dtiserv2.com/Click650/3103008-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td> <td><iframe src="http://www.mmaaxx.com/ </td> </tr> </table> </div> EOT var str2=<<EOT <iframe src="http://www.mmaaxx.com/carib/smapho/20060x/index04.html?affid=61755" width="310" height="190" frameborder="no" scrolling="no"></iframe> <br /> <a href="http://click.dtiserv2.com/Click/1403002-403-61755" target="_blank"><img src="http://affiliate.dtiserv.com/image/h0930_m/1403002.jpg" border="0"></a> EOT Antivirus reports:
| ||
http://kannou.s1.freexy.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 22 Apr 2014 02:34:33 GMT Location: http://www.freexy.net/404.html Server: Apache Content-Length: 214 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.freexy.net/404.html | HTTP/1.1 200 OK Connection: close Date: Tue, 22 Apr 2014 02:34:33 GMT Accept-Ranges: bytes ETag: "1c00b38-103-4cd3dd3442400" Server: Apache Content-Length: 259 Content-Type: text/html Last-Modified: Tue, 30 Oct 2012 02:48:48 GMT | clean |
http://www.sexpixbox.com/freexy2/sample/index.html | 200 OK Content-Length: 28808 Content-Type: text/html | clean |
http://www.sexpixbox.com/iphone_redirect.js | 200 OK Content-Length: 892 Content-Type: application/x-javascript | clean |
http://www.sexpixbox.com/urchin.js | 200 OK Content-Length: 21414 Content-Type: application/x-javascript | clean |
http://www.sexpixbox.com/aaaaa/js/fav.js | 200 OK Content-Length: 602 Content-Type: application/x-javascript | clean |
http://www.sexpixbox.com/google_analytics_6777018.js | 200 OK Content-Length: 431 Content-Type: application/x-javascript | clean |
http://www.sexpixbox.com/aaaaa/sample/js/jquery.js | 200 OK Content-Length: 55272 Content-Type: application/x-javascript | clean |
http://www.sexpixbox.com/aaaaa/sample/js/menu.js | 200 OK Content-Length: 340 Content-Type: application/x-javascript | clean |
http://www.sexpixbox.com/aaaaa/sample/js/yuga.js | 200 OK Content-Length: 10238 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://mmaaxx.com/scroll_popup/scroll_popup.js | 200 OK Content-Length: 1049 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kannou.s1.freexy.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Apr 2014 02:34:27 GMT
Accept-Ranges: bytes
Server: Apache
Content-Type: text/html
Last-Modified: Tue, 01 May 2012 04:47:10 GMT
X-Powered-By: ModLayout/5.0
GET / HTTP/1.1
Host: kannou.s1.freexy.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Apr 2014 02:34:27 GMT
Accept-Ranges: bytes
Server: Apache
Content-Type: text/html
Last-Modified: Tue, 01 May 2012 04:47:10 GMT
X-Powered-By: ModLayout/5.0
Second query (visit from search engine):
GET / HTTP/1.1
Host: kannou.s1.freexy.net
Referer: http://www.google.com/search?q=kannou.s1.freexy.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kannou.s1.freexy.net
Referer: http://www.google.com/search?q=kannou.s1.freexy.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kannou.s1.freexy.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kannou.s1.freexy.net/
Result: kannou.s1.freexy.net is not infected or malware details are not published yet.
Result: kannou.s1.freexy.net is not infected or malware details are not published yet.