Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pandoratube.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pandoratube.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 5888562.hb.wabaidu.com
Result:
HTTP/1.1 500 timeout
Content-Type: text/plain
GET / HTTP/1.1
Host: 5888562.hb.wabaidu.com
Result:
HTTP/1.1 500 timeout
Content-Type: text/plain
Second query (visit from search engine):
GET / HTTP/1.1
Host: 5888562.hb.wabaidu.com
Referer: http://www.google.com/search?q=5888562.hb.wabaidu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 5888562.hb.wabaidu.com
Referer: http://www.google.com/search?q=5888562.hb.wabaidu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.pandoratube.com/ | 200 OK Content-Length: 72120 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: oopsmovs.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <link rel="canonical" href="http://www.pandoratube.com/" /> <title>Streaming Porn Tube Videos - PandoraTube.com</title&g ...[4383 bytes skipped]... | ||
http://w.sharethis.com/button/buttons.js | 200 OK Content-Length: 145774 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(stlib)=="undefined"){var stlib={}}if(!stlib.functions){stlib.functions=[];stlib.functionCount=0}stlib.global={};stlib.global.hash=document.location.href.split("#");stlib.global.hash.shift();stlib.global.hash=stlib.global.hash.join("#");stlib.dynamicOn=true;stlib.debugOn=false;stlib.debug={count:0,messages:[],debug:function(b,a){if(a&&(typeof console)!="undefined"){console.log(b)}stlib.debug.messages.push(b)},show:function(a){for(message in stlib.debug.messages){if((typeof conso Antivirus reports:
| ||
http://s.sharethis.com/loader.js | 200 OK Content-Length: 15748 Content-Type: application/x-javascript | clean |
http://www.pandoratube.com/out.php?member=deliciousmovies.com | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 20 Sep 2014 21:27:29 GMT Location: http://www.deliciousmovies.com/ Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Sat, 20 Sep 2014 21:27:29 GMT Set-Cookie: to=%7Cdeliciousmovies.com; expires=Sun, 21-Sep-2014 21:27:29 GMT; path=/ Set-Cookie: vs=deliciousmovies.com; expires=Sun, 21-Sep-2014 21:27:29 GMT; path=/ X-Powered-By: PHP/5.4.32 | clean |
http://www.deliciousmovies.com/ | 200 OK Content-Length: 74585 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: tube2012.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <link rel="canonical" href="http://www.deliciousmovies.com/" /> <title>Free Porno, Sex Videos - Delicious Movies</title> <meta name="description" content="The best collection of free porno & ...[4182 bytes skipped]... | ||
http://www.deliciousmovies.com/out.php?member=pornorama.com | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 20 Sep 2014 21:27:30 GMT Location: http://www.pornorama.com/ Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Sat, 20 Sep 2014 21:27:30 GMT Current-Click: 1 Nocookie_skimming: 100 Set-Cookie: to=%7Cpornorama.com; expires=Sun, 21-Sep-2014 21:27:30 GMT; path=/ Set-Cookie: vs=pornorama.com; expires=Sun, 21-Sep-2014 21:27:30 GMT; path=/ X-Current-Click: nocookie X-Current-Trader: nocookie X-Powered-By: PHP/5.4.32 | clean |
http://www.pornorama.com/ | 200 OK Content-Length: 139939 Content-Type: text/html | clean |
http://static.xvideos.com/vote/displayFlash.js | 200 OK Content-Length: 12313 Content-Type: application/javascript | clean |
http://static.xvideos.com/js/pornorama-ads.js | 200 OK Content-Length: 1808 Content-Type: application/javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 6875 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12498 Content-Type: application/javascript | clean |
http://www.deliciousmovies.com/new/6/ | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://www.deliciousmovies.com/test404page.js | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
http://www.deliciousmovies.com/out.php?t=teensnowcom | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 20 Sep 2014 21:27:32 GMT Location: http://www.trafficholder.com/in/in.php?liquid Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Sat, 20 Sep 2014 21:27:32 GMT Current-Click: 1 Got-Member: magicmovies.com (http://www.magicmovies.com) Nocookie_skimming: 100 Rand: 1601 (2430) Script-Group: ff (q: 3) (34 70) (70, 15, 15) Select-Broker: 100 (total 101) Select-Trade: streamsex.com,pornorama.com,dreammovies.com,magicmovies.com,dirtyrhino.com,sexpicsandvids.com,tube2012.com,besttubeclips.com,nobodytube.com,tubedirty.com,tubesexual.com,redsextube.xxx,lewd-babes.com,boomporntube.com,tubeyork.com,tuberealm.com,xhamsterhq.com,teengirlorgasm.net,allrusamateurs.com,corporal.com,phree-porn.com,x-clip.com,gigantclips.com,yocuties.net,general-porn.com,gimmevids.com,yourpornbus.com,ujizztube.xxx,maxraw.com,hot-girl-sex.com,tubry.com,unclevids.com,xxxtube.fm,blackredtube.com,clipsgasm.com,cumgreed.com,h2xxx.com,oopsmovs.com,hottubeclips.com,tuberix.com,teen-erotica.net,lewdgalls.com,penguinvids.com,tube2011.com,pornnavigate.com,pumatube.com,pandoratube.com,wetgalls.com,xxxtubetv.com,hdmtube.com,redxxxtube.xxx,freshxxxtube.com,teenygirlsex.net,yocuties.com,delightlinks.com,tubexo.xxx,tube4a.com,teenzvidz.com,fyloo.com,bestsexo.com,hotfuckmovies.net,veryhotsex.net,hotxxxteens.net,crazyhotfuck.com,teenworldsex.com,youngxxxteens.net,collegeteensex.net,teensroyal.com,bustycats.com,sextubefilms.com,fullxxxtube.com,xvidtube.com,whorestube.com,porntubeeg.com,freeteenpornvideo.net,xxx-red-tube.net,teenladyporn.com,moontubes.com,homevideoplace.com,teens4porn.com,itsass.com,sextubeclub.com,lustful-girls.com,xpornvideos.xxx,dronporn.com,private-home-area.com,privatevideotube.com,titsnasstube.com,floxxx.com,hqhdv.com,dronsex.com,xladyxxxmovie.com,deliciousxxx.com,jokersextube.com,bestfucktube.com,xposedtube.com..(2430)..96 Sell-Traffic: sending to sell url Set-Cookie: scj_tr_sell_0=1; expires=Sun, 21-Sep-2014 21:27:32 GMT; path=/ Set-Cookie: to=%7Cout_redirect; expires=Sun, 21-Sep-2014 21:27:32 GMT; path=/ Traffic-Sell: nocookie skim = 7, rand = 0.72 Traffic-Sell-X: check nocookie sell_skim = 7 X-Current-Click: nocookie X-Current-Trader: nocookie X-Powered-By: PHP/5.4.32 | malicious |
http://www.trafficholder.com/in/in.php?liquid | 200 OK Content-Length: 125 Content-Type: text/html | clean |
http://www.deliciousmovies.com/out.php?t=xnxx | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 20 Sep 2014 21:27:33 GMT Location: http://www.streamsex.com Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Sat, 20 Sep 2014 21:27:33 GMT Current-Click: 1 Got-Member: streamsex.com (http://www.streamsex.com) Nocookie_skimming: 100 Rand: 477 (2430) Script-Group: pbf (q: 3) (87 100) (70, 15, 15) Select-Trade: streamsex.com,pornorama.com,dreammovies.com,magicmovies.com,dirtyrhino.com,sexpicsandvids.com,tube2012.com,besttubeclips.com,nobodytube.com,tubedirty.com,tubesexual.com,redsextube.xxx,lewd-babes.com,boomporntube.com,tubeyork.com,tuberealm.com,xhamsterhq.com,teengirlorgasm.net,allrusamateurs.com,corporal.com,phree-porn.com,x-clip.com,gigantclips.com,yocuties.net,general-porn.com,gimmevids.com,yourpornbus.com,ujizztube.xxx,maxraw.com,hot-girl-sex.com,tubry.com,unclevids.com,xxxtube.fm,blackredtube.com,clipsgasm.com,cumgreed.com,h2xxx.com,oopsmovs.com,hottubeclips.com,tuberix.com,teen-erotica.net,lewdgalls.com,penguinvids.com,tube2011.com,pornnavigate.com,pumatube.com,pandoratube.com,wetgalls.com,xxxtubetv.com,hdmtube.com,redxxxtube.xxx,freshxxxtube.com,teenygirlsex.net,yocuties.com,delightlinks.com,tubexo.xxx,tube4a.com,teenzvidz.com,fyloo.com,bestsexo.com,hotfuckmovies.net,veryhotsex.net,hotxxxteens.net,crazyhotfuck.com,teenworldsex.com,youngxxxteens.net,collegeteensex.net,teensroyal.com,bustycats.com,sextubefilms.com,fullxxxtube.com,xvidtube.com,whorestube.com,porntubeeg.com,freeteenpornvideo.net,xxx-red-tube.net,teenladyporn.com,moontubes.com,homevideoplace.com,teens4porn.com,itsass.com,sextubeclub.com,lustful-girls.com,xpornvideos.xxx,dronporn.com,private-home-area.com,privatevideotube.com,titsnasstube.com,floxxx.com,hqhdv.com,dronsex.com,xladyxxxmovie.com,deliciousxxx.com,jokersextube.com,bestfucktube.com,xposedtube.com..(2430)..96 Set-Cookie: to=%7Cstreamsex.com; expires=Sun, 21-Sep-2014 21:27:33 GMT; path=/ Set-Cookie: vs=streamsex.com; expires=Sun, 21-Sep-2014 21:27:33 GMT; path=/ Traffic-Sell: nocookie skim = 7, rand = 52.68 Traffic-Sell-X: check nocookie sell_skim = 7 Traffic-Trade: Sending to trade X-Current-Click: nocookie X-Current-Trader: nocookie X-Powered-By: PHP/5.4.32 | clean |
http://www.streamsex.com/ | 200 OK Content-Length: 158712 Content-Type: text/html | clean |
http://static.xvideos.com/v2/js/ads.js | 200 OK Content-Length: 1921 Content-Type: application/javascript | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |