Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=realporntube.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://realporntube.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: immigrationadvisers.org.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 17 Feb 2015 10:39:05 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: immigrationadvisers.org.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 17 Feb 2015 10:39:05 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: immigrationadvisers.org.uk
Referer: http://www.google.com/search?q=immigrationadvisers.org.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: immigrationadvisers.org.uk
Referer: http://www.google.com/search?q=immigrationadvisers.org.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.realporntube.com/ | 200 OK Content-Length: 292404 Content-Type: text/html | malicious |
Page code contains blacklisted domain: www.3rat.com ...[801 bytes skipped]... ;a href="http://www.porn.com">Porn Movies</a><br> <span>01.</span><a href="/cgi-bin/at3/out.cgi?id=338&trade=http://germansextube.net/">German+Sextube</a><br> <span>02.</span><a href="/cgi-bin/at3/out.cgi?id=455&trade=http://mywifesex.net/">My wife sex</a><br> <span>03.</span><a href="/cgi-bin/at3/out.cgi?id=214&trade=http://www.3rat.com">3 Rat</a><br> <span>04.</span><a href="/cgi-bin/at3/out.cgi?id=25&trade=http://fetishxxxtube.com/">Fetish xxx tube</a><br> <span>05.</span><a href="/cgi-bin/at3/out.cgi?id=520&trade=http://purehqtube.com">Pure HQ Tube</a><br> <span>06.</span><a href="/cgi-bin/at3/out.cgi?id=427&trade=http://lovely-sex-tube.com/">Lovely Sex Tube</a><br> <span&g ...[3646 bytes skipped]... Malicious iFrame found. size: 926x270 src: http://realporntube.com/adw.shtml This URL is marked by Yandex as suspicious <iframe src="http://realporntube.com/adw.shtml" marginheight="0" marginwidth="0" allowtransparency="true" scrolling="no" frameborder="0" style="background-color:transparent" scrolling="no" frameborder="0" width="926" height="270"> Malicious iFrame found. size: 740x100 src: http://realporntube.com/adw1.shtml This URL is marked by Yandex as suspicious <iframe src="http://realporntube.com/adw1.shtml" marginheight="0" marginwidth="0" allowtransparency="true" scrolling="no" frameborder="0" style="background-color:transparent" scrolling="no" frameborder="0" width="740" height="100"> | ||
http://www.realporntube.com/jsa/HP1AbG2lRvbs.js | 200 OK Content-Length: 75 Content-Type: application/x-javascript | clean |
http://www.realporntube.com/cgi-bin/at3/out.cgi?id=338&trade=http://germansextube.net/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 10 Sep 2014 14:07:37 GMT Location: http://germansextube.net/ Server: nginx/1.6.1 Set-Cookie: atexc=338,$#; path=/; | clean |
http://germansextube.net/ | 200 OK Content-Length: 58377 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: realporntube.com <!-- FTT2 -->
<script type='text/javascript'> document.cookie = 'ftt2=YTo2OntzOjI6ImlwIjtpOjEzMTg5ODA1Nzg7czoxOiJmIjtpOjA7czoxOiJzIjtzOjU6Im5vcmVmIjtzOjE6InYiO2E6MDp7fXM6MjoiY2MiO2k6MDtzOjI6ImluIjtpOjE7fQ==; expires=Thursday, 11-Sep-14 10:07:37 UTC; domain=.germansextube.net; path=/'; var ftt2_check = new Image(); var ftt2_random = Math.floor(Math.random( ...[4433 bytes skipped]... | ||
http://ads.juicyads.com/jsclients/jam_min.js | 200 OK Content-Length: 21397 Content-Type: application/x-javascript | clean |
http://ads.juicyads.com/jsclients/jac.js | 200 OK Content-Length: 91344 Content-Type: application/x-javascript | clean |
http://syndication.exoclick.com/splash.php?cat=2&idsite=278856&idzone=866014&login=valerian&type=3 | 200 OK Content-Length: 5826 Content-Type: application/x-javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 6875 Content-Type: text/javascript | clean |
http://www.realporntube.com//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 10 Sep 2014 14:07:41 GMT Location: http://41tube.com/redir.html Server: nginx/1.6.1 Content-Length: 160 Content-Type: text/html | malicious |
http://41tube.com/redir.html | 200 OK Content-Length: 344 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hostednude.com <html> <head> <title>Please wait...</title> <script type="text/javascript"> <!-- window.location = "http://hostednude.com/cgi-bin/at3/out.cgi"; //--> </script> </head> <body bgcolor="#FFFFFF" alink="#0078ff" vlink="#0078ff" link="#0078ff"> Please wait ... or click <a href="http://hostednude.com/cgi-bin/at3/out.cgi">here</a>! </body> </html> | ||
http://41tube.com/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 10 Sep 2014 14:07:41 GMT Location: http://41tube.com/redir.html Server: nginx/1.6.1 Content-Length: 160 Content-Type: text/html | clean |
http://www.realporntube.com/cgi-bin/at3/out.cgi?id=455&trade=http://mywifesex.net/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 10 Sep 2014 14:07:41 GMT Location: http://mywifesex.net/ Server: nginx/1.6.1 Set-Cookie: atexc=455,$#; path=/; | clean |
http://mywifesex.net/ | 200 OK Content-Length: 72098 Content-Type: text/html | clean |
http://syndication.exoclick.com/splash.php?cat=129&idsite=279075&idzone=867071&login=valerian&type=4 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://www.realporntube.com/cgi-bin/at3/out.cgi?id=214&trade=http://www.3rat.com | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 10 Sep 2014 14:07:44 GMT Location: http://www.3rat.com Server: nginx/1.6.1 Set-Cookie: atexc=214,$#; path=/; | malicious |
http://www.3rat.com/ | 200 OK Content-Length: 137869 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: h2porn.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>3 Rat - http://www.3rat.com - Free Porn Tube Videos</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="3rat, 3 Rat, 3rats, 3 rats, porn sex tubes, porn ...[4419 bytes skipped]... | ||
http://www.3rat.com/r/click.php?id=10088&u=%2Ftube%2Fmom.shtml | HTTP/1.1 302 Found Connection: close Date: Wed, 10 Sep 2014 14:07:46 GMT Location: /tube/mom.shtml Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: tgpx_click=10088; expires=Thu, 11-Sep-2014 14:07:46 GMT; path=/ X-Powered-By: PHP/5.4.28 | clean |
http://www.3rat.com/tube/mom.shtml | 200 OK Content-Length: 180873 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: h2porn.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>3 Rat's Free Mom Tubes</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <base target="_blank"> <script type="text/javascript"> <!-- document.cookie='a2r=nore ...[4481 bytes skipped]... | ||
http://www.3rat.com/tube/mom2.shtml | 200 OK Content-Length: 180826 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: h2porn.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>3 Rat's Free Mom Tubes</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <base target="_blank"> <script type="text/javascript"> <!-- document.cookie='a2r=nore ...[4481 bytes skipped]... | ||
http://www.3rat.com/tube/mom3.shtml | 200 OK Content-Length: 183999 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: h2porn.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>3 Rat's Free Mom Tubes</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <base target="_blank"> <script type="text/javascript"> <!-- document.cookie='a2r=nore ...[4481 bytes skipped]... | ||
http://www.3rat.com/tube/mom4.shtml | 200 OK Content-Length: 185462 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: h2porn.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>3 Rat's Free Mom Tubes</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <base target="_blank"> <script type="text/javascript"> <!-- document.cookie='a2r=nore ...[4481 bytes skipped]... |