Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stocking-tease.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stocking-tease.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.stocking-tease.com/ | 200 OK Content-Length: 300213 Content-Type: text/html | clean |
http://assetfiles.com/js/jquery-1.9.1.min.js | 200 OK Content-Length: 92629 Content-Type: application/x-javascript | clean |
http://assetfiles.com/js/fancybox-2.1.4/jquery.fancybox.pack.js?v=2.1.4 | 200 OK Content-Length: 22595 Content-Type: application/x-javascript | clean |
http://www.stocking-tease.com/search/?rs=1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 11 Sep 2014 13:08:35 GMT Via: 1.1 varnish Age: 0 Location: http://www.stocking-tease.com/new/p/ Server: Apache Content-Type: text/html; charset=iso-8859-1 X-Varnish: 1034089369 | clean |
http://www.stocking-tease.com/new/p/ | 200 OK Content-Length: 301322 Content-Type: text/html | clean |
http://www.stocking-tease.com/search/ | 200 OK Content-Length: 301338 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.pornicom.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Popular Pictures Porn Pics on Stocking-Tease.com</title> <meta name="description" content="Looking for Popular Pictures Porn Pictures? Then you've hit the right page! St ...[4044 bytes skipped]... | ||
http://www.stocking-tease.com/cgi-bin/atx/out.cgi | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:39 GMT Via: 1.1 varnish Age: 0 Location: http://www.milkmanbook.com Server: Apache Content-Type: text/html; charset=iso-8859-1 Set-Cookie: atref=nocookie$$; path=/; Set-Cookie: atexc=0,1,2,3,4,5,6,7,35,$$; path=/; X-Varnish: 1034089707 | clean |
http://www.milkmanbook.com/ | 200 OK Content-Length: 300161 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.stocking-tease.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Milkman's Book - Quality Free Sex Galleries Since 12 Years</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta ...[4309 bytes skipped]... | ||
http://www.milkmanbook.com/cgi-bin/a2/out.cgi?s=100&l=exit&u=http://www.1.fm | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:41 GMT Location: http://www.1.fm Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.1.fm/ | 200 OK Content-Length: 62265 Content-Type: text/html | clean |
http://www.1.fm/Scripts/bundl?v=YJRwchORb-jyK9YU7SVEO0yOeVjS6YyrxCM3a9o7Ra41 | 200 OK Content-Length: 300532 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function internal_com_adswizz_synchro_decorateUrl(n,t){var r="",i,u,f;if(_url=n.replace("http://",""),r=_url.indexOf("/")==-1?"/;?":_url.lastIndexOf("/")==_url.length-1?";?":_url.indexOf("?")!=-1?"&":"?",n+=r+"listenerid="+com_adswizz_synchro_getListnerId(),i=this.com_adswizz_synchro_tags,i||(i={}),t&&(i.companionAds=!0),com_adswizz_synchro_getTags(i)!=""){n+="&awparams=",u=!0;for(f in i)u||(n+=escape(";")),n+=escape(f+":"+i[f]),u=!1}return n}function com_adswizz_synchro_decorate Antivirus reports:
| ||
http://www.milkmanbook.com/Scripts/shareee/jquery.sharrre-1.3.4.min.js | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:43 GMT Location: http://www.milkmanbook.com/error/404.html Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.milkmanbook.com/error/404.html | 200 OK Content-Length: 2133 Content-Type: text/html | clean |
http://www.milkmanbook.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:43 GMT Location: http://www.milkmanbook.com/error/404.html Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.milkmanbook.com/Scripts/nanoscroller/jquery.nanoscroller.min.js | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:44 GMT Location: http://www.milkmanbook.com/error/404.html Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.milkmanbook.com/Scripts/bund/dualslider/scripts/jquery.dualSlider.0.3.js | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:44 GMT Location: http://www.milkmanbook.com/error/404.html Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.milkmanbook.com/Scripts/bund/dualslider/scripts/jquery.timers-1.2.js | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:44 GMT Location: http://www.milkmanbook.com/error/404.html Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
http://w.sharethis.com/button/buttons.js | 200 OK Content-Length: 144141 Content-Type: application/x-javascript | clean |
http://www.1.fm/scripts/fmplayer/swfobject.js | 200 OK Content-Length: 26351 Content-Type: application/x-javascript | clean |
http://www.milkmanbook.com/Scripts/bundonefm?v=AgRVJXuKb_6WTBBb4FP2gEa0YmdquTUKsfDm1J25F441 | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:45 GMT Location: http://www.milkmanbook.com/error/404.html Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 PHP/4.4.9 with Suhosin-Patch Content-Type: text/html; charset=iso-8859-1 | clean |
https://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 163703 Content-Type: application/x-javascript | clean |
http://www.stocking-tease.com/cgi-bin/a2/out.cgi?id=18&l=BT-TOP&u=http://www.bookthumbs.com | 404 Not Found Content-Length: 300213 Content-Type: text/html | clean |
http://www.stocking-tease.com/cgi-bin/atx/out.cgi?id=34&trade=http://www.xnxx.com/ | HTTP/1.1 302 Found Connection: close Date: Thu, 11 Sep 2014 13:08:47 GMT Via: 1.1 varnish Age: 0 Location: http://www.xnxx.com/ Server: Apache Content-Type: text/html; charset=iso-8859-1 Set-Cookie: atexc=0,1,2,3,4,5,6,7,34,$$; path=/; X-Varnish: 1034090422 | clean |
http://www.xnxx.com/ | 200 OK Content-Length: 59944 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.el-ladies.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="verify-v1" content="8+tZZa8qv7Nv/4933aj3/EU0LYuRowvA/IJwmr9IwdU=" /> <meta name=description content="XNXX delivers free sex movies and fast free porn videos (tube porn). Now 1 million+ sex vids avai ...[4152 bytes skipped]... | ||
http://static.xvideos.com/vote/displayFlash.js | 200 OK Content-Length: 11622 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stocking-tease.com
Result:
GET / HTTP/1.1
Host: stocking-tease.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: stocking-tease.com
Referer: http://www.google.com/search?q=stocking-tease.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stocking-tease.com
Referer: http://www.google.com/search?q=stocking-tease.com
Result:
The result is similar to the first query. There are no suspicious redirects found.