Scanned pages/files
Request | Server response | Status |
http://tokyo2hot.com/ | 200 OK Content-Length: 60121 Content-Type: text/html | clean |
http://static.kinghost.com/kh/head.js | 200 OK Content-Length: 187 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href=\"http://static.kinghost.com/kh/r.php?r=6\">"); document.write("<img src=\"http://static.fleshlight.com/images/banners/fl_468x80.gif\">"); document.write("</a>"); Antivirus reports:
| ||
http://sakuralive.com/dynamicbanner/SLpopup.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:47 GMT Location: http://www.sakuralive.com/dynamicbanner/SLpopup.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/dynamicbanner/slpopup.js | HTTP/1.1 302 Moved Temporarily Date: Sat, 21 Jun 2014 17:34:47 GMT Accept-Ranges: bytes Location: http://www.sakuralive.com/custom404page.html Server: Zeus/4.3 Content-Type: application/x-javascript X-ServerID: web005.dpt | clean |
http://www.sakuralive.com/custom404page.html | HTTP/1.1 200 OK Date: Sat, 21 Jun 2014 17:34:48 GMT Accept-Ranges: bytes Server: Zeus/4.3 Content-Length: 440 Content-Type: text/html Last-Modified: Wed, 02 Oct 2013 15:31:39 GMT X-ServerID: web005.dpt | clean |
http://www.sakuralive.com/index.php | 200 OK Content-Length: 17289 Content-Type: text/html | clean |
http://www.sakuralive.com/../Scripts/swfobject_modified.js | 400 Bad Request Content-Length: 200 Content-Type: text/html | clean |
http://www.sakuralive.com/test404page.js | HTTP/1.1 302 Moved Temporarily Date: Sat, 21 Jun 2014 17:34:50 GMT Accept-Ranges: bytes Location: http://www.sakuralive.com/custom404page.html Server: Zeus/4.3 Content-Type: application/x-javascript X-ServerID: web005.dpt | clean |
http://sakuralive.com/dynamicbanner/Scripts/AC_RunActiveContent.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:50 GMT Location: http://www.sakuralive.com/dynamicbanner/Scripts/AC_RunActiveContent.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/dynamicbanner/scripts/ac_runactivecontent.js | HTTP/1.1 302 Moved Temporarily Date: Sat, 21 Jun 2014 17:34:51 GMT Accept-Ranges: bytes Location: http://www.sakuralive.com/custom404page.html Server: Zeus/4.3 Content-Type: application/x-javascript X-ServerID: web005.dpt | clean |
http://sakuralive.com/js/sl-mod.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:51 GMT Location: http://www.sakuralive.com/js/sl-mod.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/js/sl-mod.js | 200 OK Content-Length: 30626 Content-Type: application/x-javascript | clean |
http://sakuralive.com/js/js_linkz_v3.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:52 GMT Location: http://www.sakuralive.com/js/js_linkz_v3.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/js/js_linkz_v3.js | 200 OK Content-Length: 6456 Content-Type: application/x-javascript | clean |
http://sakuralive.com/langdir.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:54 GMT Location: http://www.sakuralive.com/langdir.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/langdir.js | 200 OK Content-Length: 1858 Content-Type: application/x-javascript | clean |
http://sakuralive.com/js/css_browser_selector.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:55 GMT Location: http://www.sakuralive.com/js/css_browser_selector.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/js/css_browser_selector.js | 200 OK Content-Length: 1157 Content-Type: application/x-javascript | clean |
http://sakuralive.com/urchin.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:56 GMT Location: http://www.sakuralive.com/urchin.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/urchin.js | 200 OK Content-Length: 21414 Content-Type: application/x-javascript | clean |
http://sakuralive.com/dynamicbanner/random_preview.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:57 GMT Location: http://www.sakuralive.com/dynamicbanner/random_preview.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/dynamicbanner/random_preview.js | 200 OK Content-Length: 4308 Content-Type: application/x-javascript | clean |
http://sakuralive.com/dynamicbanner/mypopup.js | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 17:34:58 GMT Location: http://www.sakuralive.com/dynamicbanner/mypopup.js Server: Zeus/4.3 | clean |
http://www.sakuralive.com/dynamicbanner/mypopup.js | 200 OK Content-Length: 546 Content-Type: application/x-javascript | clean |
http://static.kinghost.com/kh/foot.js | 200 OK Content-Length: 197 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href=\"http://static.kinghost.com/kh/go.php?r=5\">"); document.write("<img src=\"http://static.fleshlight.com/images/banners/banner-fleshlight2.gif\">"); document.write("</a>"); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tokyo2hot.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Jun 2014 17:34:52 GMT
Server: Apache/1.3.42
Content-Type: text/html
Last-Modified: Fri, 03 Feb 2012 15:29:22 GMT
X-Powered-BY: ModLayout/2.11.8
GET / HTTP/1.1
Host: tokyo2hot.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Jun 2014 17:34:52 GMT
Server: Apache/1.3.42
Content-Type: text/html
Last-Modified: Fri, 03 Feb 2012 15:29:22 GMT
X-Powered-BY: ModLayout/2.11.8
Second query (visit from search engine):
GET / HTTP/1.1
Host: tokyo2hot.com
Referer: http://www.google.com/search?q=tokyo2hot.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tokyo2hot.com
Referer: http://www.google.com/search?q=tokyo2hot.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tokyo2hot.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tokyo2hot.com/
Result: tokyo2hot.com is not infected or malware details are not published yet.
Result: tokyo2hot.com is not infected or malware details are not published yet.