Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=upskirt.new-tops.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: upskirt.new-tops.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 May 2014 03:45:06 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Set-Cookie: bhit=0; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: intm=1401248706; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: refer=noref; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: noref=visited; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: page=main; expires=Fri, 30-May-2014 03:45:06 GMT
X-Powered-By: PHP/5.2.11
GET / HTTP/1.1
Host: upskirt.new-tops.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 May 2014 03:45:06 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Set-Cookie: bhit=0; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: intm=1401248706; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: refer=noref; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: noref=visited; expires=Fri, 30-May-2014 03:45:06 GMT
Set-Cookie: page=main; expires=Fri, 30-May-2014 03:45:06 GMT
X-Powered-By: PHP/5.2.11
Second query (visit from search engine):
GET / HTTP/1.1
Host: upskirt.new-tops.com
Referer: http://www.google.com/search?q=upskirt.new-tops.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: upskirt.new-tops.com
Referer: http://www.google.com/search?q=upskirt.new-tops.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://upskirt.new-tops.com/ | 200 OK Content-Length: 98971 Content-Type: text/html | clean |
http://upskirt.new-tops.com/go.php?link=~2&ref=gwendyat | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:06 GMT Location: http://www.gwendy.at Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html Set-Cookie: clicks=1; expires=Fri, 30-May-2014 03:45:06 GMT Set-Cookie: gwendyat=visited; expires=Fri, 30-May-2014 03:45:06 GMT Set-Cookie: ctime=1401248706; expires=Fri, 30-May-2014 03:45:06 GMT X-Powered-By: PHP/5.2.11 | clean |
http://www.gwendy.at/ | 200 OK Content-Length: 8621 Content-Type: text/html | clean |
http://www.gwendy.at/slideshow/interval_handle.js | 200 OK Content-Length: 1518 Content-Type: text/x-js | clean |
http://www.gwendy.at/test404page.js | 404 Not Found Content-Length: 1031 Content-Type: text/html | clean |
http://upskirt.new-tops.com/slideshow/rotating_picture.js | 404 Not Found Content-Length: 418 Content-Type: text/html | clean |
http://upskirt.new-tops.com/slideshow/rollover.js | 404 Not Found Content-Length: 410 Content-Type: text/html | clean |
http://www.6counter.de/stat.php?id=flashing | 200 OK Content-Length: 330 Content-Type: text/html | clean |
http://upskirt.new-tops.com/go.php?link=~3&ref=aboutsexxxcom | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:08 GMT Location: http://aboutsexxx.com/cgi-bin/in.cgi?id=4454 Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html Set-Cookie: clicks=1; expires=Fri, 30-May-2014 03:45:08 GMT Set-Cookie: aboutsexxxcom=visited; expires=Fri, 30-May-2014 03:45:08 GMT Set-Cookie: ctime=1401248708; expires=Fri, 30-May-2014 03:45:08 GMT X-Powered-By: PHP/5.2.11 | clean |
http://aboutsexxx.com/cgi-bin/in.cgi?id=4454 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 May 2014 03:45:09 GMT Location: http://www.aboutsexxx.com/upskirt/index.html?4454 Server: Apache/1.3.41 (Unix) Content-Type: text/plain Set-Cookie: amem=4454; Expires=Wednesday, 28-May-14 3:55:09 GMT; domain=aboutsexxx.com Set-Cookie: mem-4454=-; Expires=Thursday, 29-May-14 3:45:09 GMT; domain=aboutsexxx.com Set-Cookie: mem=4454; domain=aboutsexxx.com Set-Cookie: ses=xuyz2yRdx7; domain=aboutsexxx.com Set-Cookie: d=10055213; domain=aboutsexxx.com | clean |
http://www.aboutsexxx.com/upskirt/index.html?4454 | 200 OK Content-Length: 20215 Content-Type: text/html | clean |
http://www.aboutsexxx.com/amateur/index.html | 200 OK Content-Length: 25275 Content-Type: text/html | clean |
http://www.aboutsexxx.com/amateur/../cgi-bin/out.cgi?ses=bhSqngtwOk&id=3290&url=http://www.crueltrainer.com | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:11 GMT Location: http://www.crueltrainer.com Server: Apache/1.3.41 (Unix) Content-Type: text/html; charset=iso-8859-1 Set-Cookie: ses=SmartSessss; domain=aboutsexxx.com | clean |
http://www.crueltrainer.com/ | 200 OK Content-Length: 110736 Content-Type: text/html | clean |
http://click.kink.com/click/script.js?co=NDIy | 200 OK Content-Length: 406 Content-Type: text/javascript | clean |
http://www.aboutsexxx.com/amateur/../cgi-bin/out.cgi?ses=bhSqngtwOk&id=3290&url=http://out.php | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:16 GMT Location: http://out.php Server: Apache/1.3.41 (Unix) Content-Type: text/html; charset=iso-8859-1 Set-Cookie: ses=SmartSessss; domain=aboutsexxx.com X-Pad: avoid browser bug | clean |
http://out.php/ | 500 Can't connect to out.php:80 (Bad hostname) Content-Length: 146 Content-Type: text/plain | clean |
http://www.aboutsexxx.com/amateur/../cgi-bin/out.cgi?ses=bhSqngtwOk&id=3290&url=http://stream/rotator/out.php?l=0.4.0.18709.475947&u=../../out.php?url=http%3A%2F%2Fpromo.thetrainingofo.com%2Fg%2F2393%3Arevshare%2F12432%2Fm%2F15%2Fh%2F | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:16 GMT Location: http://stream/rotator/out.php?l=0.4.0.18709.475947&u=../../out.php?url=http://promo.thetrainingofo.com/g/2393:revshare/12432/m/15/h/ Server: Apache/1.3.41 (Unix) Content-Type: text/html; charset=iso-8859-1 Set-Cookie: ses=SmartSessss; domain=aboutsexxx.com | clean |
http://stream/rotator/out.php?l=0.4.0.18709.475947&u=../../out.php?url=http://promo.thetrainingofo.com/g/2393:revshare/12432/m/15/h/ | 500 Can't connect to stream:80 (Bad hostname) Content-Length: 144 Content-Type: text/plain | clean |
http://www.aboutsexxx.com/amateur/../cgi-bin/out.cgi?ses=bhSqngtwOk&id=3290&url=http://stream/rotator/out.php?l=0.4.1.10498.394366&u=../../out.php?url=http%3A%2F%2Fwww.paincash.com%2Fpages%2Ffhg_ww%2Fgals%2Fwwfhg412%2F72b5e5fbb9ff4891be729f8673e37a23.htm | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:17 GMT Location: http://stream/rotator/out.php?l=0.4.1.10498.394366&u=../../out.php?url=http://www.paincash.com/pages/fhg_ww/gals/wwfhg412/72b5e5fbb9ff4891be729f8673e37a23.htm Server: Apache/1.3.41 (Unix) Content-Type: text/html; charset=iso-8859-1 Set-Cookie: ses=SmartSessss; domain=aboutsexxx.com | clean |
http://stream/rotator/out.php?l=0.4.1.10498.394366&u=../../out.php?url=http://www.paincash.com/pages/fhg_ww/gals/wwfhg412/72b5e5fbb9ff4891be729f8673e37a23.htm | 500 Can't connect to stream:80 (Bad hostname) Content-Length: 144 Content-Type: text/plain | clean |
http://www.aboutsexxx.com/amateur/../cgi-bin/out.cgi?ses=bhSqngtwOk&id=3290&url=http://stream/rotator/out.php?l=0.4.2.12217.336672&u=../../out.php?url=http%3A%2F%2Fwww.spankingdollars.com%2Fhgv2%2Fhostedgallery.php%3Fsite%3D20846%26type%3Dphoto%26gal%3D0141%26tpl%3Drandom%26affid%3D42657 | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 03:45:17 GMT Location: http://stream/rotator/out.php?l=0.4.2.12217.336672&u=../../out.php?url=http://www.spankingdollars.com/hgv2/hostedgallery.php?site=20846&type=photo&gal=0141&tpl=random&affid=42657 Server: Apache/1.3.41 (Unix) Content-Type: text/html; charset=iso-8859-1 Set-Cookie: ses=SmartSessss; domain=aboutsexxx.com | clean |
http://stream/rotator/out.php?l=0.4.2.12217.336672&u=../../out.php?url=http://www.spankingdollars.com/hgv2/hostedgallery.php?site=20846&type=photo&gal=0141&tpl=random&affid=42657 | 500 Can't connect to stream:80 (Bad hostname) Content-Length: 144 Content-Type: text/plain | clean |