Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=verbotten-geil.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://verbotten-geil.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://verbotten-geil.com/ | 200 OK Content-Length: 59090 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: px.pornorio.com ...[1072 bytes skipped]... <meta name="ero_verify" content="ad9d8bcca289a41b65a6707c4f4859ff" /> <link rel="stylesheet" href="/media/css/main.css" type="text/css" media="screen" /> <script type="text/javascript" src="http://s1x.slimtrade.com/s3110.js"></script> <script type="text/javascript" src="/media/js/global.js"></script> <script type="text/javascript" src="http://px.pornorio.com/paref.js?s=3110"></script> <script type="text/javascript">var STRADE_ID=3110;var STRADE_GALLERY=50;var SRADE_OUT;var stLinkNoFollow=true;var stNewWindow=true;</script> </head> <body onunload="anti();"> <div id="wrapper"> <div id="header"> <div id="header_top_menu"> <div class="sorting"> <a onmouseover="surl(this, 100);" onmo ...[2605 bytes skipped]... | ||
http://s1x.slimtrade.com/s3110.js | 200 OK Content-Length: 4470 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: porniversum.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e l=B I("2s 2r 2q 2p (0)","2t (0)","2u 2y (0)","2x 2w (0)");e q=B I("m://2v.2o","m://2n.z","m://2g-2f.z","m://2e-2d.z");e N=B I("2,0,0","9,0,0","3,0,0","4,0,0","4,0,0","4,0,0","1,0,0","3,0,0","3,0,0","1,0,0","1,0,0","1,0,0","2,0,0","1,0,0" ...[4033 bytes skipped]... Decoded script: var stTrName=new Array("Deutsche mutter und sohn (0)","Pornofilme (0)","Xtube Porno (0)","Xvideo Deutsch (0)");var stTrUrl=new Array("http://momsandsons.eu","http://porniversum.com","http://xtube-porno.com","http://xvideo-deutsch.com");var stTrValues=new Array("2,0,0","9,0,0","3,0,0","4,0,0","4,0,0","4,0,0","1,0,0","3,0,0","3,0,0","1,0,0","1,0,0","1,0,0","2,0,0","1,0,0","1,0,0","17,0,0","4,0,0","10,0,0","4,0,0","2,0,0","2,0,0","2,0,0","2,0,0","1,0,0","1,0,0","1,0,0","4575,14905,11314","3426,14719,9728","3478,11770,5347","1624,11156,5074","1200,6766,3100","1592,8700,2855","1011,6237,2601","845,5845,2146","372,4811,1 ...[8164 bytes skipped]... | ||
http://verbotten-geil.com/media/js/global.js | 200 OK Content-Length: 107423 Content-Type: application/javascript | clean |
http://px.pornorio.com/paref.js?s=3110 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://px.pornorio.com/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://spaces.slimspots.com/slimspace/197.js | 200 OK Content-Length: 1340 Content-Type: text/javascript | clean |
http://adspaces.ero-advertising.com/adspace/209810.js | 200 OK Content-Length: 1281 Content-Type: application/javascript | clean |
http://spaces.slimspots.com/slimspace/360.js | 200 OK Content-Length: 44 Content-Type: text/html | clean |
http://spaces.slimspots.com/slimspace/199.js | 200 OK Content-Length: 2903 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: verbotten-geil.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 21 Sep 2014 05:19:28 GMT
Pragma: no-cache
Server: lighttpd/1.4.31
Content-Type: text/html
Expires: Tue, 21 Oct 2014 05:19:28 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=4sdmf4l45mi2n5n2nltoload06; path=/
Set-Cookie: ck=1; expires=Wed, 16-Sep-2015 05:19:28 GMT; path=/; domain=verbotten-geil.com
X-Powered-By: PHP/5.4.4-14
GET / HTTP/1.1
Host: verbotten-geil.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 21 Sep 2014 05:19:28 GMT
Pragma: no-cache
Server: lighttpd/1.4.31
Content-Type: text/html
Expires: Tue, 21 Oct 2014 05:19:28 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=4sdmf4l45mi2n5n2nltoload06; path=/
Set-Cookie: ck=1; expires=Wed, 16-Sep-2015 05:19:28 GMT; path=/; domain=verbotten-geil.com
X-Powered-By: PHP/5.4.4-14
Second query (visit from search engine):
GET / HTTP/1.1
Host: verbotten-geil.com
Referer: http://www.google.com/search?q=verbotten-geil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: verbotten-geil.com
Referer: http://www.google.com/search?q=verbotten-geil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.