Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxxstarfree.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xxxstarfree.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://xxxstarfree.com/ | 200 OK Content-Length: 37812 Content-Type: text/html | clean |
http://xxxstarfree.com/engine/classes/js/jquery.js | 200 OK Content-Length: 91340 Content-Type: application/x-javascript | clean |
http://xxxstarfree.com/engine/classes/js/jqueryui.js | 200 OK Content-Length: 64578 Content-Type: application/x-javascript | clean |
http://xxxstarfree.com/engine/classes/js/dle_js.js | 200 OK Content-Length: 16095 Content-Type: application/x-javascript | clean |
http://manuelu.com/35kc533d/36f1/35/fa/8/a1 | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://readme.ru/informer/29571.js | 200 OK Content-Length: 6133 Content-Type: application/x-javascript | clean |
http://www.xxx-news.su/user/1303/xxxstarfree.com_inf_4.php | 200 OK Content-Length: 1840 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: xxxstarfree.com var traff_style_photo = document.getElementById('xxxstarfree.com_nas_4_xxx_news'); if(traff_style_photo)traff_style_photo.innerHTML='<center><table cellspacing=3 width=95% style="border: 0px solid #6D126A;"><td align=center style="padding: 4px; border: 1px dashed #6D126A;" valign=top width=31.666666666667%><a href=http://www.xxx-news.su/go_slin.php?id=35322&sour=1303 target=_blank><img src=http://www.xxx-news.su/img/287850482.jpg style= "width: 80px; border: 1px sol ...[1566 bytes skipped]... | ||
http://www.xxx-news.su/go_slin.php?id=35322&sour=1303 | HTTP/1.1 302 Found Connection: close Date: Fri, 03 Oct 2014 02:09:27 GMT Location: /go_news.php?id=1303&news=35322&f= Server: nginx/1.1.19 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.10-1ubuntu3.14 | clean |
http://www.xxx-news.su/go_news.php?id=1303&news=35322&f= | 200 OK Content-Length: 70179 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: v2mlyellow.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251" /> <title>Ñàìîå ïîïóëÿðíûå íîâîñòè - XXX-NEWS.Su</title> <script type="text/javascript" src="http://v2mlyellow.com/?acc=20448&waponly=yes&zona=0&landing=xcust"></script> <SCRIPT LANGUAGE="JavaScript"> <!-- IMAGE01 = "images/logo_2_1.gif" IMAGE02 = "images/logo_2.gif" IMAGE03 = "images/i_informer_1.gif" IMAGE04 = "images/i_informer.gif" IMAGE05 = "images/i_add_site_1.gif" IMAGE06 = "images/i_add_site.gif" IMAGE07 = "images/i_mail_1.gif" IMAGE08 = "images/i_mail.gif" IMAGE09 = "im ...[3927 bytes skipped]... | ||
http://v2mlyellow.com/?acc=20448&waponly=yes&zona=0&landing=xcust | 200 OK Content-Length: 114 Content-Type: text/html | clean |
http://v2mlyellow.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.8.3.min.js | 200 OK Content-Length: 93636 Content-Type: application/x-javascript | clean |
http://herefegedef.net/viewt.js | 200 OK Content-Length: 20987 Content-Type: application/x-javascript | clean |
http://mopilod.com/static/tds.js | 200 OK Content-Length: 18750 Content-Type: application/javascript | clean |
http://www.xxx-news.su/go_slin.php?id=35409&sour=1303 | HTTP/1.1 302 Found Connection: close Date: Fri, 03 Oct 2014 02:09:31 GMT Location: /go_news.php?id=1303&news=35409&f= Server: nginx/1.1.19 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.10-1ubuntu3.14 | clean |
http://www.xxx-news.su/go_news.php?id=1303&news=35409&f= | 200 OK Content-Length: 70166 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: v2mlyellow.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251" /> <title>Ñàìîå ïîïóëÿðíûå íîâîñòè - XXX-NEWS.Su</title> <script type="text/javascript" src="http://v2mlyellow.com/?acc=20448&waponly=yes&zona=0&landing=xcust"></script> <SCRIPT LANGUAGE="JavaScript"> <!-- IMAGE01 = "images/logo_2_1.gif" IMAGE02 = "images/logo_2.gif" IMAGE03 = "images/i_informer_1.gif" IMAGE04 = "images/i_informer.gif" IMAGE05 = "images/i_add_site_1.gif" IMAGE06 = "images/i_add_site.gif" IMAGE07 = "images/i_mail_1.gif" IMAGE08 = "images/i_mail.gif" IMAGE09 = "im ...[3927 bytes skipped]... | ||
http://www.xxx-news.su/ | 200 OK Content-Length: 36862 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: v2mlyellow.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251" /> <title>Âñå ñ åæåäíåâíûì îáíîâëåíèåì - XXX-NEWS.Su</title> <script type="text/javascript" src="http://v2mlyellow.com/?acc=20448&waponly=yes&zona=0&landing=xcust"></script> <SCRIPT LANGUAGE="JavaScript"> <!-- IMAGE01 = "images/logo_2_1.gif" IMAGE02 = "images/logo_2.gif" IMAGE03 = "images/i_informer_1.gif" IMAGE04 = "images/i_informer.gif" IMAGE05 = "images/i_add_site_1.gif" IMAGE06 = "images/i_add_site.gif" IMAGE07 = "images/i_mail_1.gif" IMAGE08 = "images/i_mail.gif" IMAGE09 = "im ...[3923 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxxstarfree.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Oct 2014 02:09:55 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=Windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=bf4b20e61a3ce1c2b9baf5f30df9cff5; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 03-Oct-2013 02:09:54 GMT; path=/; domain=.xxxstarfree.com; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 03-Oct-2013 02:09:54 GMT; path=/; domain=.xxxstarfree.com; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 03-Oct-2013 02:09:54 GMT; path=/; domain=.xxxstarfree.com; httponly
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: xxxstarfree.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Oct 2014 02:09:55 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=Windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=bf4b20e61a3ce1c2b9baf5f30df9cff5; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 03-Oct-2013 02:09:54 GMT; path=/; domain=.xxxstarfree.com; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 03-Oct-2013 02:09:54 GMT; path=/; domain=.xxxstarfree.com; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 03-Oct-2013 02:09:54 GMT; path=/; domain=.xxxstarfree.com; httponly
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxxstarfree.com
Referer: http://www.google.com/search?q=xxxstarfree.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxxstarfree.com
Referer: http://www.google.com/search?q=xxxstarfree.com
Result:
The result is similar to the first query. There are no suspicious redirects found.