Author Topic: Darkcine.com Script - not enter.  (Read 3927 times)

0 Members and 1 Guest are viewing this topic.

007cool

  • Guest
Darkcine.com Script - not enter.
« on: April 06, 2012, 03:40:50 AM »
Hello I do not speak English, but will try the google translator.

I want to see the source code of that page, do not come here I know I will leave the post, what happens is that my firefox transfers data from this page which sends advertising and cause framerate problems on the computer, I have reviewed the code but I see that this has many suspicious things but I want you to give me their opinion, since I get to the bottom. I hope to help.

Hola no hablo ingles, pero con el google traductor tratare.

Quiero que vean el codigo fuente de esa pagina, no entren yo se los dejare aqui en el post, lo que sucede es que mi firefox transfiere datos desde esa pagina la cual manda publicidad y causa problemas de rendimiendo en la computadora, he revisado el code yo pero veo que este tiene muchas cosas sospechosas pero quiero que ustedes me den su opinion, ya que pienso llegar al fondo. espero ayuda.

I've put in a notebook by its length :
http://www.mediafire.com/?f2phoed8o2218m7

I'll let some screenshots code:
http://img59.imageshack.us/img59/5866/55590808.png

http://img69.imageshack.us/img69/1627/46198237.png

Saludos!


Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Darkcine.com Script - not enter.
« Reply #1 on: April 06, 2012, 02:52:47 PM »
Hi 007cool,

The Darkcine site looks like a site made for advertising purposes only. I find no suspicious elements in the page. You can also see these scanners' reports for more information.
Reputation Scan: http://zulu.zscaler.com/submission/show/275d8789e3fedf93acd73595ed1fa5bf-1333716054
URL Scan: http://urlvoid.com/scan/darkcine.com/
HTML Scan: https://www.virustotal.com/file/718f5fa2662f6b4e3d4c75c848c7821595fb541df4439bebcce7518a4dcd94ad/analysis/1333716388/
Website Review: http://www.webutation.net/go/review/darkside.com#



what happens is that my firefox transfers data from this page which sends advertising and cause framerate problems on the computer

Do you use the AdBlockPlus add-on for firefox? With it, you can block many of the advertisements out on the net.
You can see their site here: http://adblockplus.org

If the site is not in your language:
  • Look at the top corner of the screen and select Settings
  • Another page will open. Select your preferred language from the drop-down menu beside Interface language and click Save Settings
  • You can then browse the site in your language.

« Last Edit: April 06, 2012, 02:56:26 PM by !Donovan »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33571
  • malware fighter
Re: Darkcine.com Script - not enter.
« Reply #2 on: April 06, 2012, 03:29:22 PM »
Hi !Donovan & 007cool,

This is the header I get:
HTTP/1.0 200 OK
Date: Fri, 06 Apr 2012 13:25:05 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "6f-4f3ddd43-0"*   * this is a so-called weak ETag for cache fingerprinting
Last-Modified: Fri, 17 Feb 2012 04:53:23 GMT
Content-Type: text/html
Content-Length: 111

Could only have some tracking issues
The only hick-up in the code I see here: i.media-imdb dot com/images/SF308b30eab7287e7fcec8ce2a760f1555/a/foresee/foresee-trigger.js benign
[nothing detected] (script) i.media-imdb dot com/images/SF308b30eab7287e7fcec8ce2a760f1555/a/foresee/foresee-trigger.js
     status: (referer=www.imdb dot com/title/tt0302297/)saved 49257 bytes 46a9cbe9de5a2332fbf75b02552b321b463b899b
     info: [decodingLevel=0] found JavaScript
     suspicious: The survey pop-ups can be blocked by configuring the Ad Block Plus extension in Mozilla Firefox and Google Chrome browsers to block */foresee-trigger.js
The AS has this data: AS Name: NTT-COMMUNICATIONS-2914 - NTT America, Inc.
IPs allocated: 7669504
Blacklisted URLs: 630

Hosts...
...malicious URLs? Yes 
...badware? Yes 
...botnet C&C servers? Yes 
...Current Events? Yes 

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

aneaaron

  • Guest
Re: Darkcine.com Script - not enter.
« Reply #3 on: April 28, 2012, 04:35:10 AM »
Unistal the complement named "Flash Player ..." this complement (add-on) of firefox is installed in webs like "darkcine.com", they say ist for playing the mivies that they put in their site, and maybe it is, but also install this issue.

Grettings!!