Scanned pages/files
Request | Server response | Status |
http://4-sex.ru/ | 200 OK Content-Length: 78998 Content-Type: text/html | suspicious |
Suspicious code found <div class="head"> <div class="wrap"> <div class="logo_box fl"> <a href="http://4-sex.ru"><img src="http://dkarlov.ru/images/4-sex.png" alt="Ð¡Ð°Ð¹Ñ ÑÐµÐºÑ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑв. ÐнакомÑÑва Ð´Ð»Ñ ÑекÑа и лÑбви. Ðнлайн ÑÐ°Ð¹Ñ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑв 4-SEX.RU" width="222" height="100" border="0" /></a> </div> <!-- ÐÐ»Ñ Ð¸ÐºÐ¾Ð½ÐºÐ¸ показаÑÑ Ð¿Ð°ÑÐ¾Ð»Ñ Ð² </ul> <div class="cb"></div> </div> <div class="cb"></div> <img src="http://engine.mediamir.medialand.ru/code?pid=3090&gid=332&gbo=on&rid=1361966280" width="1" height="1" class="p_abs"> </div> </div> | ||
http://css.loveplanet.ru/3/imgstc/lp14/main.js | 200 OK Content-Length: 12031 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/xforms/js/lpjl-core.min.js | 200 OK Content-Length: 16042 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/xforms/js/lpjl-ui.js | 200 OK Content-Length: 104560 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/lp14/v1.js | 200 OK Content-Length: 4441 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/fw_slideshow2.js | 200 OK Content-Length: 3078 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/exchange_v1d.js?80 | 200 OK Content-Length: 54853 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/lp14/count_rules.js | 200 OK Content-Length: 3069 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/xforms/js/ui/tags-search-control.js | 200 OK Content-Length: 22573 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/lp14/lpjl-code.js | 200 OK Content-Length: 571 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/xforms/js/ui/placeholder.min.js | 200 OK Content-Length: 438 Content-Type: application/x-javascript | clean |
http://4-sex.ru/a-register/ | 200 OK Content-Length: 26814 Content-Type: text/html | suspicious |
Suspicious code found <div class="head"> <div class="wrap"> <div class="logo_box fl"> <a href="http://4-sex.ru"><img src="http://dkarlov.ru/images/4-sex.png" alt="Ð¡Ð°Ð¹Ñ ÑÐµÐºÑ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑв. ÐнакомÑÑва Ð´Ð»Ñ ÑекÑа и лÑбви. Ðнлайн ÑÐ°Ð¹Ñ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑв 4-SEX.RU" width="222" height="100" border="0" /></a> </div> <img src="http://engine.mediamir.medialand.ru/code?pid=3025&gid=332&gbo=on& <div class="bg_white rds5 fr"><a href="/a-logon" class="gbut_grd_blue gnl_but30 w90"><div>ÐойÑи</div></a></div> <div class="cb"></div> </div> <div class="cb"></div> <img src="http://engine.mediamir.medialand.ru/code?pid=3090&gid=332&gbo=on&rid=1361966280" width="1" height="1" class="p_abs"> </div> </div> | ||
http://css.loveplanet.ru/3/imgstc/xforms/js/registr/lpnew-registr.js | 200 OK Content-Length: 3983 Content-Type: application/x-javascript | clean |
http://4-sex.ru/a-conditions/ | 200 OK Content-Length: 57854 Content-Type: text/html | suspicious |
Suspicious code found <div class="head"> <div class="wrap"> <div class="logo_box fl"> <a href="http://4-sex.ru"><img src="http://dkarlov.ru/images/4-sex.png" alt="Ð¡Ð°Ð¹Ñ ÑÐµÐºÑ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑв. ÐнакомÑÑва Ð´Ð»Ñ ÑекÑа и лÑбви. Ðнлайн ÑÐ°Ð¹Ñ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑв 4-SEX.RU" width="222" height="100" border="0" /></a> </div> <!-- ÐÐ»Ñ Ð¸ÐºÐ¾Ð½ÐºÐ¸ показаÑÑ Ð¿Ð°ÑÐ¾Ð»Ñ Ð² </ul> <div class="cb"></div> </div> <div class="cb"></div> <img src="http://engine.mediamir.medialand.ru/code?pid=3090&gid=332&gbo=on&rid=1361966280" width="1" height="1" class="p_abs"> </div> </div> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 4-sex.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 12 Jun 2015 16:37:24 GMT
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Fri, 12 Jun 2015 16:37:24 GMT
Last-Modified: Fri, 12 Jun 2015 16:37:24 GMT
Set-Cookie: split=1%2C12%2C0%3B2%2C10%2C0%3B3%2C11%2C0%3B4%2C8%2C0%3B5%2C4%2C0%3B6%2C5%2C0%3B7%2C7%2C0%3B8%2C6%2C0; path=/; expires=Sun, 12-Jul-2015 16:37:24 GMT; domain=.4-sex.ru
Set-Cookie: domhit1=1434056400; path=/; expires=Sun, 14-Jun-2015 16:37:24 GMT; domain=.4-sex.ru
Set-Cookie: fvisit=1434127044%3B634940; path=/; expires=Sat, 11-Jun-2016 16:37:24 GMT; domain=.4-sex.ru
Set-Cookie: landing_raw=aHR0cDovLzQtc2V4LnJ1L2luZGV4Lmh0bWw%3D; path=/; expires=Sat, 13-Jun-2015 16:37:24 GMT; domain=.4-sex.ru
GET / HTTP/1.1
Host: 4-sex.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 12 Jun 2015 16:37:24 GMT
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Fri, 12 Jun 2015 16:37:24 GMT
Last-Modified: Fri, 12 Jun 2015 16:37:24 GMT
Set-Cookie: split=1%2C12%2C0%3B2%2C10%2C0%3B3%2C11%2C0%3B4%2C8%2C0%3B5%2C4%2C0%3B6%2C5%2C0%3B7%2C7%2C0%3B8%2C6%2C0; path=/; expires=Sun, 12-Jul-2015 16:37:24 GMT; domain=.4-sex.ru
Set-Cookie: domhit1=1434056400; path=/; expires=Sun, 14-Jun-2015 16:37:24 GMT; domain=.4-sex.ru
Set-Cookie: fvisit=1434127044%3B634940; path=/; expires=Sat, 11-Jun-2016 16:37:24 GMT; domain=.4-sex.ru
Set-Cookie: landing_raw=aHR0cDovLzQtc2V4LnJ1L2luZGV4Lmh0bWw%3D; path=/; expires=Sat, 13-Jun-2015 16:37:24 GMT; domain=.4-sex.ru
Second query (visit from search engine):
GET / HTTP/1.1
Host: 4-sex.ru
Referer: http://www.google.com/search?q=4-sex.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 4-sex.ru
Referer: http://www.google.com/search?q=4-sex.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=4-sex.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://4-sex.ru/
Result: 4-sex.ru is not infected or malware details are not published yet.
Result: 4-sex.ru is not infected or malware details are not published yet.