Scanned pages/files
Request | Server response | Status |
http://fucking.moy.su/ | 200 OK Content-Length: 73961 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[2060 bytes skipped]... iv|getElementById|AdBlock|width|if|body|color|ru|height||is_ru||000||100|solid|20px|navigator|xd|zd|text_detected|stop|E3E3E3|backgroundImage|gradient|bottom|background|linear|FAFAFA|to|zIndex|false|detected|fixed|200px|border|position|undefined|parentNode|removeChild|has|else|15px|fontSize|padding|lang|text_detected_title|none|uk|src|ShowAdbblock|innerHTML|opacity|display|id|300|adserver|adzone|ad_height|banner|block|adhandler|php|index|52mp|iframe|ads|img|jpg|everything|in|your|browser|Please|been|default|UA|uk_UA|RU|ru_UA|turn|adType|this|site|offer|language|userLanguage|experience|it|off|switch|browserLanguage|marginTop|333333|lineHeight|11px|9px|webkit|moz|borderTopLeftRadius|32|borderTopRightRadius|MozBorderTopRightRadius|borderBottom|EAEAEA|className|visibility|hidden|clientHeight|indexOf|CCCCCC|16px|fontWeight|bold|borderTop|MozBorderRadius|MozBorderTopLeftRadius|100000|filter|borderRadius|70|right|500|1951px|1052px|setTim ...[99 bytes skipped]... Decoded script: ...[319 bytes skipped]... доÑÑÑпа к конÑенÑÑ ÑайÑа оÑклÑÑиÑе, пожалÑйÑÑа, блокиÑовÑики ÑекламÑ, по ÑÐ¸Ð¿Ñ AdBlock.':'AdBlock has been detected in your browser. Please turn it off to experience everything this site has to offer.'}function text_detected_title(){return is_ru()?'ÐбнаÑÑжен AdBlock.':'AdBlock detected.'}var v=false;var z=undefined;var x=undefined;function k(){z=document.createElement('iframe');x=document.createElement('img');z.id='zd';z.src='/52mp/index.php/adhandler/';z.style.display='block';z.style.border='none';x.id='xd';x.src='/ads/banner.jpg?ad_height=300&adzone=100&adserver=1&adType=32';x.style.width=z.style.width='1px';x.style.height=z.style.height='1px';x.style.top=z.style.top='-1951px';x.style.left=z.style.left='-1052px';document.body.appendChild(z);document.body.appendChild(x);setTimeout(h,500)}function ShowAdbblock(){var overlay=document.createEleme ...[5757 bytes skipped]... | ||
http://fucking.moy.su//vk.com/js/api/openapi.js/ | 503 Service Temporarily Unavailable Content-Length: 2718 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: text/javascript | clean |
http://fucking.moy.su/.serr/js/core.js | 200 OK Content-Length: 414 Content-Type: text/javascript | clean |
http://fucking.moy.su/test404page.js | 503 Service Temporarily Unavailable Content-Length: 2718 Content-Type: text/html | clean |
http://buytraf.ru/code/bodyclick.php?id=1120 | 200 OK Content-Length: 155 Content-Type: text/html | clean |
http://buytraf.ru/code/popup.php?id=1120 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://contactsin.ru/68sb0msho9n7mmdgzrllp013ejeo0t3p | 200 OK Content-Length: 9604 Content-Type: text/javascript | clean |
http://s86.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s86.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s86.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s86.ucoz.net/src/entriesList.js | 200 OK Content-Length: 639 Content-Type: text/javascript | clean |
http://s86.ucoz.net/src/video_gfunc.js | 200 OK Content-Length: 2844 Content-Type: text/javascript | clean |
http://advertom.com/54z54/02f7/c0a.js | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://mediacot.com/static/tds.js | 200 OK Content-Length: 18750 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fucking.moy.su
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Oct 2014 06:15:53 GMT
Server: uServ/3.2.2
Content-Length: 73961
Content-Type: text/html; charset=UTF-8
...73961 bytes of data.
GET / HTTP/1.1
Host: fucking.moy.su
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Oct 2014 06:15:53 GMT
Server: uServ/3.2.2
Content-Length: 73961
Content-Type: text/html; charset=UTF-8
...73961 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fucking.moy.su
Referer: http://www.google.com/search?q=fucking.moy.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fucking.moy.su
Referer: http://www.google.com/search?q=fucking.moy.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fucking.moy.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fucking.moy.su/
Result: fucking.moy.su is not infected or malware details are not published yet.
Result: fucking.moy.su is not infected or malware details are not published yet.