Scanned pages/files
Request | Server response | Status |
http://gay-tube.ru/ | 200 OK Content-Length: 32164 Content-Type: text/html | clean |
http://gay-tube.ru/wp-content/cache/minify/000000/VYxbDsIwDAQv1MYgDoSMa0LSvEhcKbl9LdQi9W9XM7t3SNzFcpothsB1QKl52UgalE-WTBXFPQ8HoqLADdBjhyaK6JenB_jvput_mKOzOmUTXZpuoN-RF_DtwMaXgIPrFb8x0XjlfkpnNwVp3QE.js | 200 OK Content-Length: 155724 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ; (function(e,t){var n,r,i=typeof t,o=e.location,a=e.document,s=a.documentElement,l=e.jQuery,u=e.$,c={},p=[],f="1.10.2",d=p.concat,h=p.push,g=p.slice,m=p.indexOf,y=c.toString,v=c.hasOwnProperty,b=f.trim,x=function(e,t){return new x.fn.init(e,t,r)},w=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,T=/\S+/g,C=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,k=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,E=/^[\],:{}\s]*$/,S=/(?:^|:|,)(?:\s*\[)+/g,A=/\\(?:["\\\/bfnr Antivirus reports:
| ||
http://giotyo.com/d4fc290970/3fa/9a/b0.js | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://giotyo.com/e7b1/0/0253a8/8e40.js | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://pojulo.com/static/bc.js?p=236307&b=521915 | 200 OK Content-Length: 16604 Content-Type: application/javascript | clean |
http://gay-tube.ru/category/gay-photo/ | 200 OK Content-Length: 32936 Content-Type: text/html | clean |
http://gay-tube.ru/porno_geev_podrostkov/ | 200 OK Content-Length: 12821 Content-Type: text/html | clean |
http://giotyo.com/82s17/5ed1/520175/2e88.js | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://gay-tube.ru/gey_porno_iznasilovanie-2/ | 200 OK Content-Length: 12805 Content-Type: text/html | clean |
http://gay-tube.ru/troynoy_trah_treh_parney/ | 200 OK Content-Length: 12651 Content-Type: text/html | clean |
http://gay-tube.ru/porka_remnem_russkih_soldat/ | 200 OK Content-Length: 13576 Content-Type: text/html | clean |
http://gay-tube.ru/molodoe_gey_porno/ | 200 OK Content-Length: 12841 Content-Type: text/html | clean |
http://gay-tube.ru/tolpa_nasiluet_parnya/ | 200 OK Content-Length: 12805 Content-Type: text/html | clean |
http://gay-tube.ru/domashnee_iznasilovanie/ | 200 OK Content-Length: 12880 Content-Type: text/html | clean |
http://gay-tube.ru/obuchenie_neopytnogo_geya/ | 200 OK Content-Length: 13812 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gay-tube.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 08 Aug 2014 14:52:17 GMT
Server: nginx/1.6.0
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Last-Modified: Fri, 08 Aug 2014 14:02:05 GMT
X-Pingback: http://gay-tube.ru/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: gay-tube.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 08 Aug 2014 14:52:17 GMT
Server: nginx/1.6.0
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Last-Modified: Fri, 08 Aug 2014 14:02:05 GMT
X-Pingback: http://gay-tube.ru/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: gay-tube.ru
Referer: http://www.google.com/search?q=gay-tube.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gay-tube.ru
Referer: http://www.google.com/search?q=gay-tube.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gay-tube.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gay-tube.ru/
Result: gay-tube.ru is not infected or malware details are not published yet.
Result: gay-tube.ru is not infected or malware details are not published yet.