Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ilovesex.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ilovesex.ru/ | 200 OK Content-Length: 60539 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var isXPSP2 = false; var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; function ext() { if(exit && !NotClick) { exit=false; if(!isXPSP2 && !usePopDialog) { window.open(popURL,"_blank",popWindowOptions); } else if(!isXPSP2 && usePopDialog) ...[697 bytes skipped]... Antivirus reports:
| ||
http://www.ilovesex.ru/my.js | 200 OK Content-Length: 19564 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: onanist.ru ...[2423 bytes skipped]... \" height=\"60\"></object>'; document.write(a[whichQuote]); } function rand_ban_top_ruflash1(){ var whichQuote=get_random(); var a=new Array(1); a[0]='<object classid=\"clsid:D27CDB6E-AE6D-11CF-96B8-444553540000\" id=\"obj1\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0\" border=\"0\" width=\"468\" height=\"60\"><param name=\"movie\" value=\"http://onanist.ru/banners/pornoxxxbest.swf\"> <param name=\"quality\" value=\"High\"> <embed src=\"http://onanist.ru/banners/pornoxxxbest.swf\" pluginspage=\"http://www.macromedia.com/go/getflashplayer\" type=\"application/x-shockwave-flash\" name=\"obj1\" quality=\"High\" width=\"468\" height=\"60\"></object>'; document.write(a[whichQuote]); } function rand_ban_top_runy(){ var whichQuote=get_random(); var a=new Array(1); a[0]='<object classid=\"clsid ...[1126 bytes skipped]... | ||
http://ilovesex.ru/index.php | 200 OK Content-Length: 60539 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var isXPSP2 = false; var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; function ext() { if(exit && !NotClick) { exit=false; if(!isXPSP2 && !usePopDialog) { window.open(popURL,"_blank",popWindowOptions); } else if(!isXPSP2 && usePopDialog) ...[697 bytes skipped]... Antivirus reports:
| ||
http://ilovesex.ru/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ilovesex.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 07:22:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u14
GET / HTTP/1.1
Host: ilovesex.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 07:22:49 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u14
Second query (visit from search engine):
GET / HTTP/1.1
Host: ilovesex.ru
Referer: http://www.google.com/search?q=ilovesex.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ilovesex.ru
Referer: http://www.google.com/search?q=ilovesex.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.