Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=morgensex.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://morgensex.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://morgensex.org/ | 200 OK Content-Length: 34301 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: px.pornorio.com ...[963 bytes skipped]... me="google-site-verification" content="IHw_3-GhZtfFZquhAbekPx0oCr248HP7zxhlZPNrOkw" /> <link rel="stylesheet" href="/media/css/main.css" type="text/css" media="screen" /> <script type="text/javascript" src="http://s1x.slimtrade.com/s2621.js"></script> <script type="text/javascript" src="/media/js/global.js"></script> <script type="text/javascript" src="http://px.pornorio.com/paref.js?s=2621"></script> <script type="text/javascript">var STRADE_ID=2621;var STRADE_GALLERY=50;var SRADE_OUT;var stLinkNoFollow=true;var stNewWindow=true;</script> </head> <body onunload="anti();"> <div id="wrapper"> <div id="header"> <div class="rhead"> <ul class="topmenu"> <li class="active"><a href="http://morgensex.org" cl ...[2818 bytes skipped]... | ||
http://s1x.slimtrade.com/s2621.js | 200 OK Content-Length: 9599 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: badjojo-porno.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e p=z R("3B 3C 3D (3)","3A 3z (2)","3v 3w (0)","3x 3y (0)","3E 3F (0)","3L 3M (0)","3N 3K (0)","3J 3G 3H 3I (0)");e B=z R("i://3u.k","i://3t-3g.k","i://3h.k","i://3i-3f.3e","i://3a-3b.k","i://3c-3d.k","i://3j-3k.k","i://3q-3r-3s.k");e S=z R ...[3573 bytes skipped]... Decoded script: var stTrName=new Array("Family Berg Sex (3)","Badjojo Porno (2)","Kind Movies (0)","Mutter Tochter (0)","Xhamster Italia (0)","Xtube Pornos (0)","Xvideo Deutsch (0)","Young And Old Incest (0)");var stTrUrl=new Array("http://bergsex.com","http://badjojo-porno.com","http://kindmovies.com","http://mutter-tochter.net","http://xhamster-italia.com","http://xtube-pornos.com","http://xvideo-deutsch.com","http://young-and-old.com");var stTrValues=new Array("23,25,24","59,10,8","9,8,7","8,6,4","5,5,1","7,8,1","3,0,0","5,1,0","51,80,66","248,246,44","73,89,44","13,48,36","15,32,19","85,102,13","24,31,7","16,43,3","3,18,3","2,23,1","11,55,0","69,32,0","4,45,0","113,104,172","18,63,76","45,59,72","31,48,50" ...[17563 bytes skipped]... | ||
http://morgensex.org/media/js/global.js | 200 OK Content-Length: 107423 Content-Type: application/javascript | clean |
http://px.pornorio.com/paref.js?s=2621 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://px.pornorio.com/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://adspaces.ero-advertising.com/adspace/199541.js | 200 OK Content-Length: 1545 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/199542.js | 200 OK Content-Length: 1286 Content-Type: application/javascript | clean |
http://spaces.slimspots.com/slimspace/345.js | 200 OK Content-Length: 44 Content-Type: text/html | clean |
http://spaces.slimspots.com/slimspace/154.js | 200 OK Content-Length: 2902 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: morgensex.org
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 23:27:24 GMT
Pragma: no-cache
Server: lighttpd/1.4.31
Content-Type: text/html
Expires: Mon, 20 Oct 2014 23:27:23 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=hpbamvcu03trdiavcr6deodi65; path=/
Set-Cookie: ck=1; expires=Tue, 15-Sep-2015 23:27:24 GMT; path=/; domain=morgensex.org
X-Powered-By: PHP/5.4.4-14
GET / HTTP/1.1
Host: morgensex.org
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 23:27:24 GMT
Pragma: no-cache
Server: lighttpd/1.4.31
Content-Type: text/html
Expires: Mon, 20 Oct 2014 23:27:23 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=hpbamvcu03trdiavcr6deodi65; path=/
Set-Cookie: ck=1; expires=Tue, 15-Sep-2015 23:27:24 GMT; path=/; domain=morgensex.org
X-Powered-By: PHP/5.4.4-14
Second query (visit from search engine):
GET / HTTP/1.1
Host: morgensex.org
Referer: http://www.google.com/search?q=morgensex.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: morgensex.org
Referer: http://www.google.com/search?q=morgensex.org
Result:
The result is similar to the first query. There are no suspicious redirects found.