Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.s3exy.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.s3exy.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 27 Sep 2014 11:03:01 GMT Location: http://ivsenaidu.ru/?q=www.s3exy.com Server: Apache/2.2.22 (@RELEASE@) Content-Length: 10 Content-Type: text/html X-Powered-By: PHP/5.3.3 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.s3exy.com/ | 200 OK Content-Length: 62031 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3771 bytes skipped]... | ||
http://s1.slimtrade.com/s6930.js | 200 OK Content-Length: 46141 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: salaespecial.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e 1s=2l 4g("9z-9y.5k (37)","9x.5p (2)","9w.eu (2)","9A.H (2)","9B.4V (0)","9E.O (0)","9D.H (0)","9C-9v.O (0)","9u.H (0)","9n.O (0)","9m.O (0)","9l.O (0)","9k.9o.H (0)");e 1U=2l 4g("j://9p-9t.5k","j://9s.5p","j://9r.eu","j://4a.9q.H","j://4a ...[3549 bytes skipped]... Decoded script: var stTrName=new Array("xHamster-Porn.info (37)","NudeArtGirls.org (2)","PornFiles.eu (2)","salaespecial.com (2)","Latouffe.fr (0)","ThePornList.net (0)","SexCollegeTube.com (0)","Sex-Extreme.net (0)","SafeFreePornSites.com (0)","Querverweis.net (0)","PornoRoulette.net (0)","Porn4AllFreaks.net (0)","XXX.HDPornoSites.com (0)");var stTrUrl=new Array("http://xhamster-porn.info","http://nudeartgirls.org","http://pornfiles.eu","http://www.salaespecial.com","http://www.latouffe.fr","http://www.thepornlist.net","http://sexcollegetube.com","http://sex- ...[90460 bytes skipped]... | ||
http://www.s3exy.com/engine/classes/js/jquery.js | 200 OK Content-Length: 91340 Content-Type: text/javascript | clean |
http://www.s3exy.com/engine/classes/js/jqueryui.js | 200 OK Content-Length: 64578 Content-Type: text/javascript | clean |
http://www.s3exy.com/engine/classes/js/dle_js.js | 200 OK Content-Length: 16095 Content-Type: text/javascript | clean |
http://www.s3exy.com/engine/skins/default.js | 200 OK Content-Length: 8642 Content-Type: text/javascript | clean |
http://www.s3exy.com/masturbation | 200 OK Content-Length: 63066 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3801 bytes skipped]... | ||
http://www.s3exy.com/full-movies | 200 OK Content-Length: 59556 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3775 bytes skipped]... | ||
http://www.s3exy.com/cum-shots | 200 OK Content-Length: 66414 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://www.s3exy.com/engine/classes/highslide/highslide.js | 200 OK Content-Length: 32986 Content-Type: text/javascript | clean |
http://www.s3exy.com/bisexual | 200 OK Content-Length: 60618 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3801 bytes skipped]... | ||
http://www.s3exy.com/hardcore | 200 OK Content-Length: 63025 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3801 bytes skipped]... | ||
http://www.s3exy.com/creampie | 200 OK Content-Length: 68131 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://www.s3exy.com/lesbians | 200 OK Content-Length: 62695 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3801 bytes skipped]... | ||
http://www.s3exy.com/amateur | 200 OK Content-Length: 62907 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: s1.slimtrade.com ...[139 bytes skipped]... ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script> <META content="text/html; charset=windows-1251" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.7600.16444"> <script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script> <style> a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;} a.anc:visited { text-decoration: none; color:#660099} a.anc:active { text-decoration: none; color:#FF6633} a.anc:hover {text-decoration:underline; color:#FF0000;} </style> <style type="text/css"> <!-- .textborder { border: 1px double #000000; } --> </style> ...[3801 bytes skipped]... |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=s3exy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://s3exy.com/
Result: s3exy.com is not infected or malware details are not published yet.
Result: s3exy.com is not infected or malware details are not published yet.