Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxxmofodump.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xxxmofodump.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.xxxmofodump.com/ | 200 OK Content-Length: 62844 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.heavy-r.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> - Free XXX Movies, XXX Videos</title> <meta name="description" content="hardcore fuck, home mature wife amateur, porno tube xxx movies and videos!" /> <meta name="keywords" content="blowjob, lesbian, movies, vi ...[4294 bytes skipped]... | ||
http://xxxmofodump.com/webmasters/mootools.svn.js | 200 OK Content-Length: 183647 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.11' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : 'whitespace'; } } if (type == 'object' || type == 'functio this.elements.each(function(el, i){ obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; Antivirus reports:
| ||
http://www.xxxmofodump.com/data/AC_RunActiveContent.js | 404 Not Found Content-Length: 502 Content-Type: text/html | clean |
http://www.xxxmofodump.com/test404page.js | 404 Not Found Content-Length: 489 Content-Type: text/html | clean |
http://www.xxxmofodump.com/js/jquery-1.3.2.min.js | 404 Not Found Content-Length: 497 Content-Type: text/html | clean |
http://www.xxxmofodump.com/js/jquery-ui-1.7.2.custom.min.js | 404 Not Found Content-Length: 507 Content-Type: text/html | clean |
http://adspaces.ero-advertising.com/adspace/18208.js | 200 OK Content-Length: 1819 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/161810.js | 200 OK Content-Length: 1573 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/150687.js | 200 OK Content-Length: 1817 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/161804.js | 200 OK Content-Length: 1571 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/161809.js | 200 OK Content-Length: 758 Content-Type: application/javascript | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxxmofodump.com
Result:
GET / HTTP/1.1
Host: xxxmofodump.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxxmofodump.com
Referer: http://www.google.com/search?q=xxxmofodump.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxxmofodump.com
Referer: http://www.google.com/search?q=xxxmofodump.com
Result:
The result is similar to the first query. There are no suspicious redirects found.