Scanned pages/files
| Request | Server response | Status |
http://fr.chaturbate.com/ | 200 OK Content-Length: 102362 Content-Type: text/html | clean |
http://fr.chaturbate.com/jsi18n/ | 200 OK Content-Length: 5544 Content-Type: text/javascript | clean |
http://static.highwebmedia.com/CACHE/js/936fbae33046.js | 200 OK Content-Length: 118690 Content-Type: application/x-javascript | clean |
http://static.highwebmedia.com/CACHE/js/453d36531b5a.js | 200 OK Content-Length: 1922 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var reload_rooms={delay:45000,on_timeout:function(){$(".endless_page_template").each(function(){var href="";if($(this).attr("data-href")==undefined){href=window.location.href;} else{href=$(this).attr("data-href");} var addchar='?';if(href.indexOf('?')!=-1){addchar='&';} href=href+addchar+$("#filter_search_form").serialize();$(this).load(href);});reload_rooms.schedule_refresh();},schedule_refresh:function(){setTimeout(reload_rooms.on_timeout,reload_rooms.delay);}};$(document).read return true;});$("#filter_search_form input[type='submit']").click(function(){var skey=$("#id_keywords").val();var search_message=interpolate(gettext("Searching for %(skey)s ..."),{skey:skey},true);$(".searching-keyword h1").text(search_message);$(".searching-keyword").show();$(".endless_page_template").load($("#filter_search_form").attr("action")+'?'+$("#filter_search_form").serialize());return false;});}); Antivirus reports:
| ||
http://fr.chaturbate.com/accounts/register/ | 200 OK Content-Length: 29003 Content-Type: text/html | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9216 Content-Type: text/javascript | clean |
http://fr.chaturbate.com/tipping/free_tokens/ | HTTP/1.1 302 FOUND Connection: close Date: Sun, 22 Jun 2014 19:09:49 GMT Location: http://fr.chaturbate.com/auth/login/?next=/tipping/free_tokens/ Server: nginx/1.5.13 Vary: Cookie, Accept-Language Content-Language: fr Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: affkey="eJyrVipSslJQUqoFAAwfAk0="; expires=Tue, 22-Jul-2014 19:09:49 GMT; Max-Age=2592000; Path=/ | clean |
http://fr.chaturbate.com/auth/login/?next=/tipping/free_tokens/ | 200 OK Content-Length: 18807 Content-Type: text/html | clean |
http://fr.chaturbate.com/auth/login/ | 200 OK Content-Length: 17482 Content-Type: text/html | clean |
http://fr.chaturbate.com/auth/password_reset/ | 200 OK Content-Length: 17717 Content-Type: text/html | clean |
http://fr.chaturbate.com/female-cams/ | 200 OK Content-Length: 102131 Content-Type: text/html | clean |
http://fr.chaturbate.com/male-cams/ | 200 OK Content-Length: 101796 Content-Type: text/html | clean |
http://fr.chaturbate.com/couple-cams/ | 200 OK Content-Length: 88991 Content-Type: text/html | clean |
http://fr.chaturbate.com/transsexual-cams/ | 200 OK Content-Length: 55951 Content-Type: text/html | clean |
http://fr.chaturbate.com/spy-on-cams/ | 200 OK Content-Length: 52603 Content-Type: text/html | clean |
http://fr.chaturbate.com/supporter/upgrade/ | HTTP/1.1 302 FOUND Connection: close Date: Sun, 22 Jun 2014 19:10:01 GMT Location: http://fr.chaturbate.com/auth/login/?next=/supporter/upgrade/ Server: nginx/1.5.13 Vary: Cookie, Accept-Language Content-Language: fr Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: affkey="eJyrVipSslJQUqoFAAwfAk0="; expires=Tue, 22-Jul-2014 19:10:01 GMT; Max-Age=2592000; Path=/ | clean |
http://fr.chaturbate.com/auth/login/?next=/supporter/upgrade/ | 200 OK Content-Length: 17576 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fr.chaturbate.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 22 Jun 2014 19:09:44 GMT
Server: nginx/1.5.13
Vary: Accept-Encoding
Vary: Cookie, Accept-Language
Content-Language: fr
Content-Type: text/html; charset=utf-8
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: affkey="eJyrVipSslJQUqoFAAwfAk0="; expires=Tue, 22-Jul-2014 19:09:44 GMT; Max-Age=2592000; Path=/
Set-Cookie: csrftoken=WOxD9RXIrezEp3iu5uOoTBWZjGotaKgz; expires=Sun, 21-Jun-2015 19:09:44 GMT; Max-Age=31449600; Path=/
GET / HTTP/1.1
Host: fr.chaturbate.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 22 Jun 2014 19:09:44 GMT
Server: nginx/1.5.13
Vary: Accept-Encoding
Vary: Cookie, Accept-Language
Content-Language: fr
Content-Type: text/html; charset=utf-8
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: affkey="eJyrVipSslJQUqoFAAwfAk0="; expires=Tue, 22-Jul-2014 19:09:44 GMT; Max-Age=2592000; Path=/
Set-Cookie: csrftoken=WOxD9RXIrezEp3iu5uOoTBWZjGotaKgz; expires=Sun, 21-Jun-2015 19:09:44 GMT; Max-Age=31449600; Path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: fr.chaturbate.com
Referer: http://www.google.com/search?q=fr.chaturbate.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fr.chaturbate.com
Referer: http://www.google.com/search?q=fr.chaturbate.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fr.chaturbate.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fr.chaturbate.com/
Result: fr.chaturbate.com is not infected or malware details are not published yet.
Result: fr.chaturbate.com is not infected or malware details are not published yet.