Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gayboystube.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 24 Apr 2015 15:35:41 GMT
Location: http://www.gayboystube.com/
Server: nginx
Content-Length: 178
Content-Type: text/html
...178 bytes of data.
GET / HTTP/1.1
Host: gayboystube.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 24 Apr 2015 15:35:41 GMT
Location: http://www.gayboystube.com/
Server: nginx
Content-Length: 178
Content-Type: text/html
...178 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gayboystube.com
Referer: http://www.google.com/search?q=gayboystube.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gayboystube.com
Referer: http://www.google.com/search?q=gayboystube.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://gayboystube.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 24 Apr 2015 15:35:41 GMT Location: http://www.gayboystube.com/ Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://www.gayboystube.com/ | 200 OK Content-Length: 101651 Content-Type: text/html | clean |
http://www.gayboystube.com//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/ | 200 OK Content-Length: 101654 Content-Type: text/html | clean |
http://cdn.gayboystube.com/js/popunder.js | 200 OK Content-Length: 1780 Content-Type: text/javascript | clean |
http://www.gayboystube.com/templates/default/js/template.function.js | 200 OK Content-Length: 3782 Content-Type: application/javascript | clean |
http://www.gayboystube.com/templates/default/js/cbox/jquery.colorbox-min.js | 200 OK Content-Length: 10162 Content-Type: application/javascript | clean |
http://www.gayboystube.com/core/js/thumbchange.js | 200 OK Content-Length: 3587 Content-Type: application/javascript | clean |
http://www.gayboystube.com//s7.addthis.com/js/300/addthis_widget.js/ | 200 OK Content-Length: 101654 Content-Type: text/html | clean |
http://g6ni40i7.com/analytics.js?v=1406733698 | 403 Forbidden Content-Length: 5153 Content-Type: text/html | clean |
http://g6ni40i7.com/cdn-cgi/scripts/zepto.min.js | 200 OK Content-Length: 24975 Content-Type: application/javascript | clean |
http://g6ni40i7.com/cdn-cgi/scripts/cf.common.js | 200 OK Content-Length: 4408 Content-Type: application/javascript | clean |
http://g6ni40i7.com/cdn-cgi/scripts/cf.challenge.js | 200 OK Content-Length: 15290 Content-Type: application/javascript | clean |
http://g6ni40i7.com/test404page.js | 403 Forbidden Content-Length: 5153 Content-Type: text/html | clean |
http://gayboystube.com//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 24 Apr 2015 15:35:50 GMT Location: http://www.gayboystube.com//s7.addthis.com/js/300/addthis_widget.js/ Server: nginx Content-Length: 178 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gayboystube.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gayboystube.com/
Result: gayboystube.com is not infected or malware details are not published yet.
Result: gayboystube.com is not infected or malware details are not published yet.