Scanned pages/files
| Request | Server response | Status |
http://hotcamsluts.chaturbate.com/ | 200 OK Content-Length: 89843 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/jsi18n/ | 200 OK Content-Length: 2372 Content-Type: text/javascript | clean |
http://ccstatic.highwebmedia.com/static/CACHE5/js/936fbae33046.js | 200 OK Content-Length: 118690 Content-Type: application/x-javascript | clean |
http://ccstatic.highwebmedia.com/static/CACHE5/js/209e2314bf71.js | 200 OK Content-Length: 1922 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var reload_rooms={delay:90000,on_timeout:function(){$(".endless_page_template").each(function(){var href="";if($(this).attr("data-href")==undefined){href=window.location.href;} else{href=$(this).attr("data-href");} var addchar='?';if(href.indexOf('?')!=-1){addchar='&';} href=href+addchar+$("#filter_search_form").serialize();$(this).load(href);});reload_rooms.schedule_refresh();},schedule_refresh:function(){setTimeout(reload_rooms.on_timeout,reload_rooms.delay);}};$(document).read return true;});$("#filter_search_form input[type='submit']").click(function(){var skey=$("#id_keywords").val();var search_message=interpolate(gettext("Searching for %(skey)s ..."),{skey:skey},true);$(".searching-keyword h1").text(search_message);$(".searching-keyword").show();$(".endless_page_template").load($("#filter_search_form").attr("action")+'?'+$("#filter_search_form").serialize());return false;});}); Antivirus reports:
| ||
http://hotcamsluts.chaturbate.com/accounts/register/ | 200 OK Content-Length: 29183 Content-Type: text/html | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9216 Content-Type: text/javascript | clean |
http://hotcamsluts.chaturbate.com/auth/login/ | 200 OK Content-Length: 17877 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/auth/password_reset/ | 200 OK Content-Length: 18122 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/female-cams/ | 200 OK Content-Length: 89675 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/male-cams/ | 200 OK Content-Length: 89420 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/couple-cams/ | 200 OK Content-Length: 63298 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/transsexual-cams/ | 200 OK Content-Length: 54482 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/spy-on-cams/ | 200 OK Content-Length: 47389 Content-Type: text/html | clean |
http://hotcamsluts.chaturbate.com/busty_roxxxy/ | 200 OK Content-Length: 57780 Content-Type: text/html | clean |
http://ccstatic.highwebmedia.com/static/CACHE5/js/f75a4efcc15e.js | 200 OK Content-Length: 175040 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hotcamsluts.chaturbate.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 Jun 2014 06:56:47 GMT
Server: nginx/1.5.13
Vary: Accept-Encoding
Vary: Cookie, Accept-Language
Content-Language: en
Content-Type: text/html; charset=utf-8
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: affkey="eJyrVipQslJQMjJU0lFQKinKBnHATBCjPD8xEMRJTEsDcYszk7MTc0oLMkBiyblgjX5GhgUWSrUAck4STQ=="; expires=Sat, 12-Jul-2014 06:56:47 GMT; Max-Age=2592000; Path=/
Set-Cookie: whitelabels_hc=pending; Path=/
Set-Cookie: csrftoken=x07HAEuKYfMGjg6Ml3llzJkkefpvPvRz; expires=Thu, 11-Jun-2015 06:56:47 GMT; Max-Age=31449600; Path=/
GET / HTTP/1.1
Host: hotcamsluts.chaturbate.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 Jun 2014 06:56:47 GMT
Server: nginx/1.5.13
Vary: Accept-Encoding
Vary: Cookie, Accept-Language
Content-Language: en
Content-Type: text/html; charset=utf-8
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: affkey="eJyrVipQslJQMjJU0lFQKinKBnHATBCjPD8xEMRJTEsDcYszk7MTc0oLMkBiyblgjX5GhgUWSrUAck4STQ=="; expires=Sat, 12-Jul-2014 06:56:47 GMT; Max-Age=2592000; Path=/
Set-Cookie: whitelabels_hc=pending; Path=/
Set-Cookie: csrftoken=x07HAEuKYfMGjg6Ml3llzJkkefpvPvRz; expires=Thu, 11-Jun-2015 06:56:47 GMT; Max-Age=31449600; Path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: hotcamsluts.chaturbate.com
Referer: http://www.google.com/search?q=hotcamsluts.chaturbate.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hotcamsluts.chaturbate.com
Referer: http://www.google.com/search?q=hotcamsluts.chaturbate.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hotcamsluts.chaturbate.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hotcamsluts.chaturbate.com/
Result: hotcamsluts.chaturbate.com is not infected or malware details are not published yet.
Result: hotcamsluts.chaturbate.com is not infected or malware details are not published yet.