Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sunnynudes-com.baberush.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sunnynudes-com.baberush.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://sunnynudes-com.baberush.com/ | 200 OK Content-Length: 27690 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: baberush.com function cremzads10() { var i = document.createElement("iframe"); var a = Math.random() + ""; i.src = "http://a.babescdn.com/banners.php?domain=baberush.com&zone=10"; i.scrolling = "no"; i.frameBorder = "0"; i.width = "900px"; i.height = "250px"; document.getElementById("cremzads10").appendChild(i); }; if (window.addEventListener) window.addEventListener("load", cremzads10, false); else if (window.attachEvent) window.attachEvent("onload", cremzads10); else window.onload = cremzads10; Decoded script: function cremzads10() { var i = document.createElement("iframe"); var a = Math.random() + ""; i.src = "http://a.babescdn.com/banners.php?domain=baberush.com&zone=10"; i.scrolling = "no"; i.frameBorder = "0"; i.width = "900px"; i.height = "250px"; document.getElementById("cremzads10").appendChild(i); } | ||
http://mobile.plugrush.com/babestare.com/1mz2/1mz2.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://mobile.plugrush.com/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sunnynudes-com.baberush.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 24 Sep 2014 01:39:25 GMT
Pragma: no-cache
Server: nginx/1.7.4
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=79bbbf67797b70d3aa7cba78c8aeac05; path=/
X-Powered-By: PHP/5.3.19
GET / HTTP/1.1
Host: sunnynudes-com.baberush.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 24 Sep 2014 01:39:25 GMT
Pragma: no-cache
Server: nginx/1.7.4
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=79bbbf67797b70d3aa7cba78c8aeac05; path=/
X-Powered-By: PHP/5.3.19
Second query (visit from search engine):
GET / HTTP/1.1
Host: sunnynudes-com.baberush.com
Referer: http://www.google.com/search?q=sunnynudes-com.baberush.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sunnynudes-com.baberush.com
Referer: http://www.google.com/search?q=sunnynudes-com.baberush.com
Result:
The result is similar to the first query. There are no suspicious redirects found.