Is bhojpurisex.site safe?

encoded payload

suspicious base64-like blobs detected in page content

malicious redirect

script/meta redirect patterns detected in page source

cloaking

Page checks user-agent for bot/crawler strings to serve different content

cloaking

Page conditionally redirects based on referrer or user-agent

js obfuscation

JavaScript uses Function constructor for runtime code generation

malicious redirect

JavaScript manipulates browser history by pushing 10 states via history.pushState() then hijacks the back button via onpopstate to force a redirect to https://backbutton.videobaba.xyz/back-button-script/public/getit.php?site=BSS. This traps users on the site and forces navigation to a third-party destination when the back button is pressed. (location: page.html:65 and page.html:1557-1568)

malicious redirect

Navigation menu contains a link labeled 'Indian Live Sex' and 'Live Girls' pointing to https://blazingserver.net/revive/www/admin/plugins/redirectAd/redirect.php?zoneid=197 and zoneid=362 — opaque ad-network redirect URLs that pass through a third-party ad server before reaching an unknown destination, concealing the final landing page from users and security tools. (location: page.html:243-244)

hidden content

The hero section (page.html:1503) contains a large injected block of Slack UI HTML markup (div.p-workspace__primary_view_body, c-virtual_list, c-message_list, etc.) embedded inside the visible page text. This Slack-interface HTML is invisible to normal users but visible to scrapers and AI agents reading page text, constituting hidden content injection likely intended to manipulate AI/crawler analysis or stage social-engineering content. (location: page.html:1503, page-text.txt:1176)

prompt injection

The hero section embeds a full Slack-style conversation UI DOM structure inside the page body (data-qa attributes: message_container, block-kit-renderer, virtual-list-item, etc.). This is a known prompt injection pattern targeting AI agents that parse page content: injecting fake UI context (a Slack direct message thread) to manipulate agent behavior or data extraction. The content is truncated in the captured HTML but the structural scaffolding of a fabricated Slack DM conversation is present. (location: page.html:1503)

hidden content

Third-party analytics script loaded from https://stats.indianpornempire.com/js/script.js via a defer tag with data-domain attribute. This exfiltrates browsing behavior to an external domain (indianpornempire.com) not disclosed in the site's privacy policy context visible on the page. (location: page.html:63)

hidden content

The <meta http-equiv='delegate-ch'> header delegates multiple client-hint headers (sec-ch-ua, sec-ch-ua-bitness, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-mobile) to https://tsyndicate.com, silently sharing detailed browser/device fingerprinting data with a third-party ad syndication network without user awareness. (location: page.html:67)

social engineering

Ad unit disguised as a content thumbnail is embedded in the video grid with fake view count (6548 views) and fake rating (96%) to make it appear as legitimate user-generated content, directing users to https://www.kamareels2.com. The ad is labeled 'AD' only in small metadata text while visually matching organic video blocks. (location: page.html:474-490)

obfuscated code

The page contains inline JavaScript functions b2a() and a2b() implementing custom Base64 encode/decode routines alongside b64e and b64d wrappers. These are used by the ad insertion framework (ai_insert_code, ai_check_and_insert_block) to store and execute ad payload code via atob/btoa at runtime, obfuscating the actual ad content delivered dynamically from encoded data attributes. (location: page.html:1651-1653, page-text.txt:1324-1326)