Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: blakesmithy.tumblr.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Dec 2015 22:01:35 GMT
Vary: X-UA-Device
Content-Type: text/html; charset=utf-8
Link: <http://33.media.tumblr.com/avatar_333ab60421bc_128.png>; rel=icon
P3P: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
X-Tumblr-Pixel: 3
X-Tumblr-Pixel-0: http://px.srvcs.tumblr.com/impixu?T=1449612094&J=eyJ0eXBlIjoidXJsIiwidXJsIjoiaHR0cDpcL1wvYmxha2VzbWl0aHkudHVtYmxyLmNvbVwvIiwicmVxdHlwZSI6MCwicm91dGUiOiJcLyJ9&U=OLBJACHCBJ&K=0f06469d03ba95c77d0f552fb1139885e994995e0613b578e4688c5834437385--http://px.srvcs.tumblr.com/impixu?T=1449612094&J=eyJ0eXBlIjoicG9zdCIsInVybCI6Imh0dHA6XC9cL2JsYWtlc21pdGh5LnR1bWJsci5jb21cLyIsInJlcXR5cGUiOjAsInJvdXRlIjoiXC8iLCJwb3N0cyI6W3sicG9zdGlkIjoiMTEzMjQ4OTM4NjAyIiwiYmxvZ2lkIjoiMjI2MDAyNTI1Iiwic291cmNlIjozM30sey
X-Tumblr-Pixel-1: Jwb3N0aWQiOiIxMTMyMTY2ODg5OTQiLCJibG9naWQiOiIyMjYwMDI1MjUiLCJzb3VyY2UiOjMzfSx7InBvc3RpZCI6IjExMzE1NDk0NTkwMyIsImJsb2dpZCI6IjIyNjAwMjUyNSIsInNvdXJjZSI6MzN9LHsicG9zdGlkIjoiMTEzMTA4NTMzNjM3IiwiYmxvZ2lkIjoiMjI2MDAyNTI1Iiwic291cmNlIjozM30seyJwb3N0aWQiOiIxMTMxMDM0MjExOTciLCJibG9naWQiOiIyMjYwMDI1MjUiLCJzb3VyY2UiOjMzfSx7InBvc3RpZCI6IjExMzA2MzkwNjA0MiIsImJsb2dpZCI6IjIyNjAwMjUyNSIsInNvdXJjZSI6MzN9LHsicG9zdGlkIjoiMTEzMDEwODc4NTYyIiwiYmxvZ2lkIjoiMjI2MDAyNTI1Iiwic291cmNlIjozM31dfQ==&U=BAONNFDONN&K=
X-Tumblr-Pixel-2: 2c90dbb834094765a7627a33d6cd6924e8ed4e80c98f2da1c7ad496d0f78c840
X-Tumblr-User: blakesmithy
X-UA-Compatible: IE=Edge,chrome=1
X-UA-Device: desktop
GET / HTTP/1.1
Host: blakesmithy.tumblr.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Dec 2015 22:01:35 GMT
Vary: X-UA-Device
Content-Type: text/html; charset=utf-8
Link: <http://33.media.tumblr.com/avatar_333ab60421bc_128.png>; rel=icon
P3P: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
X-Tumblr-Pixel: 3
X-Tumblr-Pixel-0: http://px.srvcs.tumblr.com/impixu?T=1449612094&J=eyJ0eXBlIjoidXJsIiwidXJsIjoiaHR0cDpcL1wvYmxha2VzbWl0aHkudHVtYmxyLmNvbVwvIiwicmVxdHlwZSI6MCwicm91dGUiOiJcLyJ9&U=OLBJACHCBJ&K=0f06469d03ba95c77d0f552fb1139885e994995e0613b578e4688c5834437385--http://px.srvcs.tumblr.com/impixu?T=1449612094&J=eyJ0eXBlIjoicG9zdCIsInVybCI6Imh0dHA6XC9cL2JsYWtlc21pdGh5LnR1bWJsci5jb21cLyIsInJlcXR5cGUiOjAsInJvdXRlIjoiXC8iLCJwb3N0cyI6W3sicG9zdGlkIjoiMTEzMjQ4OTM4NjAyIiwiYmxvZ2lkIjoiMjI2MDAyNTI1Iiwic291cmNlIjozM30sey
X-Tumblr-Pixel-1: Jwb3N0aWQiOiIxMTMyMTY2ODg5OTQiLCJibG9naWQiOiIyMjYwMDI1MjUiLCJzb3VyY2UiOjMzfSx7InBvc3RpZCI6IjExMzE1NDk0NTkwMyIsImJsb2dpZCI6IjIyNjAwMjUyNSIsInNvdXJjZSI6MzN9LHsicG9zdGlkIjoiMTEzMTA4NTMzNjM3IiwiYmxvZ2lkIjoiMjI2MDAyNTI1Iiwic291cmNlIjozM30seyJwb3N0aWQiOiIxMTMxMDM0MjExOTciLCJibG9naWQiOiIyMjYwMDI1MjUiLCJzb3VyY2UiOjMzfSx7InBvc3RpZCI6IjExMzA2MzkwNjA0MiIsImJsb2dpZCI6IjIyNjAwMjUyNSIsInNvdXJjZSI6MzN9LHsicG9zdGlkIjoiMTEzMDEwODc4NTYyIiwiYmxvZ2lkIjoiMjI2MDAyNTI1Iiwic291cmNlIjozM31dfQ==&U=BAONNFDONN&K=
X-Tumblr-Pixel-2: 2c90dbb834094765a7627a33d6cd6924e8ed4e80c98f2da1c7ad496d0f78c840
X-Tumblr-User: blakesmithy
X-UA-Compatible: IE=Edge,chrome=1
X-UA-Device: desktop
Second query (visit from search engine):
GET / HTTP/1.1
Host: blakesmithy.tumblr.com
Referer: http://www.google.com/search?q=blakesmithy.tumblr.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: blakesmithy.tumblr.com
Referer: http://www.google.com/search?q=blakesmithy.tumblr.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://blakesmithy.tumblr.com/ | 200 OK Content-Length: 73127 Content-Type: text/html | clean |
http://assets.tumblr.com/assets/scripts/pre_tumblelog.js?_v=4407ac63b04a974114891da19b333539 | 200 OK Content-Length: 3361 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js | 200 OK Content-Length: 95786 Content-Type: text/javascript | clean |
http://assets.tumblr.com/assets/scripts/tumblelog_post_message_queue.js?_v=8b0553f75283ecbeb78be24f096f4c2c | 200 OK Content-Length: 361 Content-Type: application/javascript | clean |
http://static.tumblr.com/hmqexaq/VoInfpg3f/themelantic.js | 200 OK Content-Length: 124813 Content-Type: application/x-javascript | clean |
http://blakesmithy.tumblr.com/tweets.js | 404 Not Found Content-Length: 35 Content-Type: application/json | clean |
http://blakesmithy.tumblr.com/test404page.js | 404 Not Found Content-Length: 27411 Content-Type: text/html | clean |
http://assets.tumblr.com/client/prod/standalone/tumblelog/index.js?_v=c9a621bd8568e0acc119c99120ece052 | 200 OK Content-Length: 302052 Content-Type: application/javascript | clean |
http://blakesmithy.tumblr.com/archive | 200 OK Content-Length: 29654 Content-Type: text/html | clean |
http://assets.tumblr.com/client/prod/app/header/index.js?_v=df54dd38e404a9a65de246b3b26f9045 | 200 OK Content-Length: 55318 Content-Type: application/javascript | clean |
http://assets.tumblr.com/client/prod/app/vendor/index.js?_v=aa50ea4f6dd1fe4869a12c7b7125a2c4 | 200 OK Content-Length: 300601 Content-Type: application/javascript | clean |
http://assets.tumblr.com/languages/strings/en_US.js?1343 | 200 OK Content-Length: 2204 Content-Type: application/javascript | clean |
http://assets.tumblr.com/assets/scripts/tumblr/utils/exceptions.js?_v=d9c981097e19ddd4e05b50e906b5a76b | 200 OK Content-Length: 5400 Content-Type: application/javascript | clean |
http://assets.tumblr.com/assets/scripts/archive/archive.js?_v=8c98b1ded7b017ee2a99e5530361ad2b | 200 OK Content-Length: 12959 Content-Type: application/javascript | clean |
http://assets.tumblr.com/client/prod/app/context/archive/index.js?_v=13e6cd36caa9413d0202148fa429d388 | 200 OK Content-Length: 302632 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=blakesmithy.tumblr.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://blakesmithy.tumblr.com/
Result: blakesmithy.tumblr.com is not infected or malware details are not published yet.
Result: blakesmithy.tumblr.com is not infected or malware details are not published yet.