Scanned pages/files
| Request | Server response | Status |
http://blog.buttermouth.com/ | 200 OK Content-Length: 75995 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) domtab={ tabClass:'domtab', listClass:'domtabs', activeClass:'active', contentElements:'div', printID:'domtabprintview', showAllLinkText:'show all content', prevNextIndicator:'doprevnext', prevNextClass:'prevnext', prevLabel:'previous', nextLabel:'next', prevClass:'prev', nextClass:'next', init:function(){ var temp; if(!document.getElementById || !document.createTextNode){return;} var tempelm=document.getElementsByTagName('div'); for(var i=0;i<tempel break; case 'remove': var rep=o.className.match(' '+c1)?' '+c1:c1; o.className=o.className.replace(rep,''); break; case 'check': var found=false; var temparray=o.className.split(' '); for(var i=0;i<temparray.length;i++){ if(temparray[i]==c1){found=true;} } return found; break; } } } domtab.addEvent(window, 'load', domtab.init, false); Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js | 200 OK Content-Length: 84362 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12011 Content-Type: application/javascript | clean |
http://blog.buttermouth.com/feeds/posts/summary?alt=json-in-script&callback=showpageCount&max-results=99999 | 200 OK Content-Length: 300406 Content-Type: text/javascript | clean |
http://widgets.outbrain.com/OutbrainRater.js | 200 OK Content-Length: 117009 Content-Type: application/x-javascript | clean |
http://www.viralvideochart.com/permalink?view=widget&type=chart&category=all | HTTP/1.1 301 Moved Permanently Cache-Control: stale-while-revalidate=7200 Cache-Control: stale-if-error=86400 Connection: close Date: Sun, 13 Jul 2014 03:18:49 GMT Via: 1.1 gold.unrulymedia.com:80 (squid/2.7.STABLE7) Location: http://viralvideochart.unrulymedia.com/permalink?view=widget&type=chart&category=all Server: Apache-Coyote/1.1 X-Cache: MISS from gold.unrulymedia.com X-Cache-Lookup: MISS from gold.unrulymedia.com:80 | clean |
http://viralvideochart.unrulymedia.com/permalink?view=widget&type=chart&category=all | HTTP/1.1 302 Found Cache-Control: max-age=600 Connection: keep-alive Date: Sun, 13 Jul 2014 03:18:50 GMT Age: 168 Location: http://viralvideochart.unrulymedia.com/all?format=chartjs Server: PWS/8.0.25 Content-Language: en-US Content-Length: 0 Expires: Sun, 13 Jul 2014 03:26:02 GMT X-Px: ms h0-s3.p1-arn ( h0-s16.p1-arn), ht h0-s16.p1-arn.cdngp.net | clean |
http://viralvideochart.unrulymedia.com/all?format=chartjs | 200 OK Content-Length: 5206 Content-Type: text/html | clean |
http://viralvideochart.unrulymedia.com/test404page.js | 404 Not Found Content-Length: 112 Content-Type: text/html | clean |
http://www.viralvideochart.com/resource/js/viralvideochart.js | 200 OK Content-Length: 13373 Content-Type: text/javascript | clean |
http://bloggerhosting.appspot.com/serve/simpletricksblog.googlepages.com/widgetcomments.js | 200 OK Content-Length: 1516 Content-Type: application/javascript | clean |
http://blog.buttermouth.com/feeds/comments/default?alt=json-in-script&callback=showrecentcomments | 200 OK Content-Length: 43569 Content-Type: text/javascript | clean |
http://xslt.alexa.com/site_stats/js/t/a?url=blog.buttermouth.com | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://s29.sitemeter.com/js/counter.js?site=s29iksnyrk | HTTP/1.1 302 Redirect Date: Sun, 13 Jul 2014 03:18:54 GMT Location: http://s29.sitemeter.com/js/counter.asp?site=s29iksnyrk Server: Microsoft-IIS/6.0 Content-Length: 178 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://s29.sitemeter.com/js/counter.asp?site=s29iksnyrk | 200 OK Content-Length: 7555 Content-Type: application/x-javascript | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://edge.quantserve.com/quant.js | 200 OK Content-Length: 7874 Content-Type: application/x-javascript | clean |
https://www.blogger.com/static/v1/widgets/2423294629-widgets.js | 200 OK Content-Length: 89624 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: blog.buttermouth.com
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Sun, 13 Jul 2014 03:18:42 GMT
ETag: "8735d0d2-9f1b-4ed5-9a74-c37e4b7492fe"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Sun, 13 Jul 2014 03:18:42 GMT
Last-Modified: Sat, 12 Jul 2014 21:35:42 GMT
Alternate-Protocol: 80:quic,80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: blog.buttermouth.com
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Sun, 13 Jul 2014 03:18:42 GMT
ETag: "8735d0d2-9f1b-4ed5-9a74-c37e4b7492fe"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Sun, 13 Jul 2014 03:18:42 GMT
Last-Modified: Sat, 12 Jul 2014 21:35:42 GMT
Alternate-Protocol: 80:quic,80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: blog.buttermouth.com
Referer: http://www.google.com/search?q=blog.buttermouth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: blog.buttermouth.com
Referer: http://www.google.com/search?q=blog.buttermouth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=blog.buttermouth.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://blog.buttermouth.com/
Result: blog.buttermouth.com is not infected or malware details are not published yet.
Result: blog.buttermouth.com is not infected or malware details are not published yet.