Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=facepua.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://facepua.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://facepua.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 17 Jul 2014 09:45:13 GMT Location: http://www.facepua.com/ Server: ghs Content-Length: 220 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.facepua.com/ | 200 OK Content-Length: 128844 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.anunciad.com.br ...[99061 bytes skipped]... ck='return _WidgetManager._PopupConfig(document.getElementById("HTML4"));' target='configHTML4' title='Editar'> <img alt='' height='18' src='http://img1.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/> </a> </span> </span> <div class='clear'></div> </div><div class='widget HTML' id='HTML5'> <div class='widget-content'> <script src="http://www.anunciad.com.br/table_ad.jsp?partner=6664"></script> </div> <div class='clear'></div> <span class='widget-item-control'> <span class='item-control blog-admin'> <a class='quickedit' href='//www.blogger.com/rearrange?blogID=8901640634787191022&widgetType=HTML&widgetId=HTML5&action=editWidget§ionId=main' onclick='return _WidgetManager._PopupConfig(document.getElementById("HTML5"));' target='configHTML5' title='Editar' ...[53710 bytes skipped]... | ||
http://connect.facebook.net/pt_BR/all.js | 200 OK Content-Length: 168409 Content-Type: application/x-javascript | clean |
http://code.jquery.com/jquery-1.6.2.min.js | 200 OK Content-Length: 91556 Content-Type: application/x-javascript | clean |
https://sites.google.com/site/dicashotblogger/home/javascriptdicashot/DicasHot.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 17 Jul 2014 09:45:16 GMT Pragma: no-cache ETag: "1384708829220" Location: https://sites.google.com/site/dicashotblogger/home/javascriptdicashot/DicasHot.js?attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Last-Modified: Sun, 17 Nov 2013 17:20:29 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Robots-Tag: noarchive X-XSS-Protection: 1; mode=block | clean |
https://sites.google.com/site/dicashotblogger/home/javascriptdicashot/dicashot.js?attredirects=0 | 404 Not Found Content-Length: 24483 Content-Type: text/html | clean |
https://sites.google.com//www.gstatic.com/caja/5678/caja.js/ | 404 Not Found Content-Length: 141 Content-Type: text/html | clean |
http://sites.google.com/test404page.js | 404 Not Found Content-Length: 141 Content-Type: text/html | clean |
https://ssl.gstatic.com/sites/p/fcd25b/system/js/jot_caja.js | 200 OK Content-Length: 104803 Content-Type: text/javascript | clean |
https://ssl.gstatic.com/sites/p/fcd25b/system/js/jot_min_view__pt_br.js | 200 OK Content-Length: 238581 Content-Type: text/javascript | clean |
http://apis.google.com/js/plusone.js | 200 OK Content-Length: 12110 Content-Type: application/javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 99152 Content-Type: application/javascript | clean |
http://platform.linkedin.com/in.js | 200 OK Content-Length: 3711 Content-Type: text/javascript | clean |
http://venom1301.spider.ad?id=21369/ | 200 OK Content-Length: 13 Content-Type: application/json | clean |
http://www.anunciad.com.br/table_ad.jsp?partner=6664 | 200 OK Content-Length: 1742 Content-Type: text/html | clean |
http://lizard1301.spider.ad/spd_display?p1=21369.divSpdSky | 200 OK Content-Length: 3 Content-Type: text/html | clean |
https://www.blogger.com/static/v1/widgets/2423294629-widgets.js | 200 OK Content-Length: 89624 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: facepua.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 17 Jul 2014 09:45:13 GMT
Location: http://www.facepua.com/
Server: ghs
Content-Length: 220
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...220 bytes of data.
GET / HTTP/1.1
Host: facepua.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 17 Jul 2014 09:45:13 GMT
Location: http://www.facepua.com/
Server: ghs
Content-Length: 220
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...220 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: facepua.com
Referer: http://www.google.com/search?q=facepua.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: facepua.com
Referer: http://www.google.com/search?q=facepua.com
Result:
The result is similar to the first query. There are no suspicious redirects found.