Scanned pages/files
Request | Server response | Status |
http://infonews.net.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 16:39:10 GMT Location: http://www.infonews.net.br/ Server: ghs Content-Length: 224 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.infonews.net.br/ | 200 OK Content-Length: 83254 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12790 Content-Type: application/javascript | clean |
http://connect.facebook.net/pt_BR/all.js | 200 OK Content-Length: 161938 Content-Type: application/x-javascript | clean |
http://code.jquery.com/jquery-latest.js | 200 OK Content-Length: 282766 Content-Type: application/x-javascript | clean |
https://googledrive.com/host/0B8w2v5y4ih1WeHRPV3lNcVowb0k | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Sat, 28 Feb 2015 16:39:14 GMT Pragma: no-cache Accept-Ranges: none Location: https://77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com/host/0B8w2v5y4ih1WeHRPV3lNcVowb0k Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com/host/0b8w2v5y4ih1wehrpv3lncvowb0k | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Sat, 28 Feb 2015 16:39:15 GMT Pragma: no-cache Accept-Ranges: none Location: https://a95783b892390a4e5d5bd21e5fd0daa8fdfa3777-77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com/host/0b8w2v5y4ih1wehrpv3lncvowb0k Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://a95783b892390a4e5d5bd21e5fd0daa8fdfa3777-77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com/host/0b8w2v5y4ih1wehrpv3lncvowb0k | 500 Can't connect to a95783b892390a4e5d5bd21e5fd0daa8fdfa3777-77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com:443 Content-Length: 274 Content-Type: text/plain | clean |
http://a95783b892390a4e5d5bd21e5fd0daa8fdfa3777-77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com/test404page.js | 500 Can't connect to a95783b892390a4e5d5bd21e5fd0daa8fdfa3777-77641ca98f9814e9090136fb7e780b0c049a6f84.googledrive.com:80 Content-Length: 272 Content-Type: text/plain | clean |
http://infonews.net.br//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 16:39:15 GMT Location: http://www.infonews.net.br//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: ghs Content-Length: 280 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.infonews.net.br//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 47693 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
https://www.blogger.com/static/v1/widgets/3512243057-widgets.js | 200 OK Content-Length: 90257 Content-Type: text/javascript | clean |
http://infonews.net.br//www.blogger.com/rearrange?blogID=9143838374339927494&widgetType=HTML&widgetId=HTML2&action=editWidget§ionId=main/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 16:39:17 GMT Location: http://www.infonews.net.br//www.blogger.com/rearrange?blogID=9143838374339927494&widgetType=HTML&widgetId=HTML2&action=editWidget§ionId=main/ Server: ghs Content-Length: 358 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.infonews.net.br//www.blogger.com/rearrange?blogid=9143838374339927494&widgettype=html&widgetid=html2&action=editwidget§ionid=main/ | 404 Not Found Content-Length: 48004 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://www.infonews.net.br//www.blogger.com/rearrange?blogID=9143838374339927494&widgetType=HTML&widgetId=HTML2&action=editWidget§ionId=main/ | 404 Not Found Content-Length: 48004 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://www.infonews.net.br//www.blogger.com/rearrange?blogID=9143838374339927494&widgetType=HTML&widgetId=HTML6&action=editWidget§ionId=main/ | 404 Not Found Content-Length: 48004 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://www.infonews.net.br/feeds/posts/default | 200 OK Content-Length: 128404 Content-Type: application/atom+xml | clean |
http://www.infonews.net.br//www.blogger.com/rearrange?blogID=9143838374339927494&widgetType=HTML&widgetId=HTML7&action=editWidget§ionId=sidebar2/ | 404 Not Found Content-Length: 48020 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://www.infonews.net.br//www.blogger.com/rearrange?blogID=9143838374339927494&widgetType=HTML&widgetId=HTML3&action=editWidget§ionId=sidebar2/ | 404 Not Found Content-Length: 48020 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(<script.*?\/{1}script>)|(<table.*?\/{1 summ = summary_img; } else { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: infonews.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 16:39:10 GMT
Location: http://www.infonews.net.br/
Server: ghs
Content-Length: 224
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...224 bytes of data.
GET / HTTP/1.1
Host: infonews.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 16:39:10 GMT
Location: http://www.infonews.net.br/
Server: ghs
Content-Length: 224
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...224 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: infonews.net.br
Referer: http://www.google.com/search?q=infonews.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: infonews.net.br
Referer: http://www.google.com/search?q=infonews.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=infonews.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://infonews.net.br/
Result: infonews.net.br is not infected or malware details are not published yet.
Result: infonews.net.br is not infected or malware details are not published yet.