Scanned pages/files
Request | Server response | Status |
http://mensagenslindas.net.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 20:59:16 GMT Location: http://www.mensagenslindas.net.br/ Server: ghs Content-Length: 231 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.mensagenslindas.net.br/ | 200 OK Content-Length: 128871 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=9; var numshowpage=4; var upPageWord ='« '; var downPageWord ='»'; var urlactivepage=location.href; var home_page="/"; Antivirus reports:
| ||
https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js | 200 OK Content-Length: 93435 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.23/jquery-ui.min.js | 200 OK Content-Length: 200748 Content-Type: text/javascript | clean |
https://jquery-swip.googlecode.com/svn-history/r4/trunk/jquery.easing.1.3.js | 200 OK Content-Length: 8097 Content-Type: text/plain | clean |
http://jquery-swip.googlecode.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://jquery-swip.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
https://sanmag-blogger-template.googlecode.com/files/blogger-quick-search.js | 200 OK Content-Length: 3788 Content-Type: text/x-c++ | clean |
https://sanmag-blogger-template.googlecode.com/files/ | 404 Not Found Content-Length: 1431 Content-Type: text/html | clean |
https://sanmag-blogger-template.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
https://sanmag-blogger-template.googlecode.com/files/'+url+' | 404 Not Found Content-Length: 1446 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 200 OK Content-Length: 28254 Content-Type: text/javascript | clean |
http://bloggergadgets.googlecode.com/files/recentposts_orig.js | 200 OK Content-Length: 8295 Content-Type: text/plain | clean |
http://www.mensagenslindas.net.br/feeds/posts/default?max-results=18&orderby=published&alt=json-in-script&callback=bprecentpostswiththumbnails | 200 OK Content-Length: 149504 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
https://www.blogger.com/static/v1/widgets/2773501920-widgets.js | 200 OK Content-Length: 90097 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mensagenslindas.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 20:59:16 GMT
Location: http://www.mensagenslindas.net.br/
Server: ghs
Content-Length: 231
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...231 bytes of data.
GET / HTTP/1.1
Host: mensagenslindas.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 20:59:16 GMT
Location: http://www.mensagenslindas.net.br/
Server: ghs
Content-Length: 231
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...231 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mensagenslindas.net.br
Referer: http://www.google.com/search?q=mensagenslindas.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mensagenslindas.net.br
Referer: http://www.google.com/search?q=mensagenslindas.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mensagenslindas.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mensagenslindas.net.br/
Result: mensagenslindas.net.br is not infected or malware details are not published yet.
Result: mensagenslindas.net.br is not infected or malware details are not published yet.