Scanned pages/files
Request | Server response | Status |
http://svithobby.blogspot.com/ | 200 OK Content-Length: 140308 Content-Type: text/html | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 11664 Content-Type: application/javascript | clean |
http://www.linkwithin.com/widget.js | 200 OK Content-Length: 14131 Content-Type: application/x-javascript | clean |
http://svithobby.blogspot.com//vk.com/js/api/openapi.js?78/ | 404 Not Found Content-Length: 106108 Content-Type: text/html | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6105 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); Antivirus reports:
| ||
https://www.blogger.com/static/v1/widgets/1752065427-widgets.js | 200 OK Content-Length: 91097 Content-Type: text/javascript | clean |
http://svithobby.blogspot.com//www.google.com/jsapi/ | 404 Not Found Content-Length: 106078 Content-Type: text/html | clean |
http://svithobby.blogspot.com/feeds/posts/default | 200 OK Content-Length: 110413 Content-Type: application/atom+xml | clean |
http://svithobby.blogspot.com/test404page.js | 404 Not Found Content-Length: 106052 Content-Type: text/html | clean |
http://svithobby.blogspot.com/search/label/%D0%91%D0%B5%D0%B7%D1%80%D1%83%D0%BA%D0%B0%D0%B2%D0%BA%D0%B0%20%D0%B8%20%D1%82%D0%BE%D0%BF | 200 OK Content-Length: 206797 Content-Type: text/html | clean |
http://svithobby.blogspot.com/2014/06/blog-post_3636.html | 200 OK Content-Length: 114720 Content-Type: text/html | clean |
https://www.blogger.com/static/v1/jsbin/313381681-comment_from_post_iframe.js | 200 OK Content-Length: 14366 Content-Type: text/javascript | clean |
http://svithobby.blogspot.com/search/label/%D1%82%D0%BE%D0%BF | 200 OK Content-Length: 206711 Content-Type: text/html | clean |
http://svithobby.blogspot.com/2014/06/blog-post_4772.html | 200 OK Content-Length: 113761 Content-Type: text/html | clean |
http://svithobby.blogspot.com/2014/06/blog-post_583.html | 200 OK Content-Length: 113899 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: svithobby.blogspot.com
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Wed, 04 Jun 2014 22:17:37 GMT
ETag: "fc8eb401-d2ff-4876-830e-c94cd967218d"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Wed, 04 Jun 2014 22:17:37 GMT
Last-Modified: Wed, 04 Jun 2014 12:00:03 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: svithobby.blogspot.com
Result:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Connection: close
Date: Wed, 04 Jun 2014 22:17:37 GMT
ETag: "fc8eb401-d2ff-4876-830e-c94cd967218d"
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Wed, 04 Jun 2014 22:17:37 GMT
Last-Modified: Wed, 04 Jun 2014 12:00:03 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: svithobby.blogspot.com
Referer: http://www.google.com/search?q=svithobby.blogspot.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: svithobby.blogspot.com
Referer: http://www.google.com/search?q=svithobby.blogspot.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=svithobby.blogspot.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://svithobby.blogspot.com/
Result: svithobby.blogspot.com is not infected or malware details are not published yet.
Result: svithobby.blogspot.com is not infected or malware details are not published yet.