Avast detects JS:Clickjack-DT [Trj].....

Trojans detected:
Object: http://2000goles.blogspot.de/2011_07_29_archive.html
SHA1: 5553ab7d562dd0050209c426d1780ba577da8f35
Name: TrojWare.JS.TrojanClicker.FbLiker.A aka JS:Clickjack-DT [Trj]
See: https://www.virustotal.com/nl/url/ae0216ccb239660e509f5e63be935cae6cdbeedcb7f8258f3cf5d0bc4a84717e/analysis/1418511928/
Potentially Suspicious files: 14 - /search?updated-min=2012-10-01t00%3A00%3A00-05%3A00&updated-max=2012-11-01t00%3A00%3A00-05%3A00&max-results=50
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Detected abnormal use of [iframe] elements. Treat it as suspicious.
File size[byte]: 289585
File type: ASCII
Page/File MD5: C0C214BEC2205A134D5BA17E5C0D5956
Scan duration[sec]: 1.643000 eyc. etc.
Consider: http://www.cobal.org/cgi-bin/cobal-log/http---introspective-to-a-fault.blogspot.com-2010-08-attitude-of-auxiliaries.html_refer.txt

External link from code to htxp://s7.addthis.com → http://fixvirusfast.blogspot.nl/2014/03/how-do-i-remove-s7addthiscom-virus.html

IP Badness history: https://www.virustotal.com/nl/ip-address/74.125.70.132/information/

  1. Suspicious url(NULL) - 8 results found
    (2) user information check - 6 results found
    (3) user cookie check - 6 results found
    (4) user information check - 5 results found
    (5) user cookie check - 3 results found
    (6) Suspicious script has been detected (document.write(unescape(?))) - 1
    (7) Suspicious script has been detected (Obfuscation packer:EnPack) - 1 instance found
    See link check here: http://zerocert.org/?code=f1177c83e0cb8c8b9e5e7e7e4ddaa0c25e6980a71a2fec22e1ad88fe2b8ec58b
    Flagged: http://safeweb.norton.com/report/show?url=2000goles.blogspot.de

iFrame Check Suspicious

-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=300x250§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=300x250§ion=3316358
-http://balondeoro2012cr7.blogspot.com/
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=468x60§ion=3316358
-http://ad.adnetwork.net/st?ad_type=iframe&ad_size=728x90§ion=3316358
All flagged by WOT https://www.mywot.com/en/scorecard/ad.adnetwork.net?utm_source=addon&utm_content=popup
and by avast! Web Rep …See where this requests are going here: http://www.uploady.com/#!/download/iv~C40qsDMu/XNWLmwSCTgR3lls1

Included Scripts Check: suspect - please check list for unknown includes

htXp://www.mipagerank.com/mipagerank.php/www.2000goles.blogspot.com/?d= → http://www.elhacker.net/whois.html?domain=www.mipagerank.com

polonus

Update. IP is a PHISH. See: https://www.virustotal.com/en/url/f4b3c03a600865dbadf16358ed9686239a769c14a0abe802933eac8817d8a5bc/analysis/1429267580/
Site potentially harmfull, blacklisted: https://sitecheck.sucuri.net/results/www.epfbalanceindia.blogspot.in

polonus

Update for this known infection source: https://urlquery.net/report.php?id=1439324021535 (flagged thrice).
Website Risk Status 7 red out of 10: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2F2000goles.blogspot.co.uk
Missed here: http://killmalware.com/2000goles.blogspot.co.uk/
General detection - 6 flags: https://www.virustotal.com/nl/url/0214f3cb4bafc29f2f15571e62c91c60b21ff7a1b408ff461fbaba8f8a5c6c80/analysis/1439324056/
Missed: https://sitecheck.sucuri.net/results/2000goles.blogspot.co.uk
Flagged for trojans: https://app.webinspector.com/public/reports/show_website?result=3&site=http%3A%2F%2F2000goles.blogspot.co.uk
Long OVERDUE malware on AS: http://support.clean-mx.de/clean-mx/viruses?as=AS27956

Also consider vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2F2000goles.blogspot.co.uk

Header manipulation and code injection vulnerabilities, specific dork for cycle plug-in: http://xss.cx/2011/04/23/dork/blind-sql-injection-os-command-execution-ligattsecuritycom.html

From the incode external links, consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsetodo.net
landing at -https://www.adcash.com/script/java.php?option=rotateur&r=455167
This code is also found to be injected to hotel wifi: https://www.virustotal.com/nl/ip-address/72.52.178.206/information/
Avast detects as Win32:Oncer. Code running with WP conflicts: http://stackoverflow.com/questions/11344185/what-kind-of-code-is-http-ogp-me-ns-fb Browser exploits via adbooth → https://www.mywot.com/en/scorecard/adbooth.com?utm_source=addon&utm_content=popup

Seems this website still has malcreants at play :smiley:

polonus (volunteer website security analyst and website error-hunter)

Could not load some resources for the midwinter-school tracker tracker report, but see attached for the results of the mainly widget tracking I received, but there is also ad tracking and tracker tracking going on.

pol