Sucuri misses as Quttera detects. See: https://sitecheck.sucuri.net/results/afrianz.blogspot.it
Quttera detects reference to malicious blacklisted domain -bdv.bidvertiser.com * and -www.thehitsusa.com **
- https://www.mywot.com/en/scorecard/bdv.bidvertiser.com?utm_source=addon&utm_content=popup
** https://www.mywot.com/en/scorecard/www.thehitsusa.com?utm_source=addon&utm_content=contextmenu
116 instances of this
and’
cdn.tynt.com/tc.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘0?undefined=undefined%26id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%26g=a%26r=%26href=%26ts=undefine’]] of length 101 which may point to obfuscation or shellcode.
Threat dump: see attached
Threat dump MD5: C14F98C3332D5519E43E287C8D632CBE
File size[byte]: 13552
File type: ASCII
Page/File MD5: 558CDBCDED0C37BD3E854D818E034081
Scan duration[sec]: 0.486000
See Fortinet’s alerts here: http://urlquery.net/report.php?id=1436720369916
Do not visit site: adult content/social networks
malware on that particular IP: https://urlquery.net/report.php?id=1436622807127
Included scripts -
Suspect - please check list for unknown includes
Suspicious Script:
-http://bdv.bidvertiser.com/bidvertiser.dbm?pid=597840%26bid=1491909
document.createelement(‘iframe’); ifrmobj.name=“bidvertiser_frame”; ifrmobj.width=468; ifrmobj.height=60; ifrmobj.marginwidth=0; ifrmo
Suspicious Script:
-http://bdv.bidvertiser.com/bidvertiser.dbm?pid=597840%26bid=1491909
document.createelement(‘iframe’); ifrmobj.name=“bidvertiser_frame”; ifrmobj.width=468; ifrmobj.height=60; ifrmobj.marginwidth=0; ifrmo
Suspicious Script:
-http://bdv.bidvertiser.com/bidvertiser.dbm?pid=597840%26bid=1491909
document.createelement(‘iframe’); ifrmobj.name=“bidvertiser_frame”; ifrmobj.width=468; ifrmobj.height=60; ifrmobj.marginwidth=0; ifrmo
Suspicious Script:
-http://bdv.bidvertiser.com/bidvertiser.dbm?pid=597840%26bid=1491909
document.createelement(‘iframe’); ifrmobj.name=“bidvertiser_frame”; ifrmobj.width=468; ifrmobj.height=60; ifrmobj.marginwidth=0; ifrmo
Also attached an ad-tracker-tracker report
polonus