We started here, where malware was being flagged: http://urlquery.net/report/a704bf33-fd7f-4029-b3f4-40ef68e3e878
Google Safebrowsing now has several services that make us more aware of what is being detected here and what redirects are to be found and also DOm-XSS issues etc.
So we had this opening up: Results from scanning URL: hxtp://redwhite.ru/bitrix/redirect.php?
event1=&event2=&event3=&goto=hxtp://www.information.za.org/article.php?id=10217/ *
Number of sources found: 10
Number of sinks found: 132
Results from scanning URL: htxps://apis.google.com/js/plusone.js
Number of sources found: 43
Number of sinks found: 8
Results from scanning URL: htxp://ads.adonion.com/serve.php
Number of sources found: 3
Number of sinks found: 1
Results from scanning URL: htxps://apis.google.com/js/plusone.js
Number of sources found: 43
Number of sinks found: 8
Results from scanning URL: htxps://www.blogger.com/static/v1/widgets/4187781524-widgets.js
Number of sources found: 93
Number of sinks found: 44
- Внимание! Вы перенаправляетесь на другой сайт. Для перехода щелкните по ссылке:
In Russian it says there: “Attention! You are redirected to another site. To go to, click the link:”
htxp://www.information.za.org/article.php?id=10217/
The privacy impact score is A-grade for the latter link: https://webcookies.org/cookies/redwhite.ru/11431840
This is being implemented: Clickjacking protection is enabled, nevertheless we have server version info proliferation →
Server: nginx/1.2.7 as the header exposes version details
Security headers missing…resource insecurely loaded over plaintext HTTP. This is OK on non-TLS pages,
but should never happen on TLS sites.
The scan has detected some potential problems in these files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.1 → -bdlab.blogspot.com/2011/06/free-backlinks-for-blog-and-website.html
Suspicious URLs found in: hxtp://about-yourdreams.blogspot.com/Also consider link to: htxp://bdlab.blogspot.com/2011/11/http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js1: hxxp://adhitzads·com/479546
2: hxxp://adhitzads·com/479545URLs that redirect found in: hxtp://about-yourdreams.blogspot.com/
1: htxp://ads.adonion.com/serve.php → htxp://a.yesadsrv.com/serve.php
< script type=“text/javascript” src=“hxxp://adhitzads.com/479546”> < /script>
Note: Ads can be problematic, despite their best efforts from time to time malicious/unwanted software ads do slip into an ad inventory and cause a site to be flagged by Google.
adult content / social networks flagged: -https://www.virustotal.com/#/domain/24work.blogspot.com
only AutoShun to flag this… also consider these results: https://privacyscore.org/site/36137/
12 known 3rd party tracking instances; and various other non-best policies applied.
Presented this detection in a slightly different manner, to highlight some other insecure aspects of such a detection
polonus (volunteer website security analyst and website error-hunter)