Re: https://www.virustotal.com/#/url/fa0e9ee33d2c1ecf963e51337c172920898112df60c704892a15c12c3804a29e/details
nothing detected? Consider: https://urlquery.net/report/97a444bc-79b8-499a-90f6-2c25eb8032de
Redirecting: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=atat.ro&ref_sel=GSP2&ua_sel=ff&fs=1
iFrame:
Retirable jQuery library: http://retire.insecurity.today/#!/scan/b4a17f65dd1f009acb3c503d69999d5f92e1afdf0a8b5494847e918f1ab171f6
Results from scanning URL: hxtp://rianimanhusodo12.blogspot.com
Number of sources found: 22
Number of sinks found: 484
Results from scanning URL: //translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Number of sources found: 43
Number of sinks found: 8
Results from scanning URL: hxtps://www.blogger.com/static/v1/widgets/3577707566-widgets.js
Number of sources found: 93
Results from scanning URL: htxps://apis.google.com/js/plusone.js
Number of sources found: 43
Number of sinks found: 8
Number of sinks found: 44
F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=rianimanhusodo12.blogspot.com
and https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=atat.ro&ref_sel=GSP2&ua_sel=ff&fs=1
polonus (volunteer website security analyst and website error-hunter)
This code has not been checked for sinks and sources and code errors either:
Funny as it is appearing on innumerable sites.
Like “f.gsrc=P(“iframes/:source:””; k=D(f);l.src=“”;l[“data-postorigin”]=; k.action=l;k.method=“POST”
htxps://apis.google.com/js/plusone.js
errors:
-apis.google.com/js/plusone.js
info: [decodingLevel=0] found JavaScript
info: [setAttribute src] URL=apis.google dot com//scs/apps-static//js/k=-oz.gapi.US._Utt7ckmbKE.O/m=unsupported/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNjdXKe6a7uYkOLJSFg8M1oyoGbpw/cb=gapi.0
info: [element] URL=apis.google dot com/js/undefined
info: [decodingLevel=0] found JavaScript
error: undefined variable gapi
error: undefined function gapi.0
This is a bug trying to get property of non-object, while error from calling asynchronously (pol - info credits go to Stack Overflow’s rajesh ujade. (pol)
polonus
But there are more errors when we skim over all of the source code with an unpacker of sorts:
To start with
maxruntime exceeded 10 seconds (incomplete) 0 bytes
wXw.blogger.com/static/v1/jsbin/771816573-ieretrofit.js benign
[nothing detected] (script) -www.blogger.com/static/v1/jsbin/771816573-ieretrofit.js
status: (referer=-rianimanhusodo12.blogspot.com/)saved 37495 bytes c8521d21fbbe5e7d8510bea5153807c259cb4a9b
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
maxruntime exceeded points at some problems:
[javascript variable] URL=-www.w3.org/1999/xhtml
info: [img] -ad.zanox.com/ppv/?23061514C440230008
info: [decodingLevel=0] found JavaScript
error: line:5: SyntaxError: missing } in XML expression:
error: line:5: c))));a&&(window.jstiming.pt=a)}catch(k){}})();}).call(this);
error: line:5: …^
(profile hidden embedded code - is it secure from hacking?
[iframe] -atat.ro/about.html
info: [decodingLevel=0] found JavaScript
error: line:5: SyntaxError: missing } in XML expression:
error: line:5: c))));a&&(window.jstiming.pt=a)}catch(k){}})();}).call(this);
error: line:5: ..............................................^
file: fea13d4ed8c97ef23c0ecd2a22751ac9b17718cb: 57824 bytes
eferer=-rianimanhusodo12.blogspot.com/)saved 1716 bytes fdac5b2f68116c7613fc71a0f0d6da2e42043185
info: [decodingLevel=0] found JavaScript
error: undefined variable document.body.parentNode
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var document.body.parentNode = 1;
error: line:1: ....^
info: [element] URL=-translate.google.com/a/undefined
wrong manipulation of elements - (pol).
wXw.blogger.com/static/v1/widgets/3577707566-widgets.js
info: [decodingLevel=0] found JavaScript
error: undefined variable gapi * see earlier posting
error: undefined function gapi.load
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3:
error: line:3: ..............^
Additionaly CMS Word Press - Directory Indexing Enabled on upload link from -duniabaca.com/
where link to htxp://n.ads1-adnow.com/ is being blocked by my uBlock Origin extension following the EasyList subscription.
polonus (volunteer website security analyst and website error-hunter)