SE Website redirecting (via code 301) to htxp://www3.xpg.com.br/403.h

Viruses and worms
1

See: http://killmalware.com/js.xpg.com.br/
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs.xpg.com.br%2Ftag%2Fp%2Facidezmental%2Ftag.js
Not detected: https://www.virustotal.com/nl/url/cf8d6bcfb9d2431981d3d0ad6eeb378b76db980e124afbd11fdbc97d4b5eccaf/analysis/1443786469/
Sucuri misses.
Now a double redirect going via hxtp://www3.xpg.com.br/403.html to: htxp://www3.xpg.uol.com.br/educacao.html
See: http://toolbar.netcraft.com/site_report?url=http://www3.xpg.uol.com.br
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww3.xpg.uol.com.br%2Feducacao.html
Checked with Malzilla by bobby.
XPG - 2015 padlock icon
www3.xpg.uol.com.br
Alerts (3)
Insecure login (3)
Password will be transmited in clear to -http://xpg.uol.com.br/go/html
Password will be transmited in clear to -http://xpg.uol.com.br/go/blog
Password will be transmited in clear to -http://www3.xpg.uol.com.br/
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted - PHP Version: 5.3.3 (Outdated) Via proxy: 1.1 Linux Proxy Pandeiro UOL

polonus (volunteer website security analyst and website error-hunter)

2
[b]scanned 5 days ago[/b] - Rescan it now! (Hoster: static.xpg.net.br)
and what result do you get if you rescan it now ;)
3

Hi Pondus,

These reults were after the rescan with Killmalware, no alerts still redirecting like: hxtp://www3.xpg.com.br/403.html to: htxp://www3.xpg.uol.com.br/educacao.html ;D
Backlink: Domain IP Referring Pages DomainRank
1 -http://www.emportugal.pt | Details
► Please log in first to see full page URL. Create Account! 78.140.138.170 1 4
http://toolbar.netcraft.com/site_report?url=http://www.emportugal.pt

Damian

4

I send this same URL, during the week
Last, but I found other results

hxxp:www3.xpg.uol.com.br/juridico.html
hxxp://www3.xpg.uol.com.br/arquitetura-decoracao-e-design.html

Blacklist

https://www.virustotal.com/en/url/25f0f9cc24e68ee2f29571ca2dd0cc02fcf21ecb07565612cece159cad436cfa/analysis/1443317083/

https://www.virustotal.com/en/url/15ef99c29b3d048074839277e52cc861ef4048be245e5b5beb3df0a280507342/analysis/1443317731/

https://urlquery.net/report.php?id=1443316512743

http://www.urlvoid.com/scan/www3.xpg.uol.com.br/

I have and answer from my colleague that it does not seem to be malicious.
5

Hi jefferson sant,

As not malicious per se, we do see random Blackhat SE redirecting here. Don’t know whether Google let them get away with it. :wink:

polonus