See: https://www.virustotal.com/nl/url/fede43e645327ad6e2fc5602d57bb37d79e2241ef8ecf12baa8e5000e13b0214/analysis/1416063007/
155 instances of decoded javascript code
[[\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74]]
→ Exploit:Win32/Pdfjsc.YS
Potentially suspicious file: wXw.blogger.com/static/v1/widgets/2885176887-widgets.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘%26tran=%26npn=1%26=%26=%26=%26=%26=%26#falsefontFamilyfontFamily=%26true=%26=%26=%26=%26=%26=%26I=%26true=%26=%26=%26=%26=%26=%26I=%26=%26=%26=%26=%26=%26=’]] of length 104 which may point to obfuscation or shellcode.
Threat dump: http://jsunpack.jeek.org/?report=59434dcaac860d133e346f374baada32e3f6262d
Threat dump MD5: AA0254EA8EC811E73C733E0886208A94
File size[byte]: 90891
File type: ASCII
Page/File MD5: 87E1B384620ABC47AC07B242A531468F
Scan duration[sec]: 4.001000
line:3: SyntaxError: missing ] after element list:
error: line:3: [ernal%26%26k.gtbExternal[Ra]?d+=jd+k.gtbExternalRa:k[Ga]%26%26k[Ga].csi%26%26(d+=jd+k[Ga].csi()[Ra])}catch(e){}varf=k[Ga];if(f%26%26(f=f.loadTimes)){f().wasFetchedViaSpdy%26%26(d+=ad);if(f().wasNpnNegotiated){vard=d+Zc,h=f().npnNegotiatedProtocol;h%2
error: line:3: …^
Complaint on IP: http://www.liveipmap.com/74.125.226.10 & http://totalhash.com/network/ip:74.125.226.10
See: http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://hatimsudan.blogspot.de/&MODIFIED=0
→ http://whois.domaintools.com/blogspot.de
LeafDNS scan: http://leafdns.com/index.cgi?testid=4FE6DC29 & http://leafdns.com/index.cgi?testid=B197BE4F
Most of it OK here: http://www.dnsinspect.com/blogspot.de/1416068947
Nagłówki serwera www:
Server: GSE
Content-Encoding: gzip
Czas odp. DNS: 0.011 sekundy
Czas połączenia: 2.226 sekundy
Czas zapytania: 3.508 sekundy
Czas odpowiedzi: 0.989 sekundy
Ilość pobranych danych: 909.19 kB
Prędkość pobierania: 384.12 kB/s
Missing security headers for Framing, Transport, Caching Pragma, Access Control and Content-Security-Policy.
Eisk here 7 out of 10 red: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2Fhatimsudan.blogspot.de
GSE Linux vulnerable to ptrace exploit.
links: [D] htxp://hatimsudan.blogspot.de/favicon.ico; rel=“icon”; type=“image/x-icon”
[D] htxp://hatimsudan.blogspot.com/; rel=“canonical”
[D] htxp://hatimsudan.blogspot.com/feeds/posts/default; rel=“alternate”; title=“مكتبة كتب - Atom”; type=“application/atom+xml”
[D] htxp://hatimsudan.blogspot.com/feeds/posts/default?alt=rss; rel=“alternate”; title=“مكتبة كتب - RSS”; type=“application/rss+xml”
[D] htxp://www.blogger.com/feeds/9130047430270102112/posts/default; rel=“service.post”; title=“مكتبة كتب - Atom”; type=“application/atom+xml”
[D] htxp://www.blogger.com/openid-server.g; rel=“openid.server”
[D] htxp://hatimsudan.blogspot.com/; rel=“openid.delegate”
[D] htxps://www.blogger.com/static/v1/widgets/2235083404-widget_css_bundle_rtl.css; rel=“stylesheet”; type=“text/css”
[D] htxps://www.blogger.com/dyn-css/authorization.css?targetBlogID=9130047430270102112&zx=0176c0c6-a4f0-4e73-b8be-79b967f2cbbb; rel=“stylesheet”; type=“text/css”
pol