This is completely different from what I get here: http://www.webutation.net/go/review/blogher.com?req=chrome
and here on BrightCloud:
Category Reputation Index Status
News and Media
Society
Personal sites and Blogs
Request a new URL category
green 96
Request URL Reputation change
Infections (past 12 months) No
Popularity High
Age 52 months (Established)
How did they hide all that dubious 3rd party tracking to be found up? Like Legolas and peer.39
(blocked by the Open DNS block tool)?
Are there things going on in the background that Abine, Diconnect etc miss?
Here we again have a site with unknown html issues, but there are no cookies and no third party requests found.
There are no iFrames detected either, but later on in the website analysis we stumble upon Sp00nscape redirecting malware…
No zeroiframes detected!
Check took 2.23 seconds
(Level: 0) Url checked:
htxp://www.bkab.nu/
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
htxp://www.bkab.nu/wp-includes/js/comment-reply.js?ver=3.4.1
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
htxp://www.bkab.nu/wp-includes/js/jquery/jquery.js?ver=1.7.2
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
htxp://www.bkab.nu/wp-content/themes/arclite.1.5/arclite/js/arclite.js?ver=3.4.1
Zeroiframes detected on this site: 0
No ad codes identified
MacAfee siteadvisor flags it: http://www.siteadvisor.com/sites/bkab.nu
There is a redirection to htxp://compressorvolution.pro/Description?8
Here I get a 404 Not Found and IP 5.153.238.12
This is similar malware as http://labs.sucuri.net/?details=rangedunderstanding.pro same IP
and redirecting malware (so-called sp00nscape - pass= sp00n ip= 5.153.238.12)
Site should be blocked and has now been reported to virus AT avast dot com…
Tthe location header of the site is now redirecting to again another domain generated, here it is; htxp://braviaguaranteeing.pro/Description?8
nothing detected] braviaguaranteeing dot pro/Description?8
status: (referer=htxp:/twitter.com/trends/)saved 4915 bytes 7f6bec094f3258b15fe2b17e433b65c7aa7e968f
info: [img] braviaguaranteeing dot pro/intl/ALL/images/srpr/logo1w.png
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3: <meta content="Search the world’s information, including webpages, images, videos and more. Google has
error: line:3: …^
What is generating these domains, a look up on google fails, because on the website the location line in the header above has redirected the request to: htxp://www.google.com
The IP resolves to ip= 5.153.238.12. posing as a server, 5.153.238.12. domain is not supported
Not registerd for AS57858 FiberGrid Fiber Grid OU
AS Name: FIBERGRID Fiber Grid OU
IPs allocated: 26624
Blacklisted URLs: 0
Hosts…
…malicious URLs? No
…badware? No
…botnet C&C servers? No
…exploit servers? No
…Zeus botnet servers? No
…Current Events? Yes
…phishing servers? No
It is invalid input used for malware, and normally not allowed…
Notice: geoip_record_by_name(): Host 5.153.238.12 not found in _ip_load_main() (line 235 of /home/alex/data/www/ipadresa.net/html/sites/all/modules/custom/ip_node/ip_node.module),
There is something fishy with htxp://www.bkab.nu/
Opening with file viewer I get: Location: htxp://serviceavisualizations.pro/hydrodance?8 (all I got ended in pro/hydrodance?8)
and then Moved Permanently and then: The document has moved “htxp://serviceavisualizations.pro/hydrodance?8”
HEAD /hydrodance?8 HTTP/1.0
Accept: /
User-Agent: WebBug/5.0
Received data:
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 25 Aug 2012 15:05:55 GMT
Content-Type: text/html
Connection: close
Last-Modified: Wed, 14 Sep 2011 20:07:29 GMT
Accept-Ranges: bytes
Content-Length: 465
Vary: Accept-Encoding,User-Agent
Host serviceavisualizations.pro
IP 5.153.238.13 (yesterday another domain name from 5.153.238.12)
Site should be blocked, reported to virus AT avast dot com