See: https://www.virustotal.com/nl/url/341570a8c3a8af70e2a506243c8fea54ceb3165da4fb35db8ebc7a98cf6e37b3/analysis/1447000333/ Dr.Web known infection source/adult content/social networks Vulnerable code: -http://aboutofindonesia.blogspot.ru Detected libraries: jquery - 1.8.3 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js Info: Severity: medium http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ (active) - the library was also found to be active by running code 1 vulnerable library detected → http://www.domxssscanner.com/scan?url=http%3A%2F%2Faboutofindonesia.blogspot.ru
halamanav.js code is exploitable: XSS attack detected via my Malware Script Detector v.02b in Tampermonkey. → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fyourjavascript.com%2F218437119%2Fhalamanav.js
See: http://zulu.zscaler.com/submission/show/e04755efb152fd6297ebd234f0aa91ca-1447000774 gives site as clean.
Poor outlay: http://howoptimize.com/analyze/aboutofindonesia.blogspot.ru.html Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Bad website risk status (7red out of 10) at Netcraft scan: http://toolbar.netcraft.com/site_report/?url=+http%3A%2F%2Faboutofindonesia.blogspot.ru
This landing at statcounter: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.blogger.com%2Fdyn-css%2Fauthorization.css%3FtargetBlogID%3D2081779903225794034%26zx%3Dead3b6ae-7827-423b-ae92-b5114d00b357 and -http://www.onlinedatingsites2015.com/ with links all about ad-code Script loaded: -http://pagead2.googlesyndication.com/pagead/show_ads.js Script loaded: -http://www.statcounter.com/counter/counter.js Script loaded: -https://pagead2.googlesyndication.com/pub-config/ca-pub-9908604420462511.js Script loaded: -http://pagead2.googlesyndication.com/pagead/js/r20151103/r20151006/show_ads_impl.js Status: success Script loaded: -https://pagead2.googlesyndication.com/pagead/js/r20151103/r20151006/expansion_embed.js Script loaded: -https://pagead2.googlesyndication.com/pagead/osd.js Script loaded: -https://tpc.googlesyndication.com/pagead/js/r20151103/r20110914/abg.js Script loaded: -https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js Script loaded: -https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js which is understandable as we know Google’s main product model
polonus
What malware resides on this website?
https://www.virustotal.com/nl/file/a5291daf652da676d90b98cbd8b55f4bc17db76e9577f9078e9218dd545ca234/analysis/1447002021/
Thanks, Pondus, good evaluation.
