Detected Potential Corporate Privacy Violation....
Where we stumbled onto it: Results from scanning URL: htxp://bukutamu-zies-name.googlecode.com/files/bukutamu-zies-name.js
Number of sources found: 9
Number of sinks found: 2
GET -/files/bukutamu-zies-name.js HTTP/1.1
Host: -bukutamu-zies-name.googlecode.com
Magic: HTML document text\012 exported SGML document text
Size: 1588
Md5: dd2d6d01c8cebacbc39b6abd0352db63
United States
AS15169 Google Inc. 64.233.161.82
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
suspicious: maxruntime exceeded 10 seconds (incomplete) found JavaScript
error: undefined variable history
error: undefined function history[_0x96d5[33]]
error: undefined variable _0x96d5
info: [var pu] URL=-www.topcpm.com/redirect.php
info: [var newurl] URL=-www.topcpm.com/redirect.php
info: [decodingLevel=1] found JavaScript
: [meta refresh] URL=-www.youradexchange.com/ad/display.php?r=374772
info: [decodingLevel=0] found JavaScript
info: [windowlocation] URL=-www.youradexchange.com/ad/display.php?r=374772
info: [var location] URL=-www.youradexchange.com/ad/display.php?r=374772
info: [var newurl] URL=-www.youradexchange.com/ad/display.php?r=374772
undefined variable str
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
[embed] -cdnovh.widgeo.net/message/messagebig.swf
info: [iframe] -cdnovh.widgeo.net/hitparade.php?pagexiti=message
info: [decodingLevel=0] found JavaScript
error: undefined variable _0x9f08x2
info: DecodedGenericCLSID detected D27CDB6E-AE6D-11cf-96B8-444553540000
info: [element] URL=-www.topcpm.com/tcm.js
info: [var pu] URL=-www.topcpm.com/tcm.js
info: [var u] URL=-www.topcpm.com/u.js
info: [var newurl] URL=-www.topcpm.com/u.js
info: [decodingLevel=1] found JavaScript
error: line:9: SyntaxError: XML tag name mismatch (expected embed):
error: line:9: wf" quality="high" wmode="transparent" bgcolor="000000" width="800" height="50" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="
-http:/www.macromedia.com/go/getflashplayer"></OBJECT>
error: line:9: ...^
and
info: [img] -logv33.xiti.com/hit.xiti?s=281802&p=
info: [decodingLevel=0] found JavaScript
error: undefined variable Xr
info: [var Xi] URL=-cdnovh.widgeo.net/
info: [var newurl] URL=-cdnovh.widgeo.net/
info: [img] -cdnovh.widgeo.net/
Is this obfuscated code analyzed here being blocked or not longer an online threat?
polonus (volunteer website security analyst and website error-hunter)