Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Blacklisted site clean or with MW:ANOMALY:SP8
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Blacklisted site clean or with MW:ANOMALY:SP8 (Read 1946 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33903
malware fighter
Blacklisted site clean or with MW:ANOMALY:SP8
«
on:
November 30, 2013, 06:45:45 PM »
See:
http://maldb.com/feuerwehr-rossla.de/#blacklists
See:
https://www.virustotal.com/nl/url/8f11788d3542b2a22d794a9e220e5a590454014f08b54577b3fa05c50672fc79/analysis/
No detections here:
http://urlquery.net/report.php?id=8076586
jsunpack scan here:
http://jsunpack.jeek.org/?report=3da626169579d0916c2a3378e28619b8f9c11229
see code hisck-up: ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js benign
[nothing detected] (script) ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
status: (referer=feuerwehr-rossla.de/)saved 55740 bytes 4a17c73d94831fe9c67af02550ecdc639681ddbb
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: invalid flag after regular expression:
error: line:3: s,"form")?jQuery.makeArray(this.elements):this;}).filter(function(){return this.name&&!this.disabled&&(this.checked||/select|textarea/i.test(this.nodeName)||/text|hidden|password/i.test(this.type));}).map(function(i,elem){var val=jQuery(this).val();return
error: line:3: ^
suspicious:
Injection Check -> Suspicious Text after HTML
<script src="htxp://simplechic.pl/translations/x1cuodn3.php?id=52520410" type="text/javascript"></script>
See: simplechic dot pl/modules/menu/js/superfish-modified.js benign
[nothing detected] (script) simplechic.pl/modules/menu/js/superfish-modified.js
status: (referer=simplechic dot pl/)saved 3765 bytes ccaa5ae25a9f3744dfcc7f68896782755f19712d
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: ....^
suspicious: Location: htxp://simplechic.pl/pl/
Note: This line has redirected the request to htxp://simplechic.pl/pl/ -> The connection timed out before all (any?) content was returned!
Suspicious: simplechic dot pl/modules/productscategory/productscategory.js benign
[nothing detected] (script) simplechic dot pl/modules/productscategory/productscategory.js
status: (referer=simplechic dot pl/pl/)saved 1931 bytes 383c64bce6a9e70599fac4571fdcd15bbaec9786
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $
suspicious: found as benign here:
http://zulu.zscaler.com/submission/show/5e67e586563ba033987021d87c4634b2-1385833221
PrestaShop vulnerable to random pages and exploitable:
http://www.cvedetails.com/vulnerability-list/vendor_id-8950/Prestashop.html
Here the site is given as blacklisted and with malware;
http://sitecheck.sucuri.net/results/feuerwehr-rossla.de/
Blocked by Google Safebrowsing:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=feuerwehr-rossla.de
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Blacklisted site clean or with MW:ANOMALY:SP8