Is this a spyware site?

[polonus]

Hi malware fighters,

Only finjan detects this as a spyware site: htxp://mpay.qq.com/index.htm Title: 腾讯移动支付平台
Cannot try out at wepawet because that is down for maintanance now...
Check here: http://jsunpack.jeek.org/dec/go?report=1e9aed7001810994cd1b1c8e29376c3164685a77

maybe because of this script there?: htxp://pingjs.qq.com/ping.js
see: http://jsunpack.jeek.org/dec/go?report=39c8453f320190e4a69f80c30a81c3a64aa57874

For the malware trend see:  http://www.tenebril.com/src/info.php?id=441301950
But because of securemost reports, I do not know how the situation is now considering QQ-adware,
iFrame detecting scan delivered these results:
No zeroiframes detected!

Check took 39.77 seconds

(Level: 0) Url checked:
htxp://mpay.qq.com/index.htm
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://source2.qq.com/pub/mpay/js/jquery-1[1].3.2.min.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://source2.qq.com/pub/mpay/js/jquery.blockui.js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://source2.qq.com/pub/mpay/js/v1.0/sys.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (iframe source)
htxp://source2.qq.com/pub/mpay/js/v1.0//login.html
Blank page / could not connect
No ad codes identified

(Level: 2) Url checked: (iframe source)
htxp://source2.qq.com/pub/mpay/js/v1.0//loading.html
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://source1.qq.com/common/javascript/builder_footer_normal_v1.0.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
htxp://pingjs.qq.com/ping.js
Zeroiframes detected on this site: 0
No ad codes identified

External references:
External References
- source2.qq.com safe? - displaying 4 of 4

    * <Script> link - htxp://source2.qq.com/pub/mpay/js/jquery-1[1].3.2.min.js
    * <Script> link - htxp://source2.qq.com/pub/mpay/js/jquery.blockUI.js
    * <Script> link - htxp://source2.qq.com/pub/mpay/js/v1.0/sys.js
    * <A> 我要留言 - htxp://source2.qq.com/pub/mpay/images/v1.0/ASK/index.html

- service.qq.com safe? - displaying 1 of 1

    * <A> 帮助 - htxp://service.qq.com/category/shjchzhk.html

- source1.qq.com safe? - displaying 1 of 1

    * <Script> link - hxtp://source1.qq.com/common/javascript/builder_footer_normal_v1.0.js

- pingjs.qq.com safe? - displaying 1 of 1

    * <Script> link - htxp://pingjs.qq.com/ping.js

polonus

[mikaelrask]

strange sens wot is rate it as safe.

http://www.mywot.com/sv/scorecard/jsunpack.jeek.org

[polonus]

Hi mikaelrask,

The site is secure only considering what you let it check, malcode in there could spill over as it is a site for unpacking and de-obfuscating suspicious and malicious JavaScript for security experts. One should only use it on a machine with just user rights, and NoScript and Request Policy extensions active in the Mozilla browser. I have written a posting about this in the general section here on the forums, you can see there. When checking on URLs and code I just give the links with hxtp. People that know, know what to do with it anyway and others are being warned off not to go there, the fight against malware is often qualified as "og det var et slag i slag",

polonus

[mikaelrask]

yeah totally agree with your post there.