Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on February 07, 2019, 07:10:17 PM

Title: Site hijacked and with obfuscated malware script..
Post by: polonus on February 07, 2019, 07:10:17 PM

Re: https://urlquery.net/report/63a0b6a3-6bee-4248-8ac3-e11d99587425
Re: https://sitecheck.sucuri.net/results/vitapharma.no  (blacklisted by Yandex).

-http://www.vitapharma.no/mouth_ulcer_general/  hacked

Quote

The scan has detected some potential problems in these files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.

1 -> /wp-includes/js/jquery/jquery.js?ver=1.11.3

201 website recommendations: https://webhint.io/scanner/45365d58-71c8-4b9d-bf8e-f2742f1592f2

Oudated WP version 4.4.2  linked site: -https://visible.no/

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Site hijacked and with obfuscated malware script..
Post by: Pondus on February 07, 2019, 07:36:15 PM

https://www.virustotal.com/#/url/c2caccfbba29dfad8fd3c513f20974ad0f7aaf4ec997506ec34bba4ce2cec990/detection

TrendMicro list is as: Dangerous / Disease Vector


Items listed by urlQuery (Fortinet's Web Filter)
URL
https://www.virustotal.com/#/url/5313cde261cc8827f1a1f7b96420fdea88eaa21d53bf482ba0f45415511d0656/detection
File
https://www.virustotal.com/#/file/93d935495f7f40deaf07b68afea7d4c953e14914a28b10412498ccd26fa859bb/detection

URL
https://www.virustotal.com/#/url/dab0812fe89ebcac05a3f37cbad6effaa06802bf91b00535ae789f8d05096aa2/detection
File
https://www.virustotal.com/#/file/346d37d85fe2473e649fe5ba5393a0f5a9284b0d85b19b221f12bd35b3780a18/detection