Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on June 06, 2021, 11:10:13 PM

Title: Netcraft flags - Is this a scam-website? Avast Webshield does not trust...
Post by: polonus on June 06, 2021, 11:10:13 PM

Where we stumbled upon it? https://urlscan.io/result/edaf6426-455b-4401-abb7-19663635829d/
Where it was being flagged: https://www.virustotal.com/gui/url/3f7087b173b07ddbcff2e1e254237b5ad0aef62ee0e3215155336fad25338f3c/detection
Why? -> https://sitereport.netcraft.com/?url=https://confirmatie-ontvangst.net/
Retire.JS issues ->
jquery   1.11.3.min   Found in -https://confirmatie-ontvangst.net/js/jquery-1.11.3.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

JS error-

Quote

File not found: /js/master.js

File not found: /js/match-height.js

File not found: /js/mmenu.js

File not found: /js/mmenu.polyfills.js

File not found: /js/jquery-1.11.3.min.js

SyntaxError: Unexpected string
  eval ()()
  :4:80()
  Object.t [as F_c] (:3:191)()
  Object.E_u (:4:244)()
  eval (eval at exec_fn (:2:115), :67:477)()
  Object.create (eval at exec_fn (:2:115), :69:193)()
  c (eval at exec_fn (:2:115), :7:231)()
  :4:80()
  i (eval at exec_fn (:2:115), :5:165)()
  eval (eval at exec_fn (:2:115), :5:292)()

SyntaxError: Invalid regular expression flags
  eval ()()
  :4:80()
  Object.t [as F_c] (:3:191)()
  Object.E_u (:4:244)()
  eval (eval at exec_fn (:2:115), :67:477)()
  Object.create (eval at exec_fn (:2:115), :69:193)()
  c (eval at exec_fn (:2:115), :7:231)()
  :4:80()
  i (eval at exec_fn (:2:115), :5:165)()
  eval (eval at exec_fn (:2:115), :5:292)()

Why should this website be hosted in Chicago? 14% tracking blocked from -financien.belgium dot be
Consider: https://sitereport.netcraft.com/?url=financien.belgium.be  (Could this still be a respectable website from 2013 henceon?)

Not really, I guess, as avast webshield flags Cyber Security Assessment and Management (CSAM) as not to be trusted.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Title: Re: Netcraft flags - Is this a scam-website? Avast Webshield does not trust...
Post by: polonus on June 07, 2021, 12:06:57 AM

Site is blacklisted by McAfee's -> https://sitecheck.sucuri.net/results/https/confirmatie-ontvangst.net
IP is on a Russian blacklist as scammer.

See: https://observatory.mozilla.org/analyze/confirmatie-ontvangst.net  F-B-A-F-x grade scan results.

Non-compliant: https://observatory.mozilla.org/analyze/confirmatie-ontvangst.net#tls
Re: https://observatory.mozilla.org/analyze/confirmatie-ontvangst.net#third-party

CAA issues.

Finally confirmed as a high risk website at scamadviser dot com:
https://www.scamadviser.com/check-website/confirmatie-ontvangst.net

Not found here: https://fraud-reports.wikia.org/wiki/Key-Systems_GmbH

pol