Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on June 06, 2021, 11:10:13 PM
-
Where we stumbled upon it? https://urlscan.io/result/edaf6426-455b-4401-abb7-19663635829d/
Where it was being flagged: https://www.virustotal.com/gui/url/3f7087b173b07ddbcff2e1e254237b5ad0aef62ee0e3215155336fad25338f3c/detection
Why? -> https://sitereport.netcraft.com/?url=https://confirmatie-ontvangst.net/
Retire.JS issues ->
jquery 1.11.3.min Found in -https://confirmatie-ontvangst.net/js/jquery-1.11.3.min.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
JS error- File not found: /js/master.js
File not found: /js/match-height.js
File not found: /js/mmenu.js
File not found: /js/mmenu.polyfills.js
File not found: /js/jquery-1.11.3.min.js
SyntaxError: Unexpected string
eval ()()
:4:80()
Object.t [as F_c] (:3:191)()
Object.E_u (:4:244)()
eval (eval at exec_fn (:2:115), :67:477)()
Object.create (eval at exec_fn (:2:115), :69:193)()
c (eval at exec_fn (:2:115), :7:231)()
:4:80()
i (eval at exec_fn (:2:115), :5:165)()
eval (eval at exec_fn (:2:115), :5:292)()
SyntaxError: Invalid regular expression flags
eval ()()
:4:80()
Object.t [as F_c] (:3:191)()
Object.E_u (:4:244)()
eval (eval at exec_fn (:2:115), :67:477)()
Object.create (eval at exec_fn (:2:115), :69:193)()
c (eval at exec_fn (:2:115), :7:231)()
:4:80()
i (eval at exec_fn (:2:115), :5:165)()
eval (eval at exec_fn (:2:115), :5:292)()
Why should this website be hosted in Chicago? 14% tracking blocked from -financien.belgium dot be
Consider: https://sitereport.netcraft.com/?url=financien.belgium.be (Could this still be a respectable website from 2013 henceon?)
Not really, I guess, as avast webshield flags Cyber Security Assessment and Management (CSAM) as not to be trusted.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Site is blacklisted by McAfee's -> https://sitecheck.sucuri.net/results/https/confirmatie-ontvangst.net
IP is on a Russian blacklist as scammer.
See: https://observatory.mozilla.org/analyze/confirmatie-ontvangst.net F-B-A-F-x grade scan results.
Non-compliant: https://observatory.mozilla.org/analyze/confirmatie-ontvangst.net#tls
Re: https://observatory.mozilla.org/analyze/confirmatie-ontvangst.net#third-party
CAA issues.
Finally confirmed as a high risk website at scamadviser dot com:
https://www.scamadviser.com/check-website/confirmatie-ontvangst.net
Not found here: https://fraud-reports.wikia.org/wiki/Key-Systems_GmbH
pol