Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on October 23, 2021, 12:03:02 PM

Title: CDAC's Browser JS Guard warns for encoded Javascript Malware
Post by: polonus on October 23, 2021, 12:03:02 PM
Indian government security extension warns for malware on the following website, and alerts to block:
see: https://urlscan.io/result/4e0e9775-59bf-4ba3-ab46-a0331c22fbb6/

Nothing flagged here: https://www.virustotal.com/gui/url/fee976a016b4b4eec3e8266f9e38d30c9f6f30bc1c68b712cb56bd8afc959231?nocache=1

Could this be in L4lD_oJODzpwpDst4F4jPdBEbrQ.js? Given OK at VT or ads onionland being flagged? Tracker params code?
See: https://urlscan.io/result/4e0e9775-59bf-4ba3-ab46-a0331c22fbb6/#indicators

polonus
Title: Re: CDAC's Browser JS Guard warns for encoded Javascript Malware
Post by: polonus on October 23, 2021, 05:40:06 PM
More results for this:
Quote
Reputation checks have been performed on the IP address for each of the linked sites.
Hosts found on blacklists with poor reputation may be a threat to users of the site.
Hosting and locations are also included in the results.

Externally Linked Host   Hosting / Company Netblock   Country   
     -www.torproject.org   HETZNER-AS, DE         
     -i2psearch.com   CLOUDFLARENET         
     -onionlandhosting.com   CLOUDFLARENET         
     -3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion            
     -www.tor2web.org   FASTLY         
     -imageflutgtjxfrn.onion            
     -3bbaaaccczcbdddz.onion   

https://reports.adguard.com/en/onionlandsearchengine.com/report.html   

HTML
-onionlandsearchengine.com/
14,766 bytes, 185 nodes

Javascript 9   (external 4, inline 5)
-www.googletagmanager.com/​gtm.js?id=GTM-T9TZN2P
INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
558,533 bytes

-onionlandsearchengine.com/cdn-cgi/apps/head/​0Zm-PzlD4M52LDE4Ld8WMxOdu5I.js
-onionlandsearchengine.com/cdn-cgi/bm/cv/669835187/​api.js
-d3uvwl4wtkgzo1.cloudfront.net/​e8af8301-45e2-41c6-9212-9421ce1b1dc7.js
109,595 bytes Cache-Control: max-age=0, private, must-revalidate

INLINE: (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),
341 bytes

INLINE: var loadDeferredStyles=function(){var e=document.getElementById("deferred-styles
448 bytes

INLINE: let fpid = "weABvwvwE1"; const _0x4e52=['qMXSrNm=','wfH0we0=','yxjeBu4=','u3vmB
37,258 bytes

INLINE: (function(){window['__CF$cv$params']={r:'6a2acac94ebd0c05',m:'mRDbC6JjJyLPo7DrY2
289 bytes

CSS 4   (external 1, inline 3)
INLINE: :root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3
13,164 bytes INJECTED

INLINE: @media print {#ghostery-tracker-tally {display:none !important}}
64 bytes INJECTED

INLINE: #cdac_container { font-family: Arial, sans-serif !important; font-size: 12px !i
1,536 bytes INJECTED

-onionlandsearchengine.com/css/​app.css?id=90d7ce5b297f367f2ddb
INJECTED

JSON 1   (external 0, inline 1)
INLINE: { "@context": "-http://schema.org", "@type": "WebSite", "url": "-https:/
308 bytes

Others 0   (external 0, inline 0)      

polonus (volunteer 3rd party cold recon website security-analyst and wensite error-hunter)