Avast WEBforum

Other => General Topics => Topic started by: Avastfan1 on May 30, 2010, 10:24:54 AM

Title: Infected URL?
Post by: Avastfan1 on May 30, 2010, 10:24:54 AM

Hello Everyone!

Can somebody please tell me if this URL is infected?

hxxp://drawmohammed.com/

Thanks!

Avastfan1

Title: Re: Infected URL?
Post by: nmb on May 30, 2010, 11:20:06 AM

Check here : http://www.urlvoid.com/scan/drawmohammed.com

and here : http://www.UnmaskParasites.com/security-report/?page=drawmohammed.com (for links in site)

nmb

Title: Re: Infected URL?
Post by: Avastfan1 on May 30, 2010, 11:25:04 AM

Hi NMB,

Thank for the reply. Those links look really great! Are they hosted by reputable companies?

Avastfan1

Title: Re: Infected URL?
Post by: nmb on May 30, 2010, 11:26:12 AM

Yes, they are reliable to some extent. I mean the scan for websites.

You can also try anubis service. But it is for an advanced user.

nmb

Title: Re: Infected URL?
Post by: polonus on May 30, 2010, 03:12:58 PM

Hi

The site was/is still hacked by Turkish hackers from Canada,
because they consider the site as blasphemous,
this was not so long ago 20-22 May last:
http://www.allpakistaninews.com/turkish-hackers-facebook-and-drawmohammed-com.html

Unmasked parasites give it clean, also subsequent link sites..
Scan for: htxp://drawmohammed.com
Hostname: drawmohammed.com
IP Address: 67.43.237.66
Date: 30-05-2010 06:55

Running on: Microsoft-IIS/7.0
Powered by: ASP.NET
links found there:
htxp://www.sonpeygamber.info/index/index.php?lang=en
1 page resulted in malicious software being downloaded and installed without user consent.
The last time suspicious content was found on this site was on 2010-04-10.

Malicious software includes 322 exploits.

Malicious software is hosted on 1 domains, including abbcp.cn/.

This site was hosted on 3 network(s) including AS39582 (GRID), AS35368 (DATAHOUSE), AS52 (UCLA).
http://www.Cyber-Warrior.Org/domain.asp
http://www.turk-h.org/defacement/view/4135/drawmohammed.com
http://www.google.com.tr/search?hl=tr&q=drawmohammed.com&meta=

Listings:
Domain clean by Google Safe Brownsing: drawmohammed.com

Domain clean by Norton Safe web: drawmohammed.com

Domain clean by Sucuri Web Blacklist: drawmohammed.com

Domain clean by the Phish Tank: drawmohammed.com

Domain clean by the Malware Domain List: drawmohammed.com

Checked links:

(Level: 0) Url checked:
htxp://drawmohammed.com
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (meta refresh)
htxp://www.lastprophet.info/en/?lang=en
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/togglelayer.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/overlib_mini.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/disablerightclick.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/domnews.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mbt_transmenu/transmenu.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_lxmenu/functions.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_lxmenu/menu.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_lxmenu/pos_lxmenu.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_fpss/engines/jquery-comp.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_fpss/engines/jquery-fpss-comp.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/pagepeel_banner/ac_oetags.jslanguage=javascript
Blank page / could not connect
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.google-analytics.com/urchin.js
Zeroiframes detected on this site: 0
No ad codes identified

polonus

Title: Re: Infected URL?
Post by: Avastfan1 on May 30, 2010, 07:33:59 PM

As always, Polonus coming through with additional, comprehensive information!

Thanks!

Avastfan1

Title: Re: Infected URL?
Post by: 0strodamus on June 02, 2010, 09:45:28 PM

I'll say! Where does polonus dig all this stuff up from? Very informative!  ;D

Title: Re: Infected URL?
Post by: Avastfan1 on June 03, 2010, 12:08:26 AM

No idea. But the lad is an absolute gem!