« previous next »
Pages: [1]   Go Down

Author Topic: Yandex blacklisted and what more?  (Read 1376 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Yandex blacklisted and what more?
« on: October 01, 2014, 01:25:12 PM »
See: http://www.yandex.com/infected?url=za-kolomnoi.ru&l10n=en
Detected here as with malware: http://killmalware.com/za-kolomnoi.ru/
11 suspicious pages and also SE redirects given.
Just one to detect on VT -> https://www.virustotal.com/nl/url/32b77533604ed40911571275e1bfa5acbc74af5b8888e0dbcefe299284bf93e7/analysis/1412161136/
Scan for: htxp://za-kolomnoi.ru
Hostname: za-kolomnoi.ru
IP address: 77.221.130.44

System Details:
Running on: nginx/0.7.67
Powered by: PHP/5.2.17

Web application details:
Application: Joostina - ��������� ����� © 2008 Joostina Team. ��� ����� ��������.
Outdated Web Server Nginx Found: nginx/0.7.67
http://nginx.org/en/security_advisories.html (new patch level not yet available)
http://www.cvedetails.com/version/106044/PHP-PHP-5.2.17.html  (remote control eploit vulnerability)
Cannot find site on server srv044.infobox.ru   on *.infobox.ru Cloud

List of scripts included
htxp://za-kolomnoi.ru/includes/js/jquery/jquery.js -> http://jsunpack.jeek.org/?report=4ee6e019ef16f4a0ece6abe994cdf811138fe66d
htxp://za-kolomnoi.ru/includes/js/jquery/plugins/corner.js -> http://jsunpack.jeek.org/?report=4b2fbd10bc08e861a7e2180578ea0852482edd1e
htxp://za-kolomnoi.ru/highslide/highslide.js benign -> http://jsunpack.jeek.org/?report=2d00aeaa2c8cc1b09b0bbd1626d54f447ebc015f

/includes/js/overlib_mini.js
Severity:   Potentially Suspicious
Reason:   Detected potentially suspicious content.
Details:   Detected potentially malicious execution behaviour.
Threat dump:   http://jsunpack.jeek.org/?report=f95d9bbc3468f5406521bd151c8b8a23d61f47c8  (see syntax error)
Threat dump MD5:   08B8BC9EC69FC7289E866D5DA2F3F168
File size[byte]:   37153
File type:   ASCII
Page/File MD5:   0F05A670C9DAD2451779F405D6406460
Scan duration[sec]:   1.517000

Site's HTTP Security Headers Test Results: Number of Happy Findings: 1
Number of Not As Happy Findings: 9
Percentage Happy Findings: 10%

Bad web host and content spammer: http://www.projecthoneypot.org/ip_77.221.130.44
Not listed: http://dnsbl.inps.de/query.cgi?lang=en&ip=77.221.130.44&action=check&quick=0

polonus

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Re: Yandex blacklisted and what more?
« Reply #1 on: October 01, 2014, 01:38:06 PM »
I find two links from inside a script blocked for me by an extension:
htxp://counter.yadro.ru/hit?t14.1;r  &  htxp://www.liveinternet.ru/click

Nothing here: http://urlquery.net/report.php?id=1412163076350
Avast! does not block site, but WOT does: https://www.mywot.com/en/scorecard/za-kolomnoi.ru?utm_source=addon&utm_content=warn-viewsc#rate

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »