« previous next »
Pages: [1]   Go Down

Author Topic: Suspicious website - mal-content removed?  (Read 1510 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33946
  • malware fighter
Suspicious website - mal-content removed?
« on: August 06, 2015, 10:25:14 PM »
See: http://killmalware.com/getsapp.ru/#
4 instances of malware were flagged in historical reports here: https://urlquery.net/report.php?id=1438891133927
with external links to -pix-001.tizerbank.com (Avast detects there: https://www.virustotal.com/nl/file/01d97f388e5e9af4b3dcc027a60ccb6d96ed93c97abd6484e26b7b72d8dd0d79/analysis/ )
See this report: http://webcookies.org/cookies/pix-001.tizerbank.com/2177609/  see the HTTP security related header report there! This website sets permissive cross-domain policy, see how this can be abused!
Adguard, ABP and uBlock Origin block this destination.
Various exploits known for uServ/3.2.2.
Malicious file: stat/dspixel.js?ab=uc&cl=
Severity:   Malicious
Reason:   Detected reference to blacklisted domain
Details:   Detected reference to malicious blacklisted domain pix-00.tizerbank.com
File size[byte]:   346
File type:   ASCII
Page/File MD5:   646469DFD960604E3FAF94C757A94A26
Scan duration[sec]:   0.041000
Blacklisted = htxp://pix-00.tizerbank.com/pixel/tz/6yt9k? URL cannot be fetched...invalid index Bitdefender TrafficLight blocks main site: htxp://pix-00.tizerbank.com-> http://toolbar.netcraft.com/site_report?url=http://pix-00.tizerbank.com
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fgetsapp.ru%2Findex%2F3
Code: [Select]
HTTP headers:

HTTP/1.1 404 Not Found
Content-Type: text
Access-Control-Allow-Origin: *
Content-Length: 13 -> Dutch Leaseweb hosted: http://toolbar.netcraft.com/site_report?url=http://37.48.111.104
Netcraft Website Security Risk 9 red out of 10. Potentially risky methods: PUT proxy-authentication on
OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0 (Netcraft returns unknown).

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37629
  • Not a avast user
Re: Suspicious website - mal-content removed?
« Reply #1 on: August 07, 2015, 07:34:51 PM »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33946
  • malware fighter
Re: Suspicious website - mal-content removed?
« Reply #2 on: August 07, 2015, 08:10:43 PM »
Hi Pondus,

I always check the scan results for the most recent update and against other scans.
It is the only scanner that provides defacement on website detection and SEO redirections for that matter.
When accurate detection Sucuri is found to miss most of such detections, Quttera's is known to detect more.
Website Security Check finds defacements but often flags them as kind of spam.
All of the above are not reported by VT. As I also report malicious and suspicious websites at WOT
they have some, but also do not flag malicious defacements.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »