Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Trojan.Script.Heuristic-js.iacgm detected?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Trojan.Script.Heuristic-js.iacgm detected? (Read 5693 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34057
malware fighter
Trojan.Script.Heuristic-js.iacgm detected?
«
on:
November 24, 2014, 10:37:03 PM »
Missed here:
https://app.webinspector.com/public/reports/27040063
See detection:
http://sitecheck.sucuri.net/results/learningtoliveoutloud.com
(Defacement and Hacked).
See:
http://www.slideshare.net/cate2bill/trojanscriptheuristic-jsiacgm
Quttera detects: index.html
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Suspicious script content
Offset: 2679
Threat dump: color hex
Threat dump MD5: 83B45E804EF71D8B847D21767A02E94B
File size[byte]: 7282
File type: HTML
Page/File MD5: A4D39505E64E8BEDC49C76D0F835C62D
Scan duration[sec]: 0.108000
IP Badness:
https://www.virustotal.com/nl/ip-address/192.185.225.117/information/
Code detected:
http://ddecode.com/hexdecoder/?results=784f3b06ef1f8cead0dadc665f6d2914
pol
«
Last Edit: November 24, 2014, 10:39:21 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37699
Re: Trojan.Script.Heuristic-js.iacgm detected?
«
Reply #1 on:
November 24, 2014, 10:48:24 PM »
VirusTotal
https://www.virustotal.com/nb/file/c449c1111429ae14c1a578956f47a53c67e4f0e53abf1551cfd380adac3b715b/analysis/1416865668/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34057
malware fighter
Re: Trojan.Script.Heuristic-js.iacgm detected?
«
Reply #2 on:
November 24, 2014, 10:56:39 PM »
Thanks, Pondus, we are being protected.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34057
malware fighter
Re: Trojan.Script.Heuristic-js.iacgm detected?
«
Reply #3 on:
May 19, 2015, 10:47:23 PM »
Update, another ecent example with this malcode:
http://killmalware.com/italiansmoke.tk/#
Missed here:
https://www.virustotal.com/nl/url/b3363501cef089c9da814a415485772534e8f1494e2d4cccf0836e2d091f3d68/analysis/1432067612/
and here:
http://quttera.com/detailed_report/italiansmoke.tk
Detected:
https://sitecheck.sucuri.net/results/italiansmoke.tkISSUE
DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 htxp://italiansmoke.tk
Defacement MW:DEFACED:01 htxp://italiansmoke.tk/404javascript.js
Web site defaced. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<title>Hacked by people_hurt</title>
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34057
malware fighter
Re: Trojan.Script.Heuristic-js.iacgm detected?
«
Reply #4 on:
August 09, 2015, 12:49:08 AM »
Still going strong:
http://killmalware.com/italiansmoke.tk/#
See:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fitaliansmoke.tk%2F
Number of sources found: 22
Number of sinks found: 7
For
http://192.185.5.247/
I get a HostGator ERROR 404 - PAGE NOT FOUND
Website Risk Status 9 red out of 10:
http://toolbar.netcraft.com/site_report?url=http://192.185.5.247
Various IDS alerts here:
https://urlquery.net/report.php?id=1439072998461
uMatrix has prevented the following page from loading:
htxp://luu.lightquartrate.com/
->
http://static.re-markable00.re-markable.net/
CSS
What is this Israeli link doing there:
http://toolbar.netcraft.com/site_report?url=http://dng.diningtablesearch.com
bad zone: Could not get name servers for 'dng.diningtablesearch.com'.
For the main domain:
http://www.dnsinspect.com/diningtablesearch.com/1439073539
WARNING: Connection to 1 mail servers failed. Could not resolve domain diningtablesearch.com.
because it is registered and no website:
http://whois.domaintools.com/diningtablesearch.com
ssl-cert: Subject: commonName=aal.coupmatch.com tls-nextprotoneg:
Phishing going on from this external link:
http://gnr.cimapping.net/
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fgnr.cimapping.net%2F
Also a strange code inject for -cfs.u-ad.info/cfspushadsv2/request
to block this properly, read:
https://adblockplus.org/forum/viewtopic.php?t=20435
->
http://toolbar.netcraft.com/site_report?url=http://cfs.u-ad.info
->
http://searchdns.netcraft.com/?host=
*.u-ad.info
polonus
«
Last Edit: August 09, 2015, 01:08:14 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34057
malware fighter
Re: Trojan.Script.Heuristic-js.iacgm detected?
«
Reply #5 on:
August 23, 2015, 11:01:40 AM »
Update could lead to the coclusion the site is maliciously defaced: -http://killmalware.com/italiansmoke.tk/#
See: -https://lolware.net/2015/04/28/nginx-fuzzing.html & -http://1col.ru/www.italiansmoke.tk
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Trojan.Script.Heuristic-js.iacgm detected?