« previous next »
Pages: [1]   Go Down

Author Topic: Just suspicious or also with malware?  (Read 1564 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34060
  • malware fighter
Just suspicious or also with malware?
« on: April 05, 2017, 12:49:13 AM »
See: http://urlquery.net/report.php?id=1491343480561
See: https://www.virustotal.com/pl/url/c2d54d57cd1b45f9a85f91a6a174b0d7225099396ded4c61769aee18249a8d3d/analysis/1491344949/
Alerts for drive-by-downloads here: https://safeweb.norton.com/report/show?url=bennelsonpics.com
2 retirable libraries: http://retire.insecurity.today/#!/scan/69b10c358fd45cb22770fefb422bd04701685f64a0e14b97c3daf4c915446752
F-status with 5 issues: https://sritest.io/#report/6d700e1f-25c6-49ed-9ace-b15bf4270ac5
F-status and recommendations: https://observatory.mozilla.org/analyze.html?host=www.bennelsonpics.com
source code: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.bennelsonpics.com&ref_sel=GSP2&ua_sel=ff&fs=1

YouTube insecurity via: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bennelsonpics.com%2Fmedia%2Fjui%2Fjs%2Fbootstrap.min.js.pagespeed.jm.7eeKttoVW_.js
What about the embed player algorithm: -www-en_US-vflgfB-i2/base.js  fitting in the trend and working in node.js/base.js etc.

Google captcha code with error
Quote
line:3: ReferenceError: reference to undefined XML name *::*
and just where the sri-hash issue was: -https://www.google.com/recaptcha/api.js

We find cloaking on the site
Quote
Checking for cloaking
There is a difference of 759 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page.
See what here: http://isithacked.com/check/http%3A%2F%2Fwww.bennelsonpics.com%2Fgallery%2Fsenior-pictures-portraits

Nothing alerted here: http://killmalware.com/www.bennelsonpics.com/gallery/senior-pictures-portraits

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5719
  • Spartan Warrior
Re: Just suspicious or also with malware?
« Reply #1 on: April 05, 2017, 07:02:33 AM »
You've got a server located in Bulgaria and another in Romania but both represent as in USA.
hxxp://zulu.zscaler.com/submission/show/f243c3c4def484786d5753233944e250-1491367939

Done.   :)
« Last Edit: April 06, 2017, 12:59:32 AM by mchain »
Logged
Windows 11 Home 23H2
Windows 11 Pro 23H2
Avast Premier Security version 24.8.6127 (build 24.8.9372.868)
UI version 1.0.814

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34060
  • malware fighter
Re: Just suspicious or also with malware?
« Reply #2 on: April 05, 2017, 12:52:21 PM »
Hi mchain,

Break that scan result url please, as it kicks up an error on mobile for zulzu.zscaler dot com redirecting.
Brave browser won't open the link when we use Google DNS - 8.8.8.8 and 8.8.4.4  No AAA records.
With another browser I have to allow the redirection and it is OK.

See script here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fzulu.zscaler.com%2F
See: https://www.hybrid-analysis.com/sample/4f2fbb4d5bf77845cd4ac6e5864594d60e215aa9442c5f4f30fb52bf2981574f?environmentId=100

This code will kick up an undefined varaible $ error as well and is seen as suspicious by Zulu Zscaler as well:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bennelsonpics.com%2Ftemplates%2Fgk_portfolio%2Fjs%2Fjquery.fitvids.js

polonus
« Last Edit: April 05, 2017, 01:02:13 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »