Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: ET POLICY Maxmind geoip check to /app/geoip.js site not blocked? (Read 3062 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?
«
on:
November 02, 2013, 04:07:47 PM »
Blocked by WOT and webutation:
http://www.webutation.net/go/review/consumertipsdaily.org?req=chrome
Flagged on many instances by VT:
https://www.virustotal.com/nl/url/b03111c787aa4f11d6d546ce0b725c40c5cd4ff5a5e79b3c204c48607f07e77a/analysis/1383402944/
Phishing and other frauds, disease vector,spam according to
http://urlquery.net/report.php?id=7390685
See IDS severity 1:
http://doc.emergingthreats.net/bin/view/Main/2015878
Exploitable:
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-142889/PHP-PHP-5.3.18.html
On redirect to htxps://wahinstitute.net/?t202kw=affi&sid=
I get these included scripts alerted:
Suspect - please check list for unknown includes
htxps://wahinstitute.net/js/jscripts-lib.php ->
http://jsunpack.jeek.org/?report=312c31a8a35696ee8de894542d5b3a2d42bf01be
htxps://wahinstitute.net/js/exitpop.php ->
http://jsunpack.jeek.org/?report=9ea65ead9320cd7fb07cea26617628bb0a3ba88c
(inserted on themes to go in footer.php)
Quttera comes up with 4 potentially suspicious -
//////////////
/program-available.php?
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['*************************************************\nToday\'s Special 61% OFF Discount\n**************']] of length 702 which may point to obfuscation or shellcode.
Threatdump:
http://jsunpack.jeek.org/?report=4a7af539e48544a01b10bffa58f2ef4b01a41c38
//////////////////index.html
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['************************************************\n Today\'s Special 50% OFF Discount\n *************']] of length 673 which may point to obfuscation or shellcode.
Threatdump:
http://jsunpack.jeek.org/?report=f77ab01654159005e491269a38c69d2ede45ab1c
//////////////////
/1/program-available.php?
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['*************************************************\nToday\'s Special 61% OFF Discount\n**************']] of length 702 which may point to obfuscation or shellcode.
Threatdump:
http://jsunpack.jeek.org/?report=02093071d935edafa73e92a56b034a3bb3ffde6e
//////////////////////////////////////
/#
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['************************************************\n Today\'s Special 50% OFF Discount\n *************']] of length 673 which may point to obfuscation or shellcode.
Threatdump:
http://jsunpack.jeek.org/?report=0c8955ce6fa3389079f56beb15d73b033354ce67
pol
«
Last Edit: November 02, 2013, 04:14:45 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Re: ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?
«
Reply #1 on:
January 12, 2014, 06:51:31 PM »
Another one:
http://urlquery.net/report.php?id=8790923
See:
http://jsunpack.jeek.org/?report=7013f04b0a946d7dfb60f878dc02a7a8dc120886
See:
http://maldb.com/www.kp.ru/daily/diatlov-pass/
Code:
[Select]
<div id="uslotitem6326"></div>
see:
http://jsunpack.jeek.org/?report=db3bbdcbfe9c7eaee69d4b7d293166de2837127a
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37698
Re: ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?
«
Reply #2 on:
January 12, 2014, 07:16:25 PM »
Listed at PhishTank
http://www.phishtank.com/phish_detail.php?phish_id=1952046
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Re: ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?
«
Reply #3 on:
January 12, 2014, 07:29:02 PM »
Hi Pondus,
Hey, thanks
That is a valuable precision for those that will alert this via the WOT webrep reports!
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37698
Re: ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?
«
Reply #4 on:
January 12, 2014, 07:33:58 PM »
and those listed at PhishTank are blocked by openDNS
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?