Suxcuri gives the site an all green. Site security is questionable and site may be compromised because of this external link: htxp://squeezewayl.net/test404page.js see the case of
http://urlquery.net/report.php?id=7623934IDS alert for ET "RBN Known Russian Business Network IP group 400" (Be aware site with adult content links)
http://urlquery.net/report.php?id=8827872See:
https://www.virustotal.com/nl/url/6a8188dd45ae3764610dae80806e69977ef625d014bad76b65b175e03ebb94db/analysis/1389805221/JavaScript check: Suspicious
ion+xml" href="htxp://linksfun dot ru/engine/opensearch.php" title="ðàçâëå÷åíèÿ îíëàéí äëÿ âàñ.ñìåøíîå âèäåî ïðèêîëû." /> <link rel="alternate" type="application/rss+xml" title="ðàçâë...
Spam Check: Suspicion of Spam
htxp://linksfun.ru/video/44759-porno-s-pevitsoj-svetoj.html">ïîðíî ñ ïåâèöîé ñâåòîé</a></h2> <div class="postdate"> ...
Included script:
Suspect - please check list for unknown includes
Suspicious Script:
linksfun dot ru/engine/classes/js/dle_js.js
.ru/whois/?ip='+a+'" target="_blank">'+b+"</a>";e[1]='<a href="'+dle_root+dle_admin+"?mod=iptools&ip="+a+'" target="_blank">'+c+"</a>";e[2]=
Code hick-up in jsunpack:
xoliter dot com/60h16f5fc94/5db91/4/ecd.js benign
[nothing detected] (script) xoliter dot com/60h16f5fc94/5db91/4/ecd.js
status: (referer=linksfun.ru/2011/10/09/)saved 15423 bytes 14bbedabc310fb974c44495aca2fcbe8851f1098
info: [javascript variable] URL=
info: [decodingLevel=0] found JavaScript
external link to c.teromil dot com - no description because of robot.txt -> SMS fraud site?
error: undefined variable padid
error: undefined variable blockid
info: [var appendChildsrc] URL=/wp-includes/js/jquery/jquery.js
info: [var appendChildsrc] URL=c.teromil.com/s/0/1.js
info: [element] URL=/wp-includes/js/jquery/jquery.js
info: [element] URL=c.teromil.com/s/0/1.js
info: [decodingLevel=1] found JavaScript
error: undefined variable show1
error: undefined function show1
suspicious:
Netcraft detect is because of PHISHING!!
The malware detection is found here:
http://support.clean-mx.de/clean-mx/viruses?id=16594627Missed by avast!->
https://www.virustotal.com/nl/file/c20e0ab27a67d197ab6476ae59970ea8291a4ac1f65cfa4fe36d6b3f9c236611/analysis/The malware is long OVERDUE! alive & up and running now for 1847.6 hrs!
pol