Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious iFrame on site...we have protection!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Suspicious iFrame on site...we have protection! (Read 2988 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34053
malware fighter
Suspicious iFrame on site...we have protection!
«
on:
January 20, 2014, 11:49:33 PM »
See:
http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fhnyechun.com
Website Virus Tracker classification: hnyechun dot com,124.173.105.107,ns1.cnolnic dot net,Parked/expired,
2 suspicious files according to Quttera's:
/index.asp
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What's this?]
Details: Detected hidden iframe tag to '3721job.net' iFrame-WI
Offset: 8671
Threat dump: View code on
http://jsunpack.jeek.org/?report=f7f8bc9fd64d73a10cd08247296d878b4fa23fc6
File size[byte]: 8755
File type: ASCII
MD5: 39E34E6BB3C7A1238915B7B7E203D450
Scan duration[sec]: 0.029000
&
/index.html
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What's this?]
Details: Detected hidden iframe tag to '3721job.net' iFrame-WI
Offset: 8671
Threat dump: View code on:
http://jsunpack.jeek.org/?report=f7f8bc9fd64d73a10cd08247296d878b4fa23fc6
File size[byte]: 8755
File type: ASCII
MD5: 39E34E6BB3C7A1238915B7B7E203D450
Scan duration[sec]: 0.022000
avast! Webshield protects us against this malcode by blocking access to HTML:iFrame-BLG[Trj] as for site mentionened |{gzip}.
redirect site is not being blocked!
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34053
malware fighter
Re: Suspicious iFrame on site...we have protection!
«
Reply #1 on:
January 21, 2014, 12:23:32 AM »
There is also a malicious external link going here: htxp://www.0898it.com
No description because of robot.txt Bitdefender Traffic Light blocks site as malicious, and the WOT webrep is here:
https://www.mywot.com/en/scorecard/0898it.com?utm_source=addon&utm_content=popup-donuts
(High Risk Domain)
Domain classification: wXw.0898it.com,121.197.14.82,,Cybercriminals,
Description:
5年来中企在线专注于海南网站建设、网络推广,是拥有最多推广平台、最多客户案例、最多设计和销售客服队伍、最多政府授牌资质的优秀企业。
code hick-up:
wXw.0898it.com/js/jquery.js benign
[nothing detected] (script) wXw.0898it.com/js/jquery.js
status: (referer=wXw.0898it.com/)saved 72328 bytes 6ab320a0421a75731233a3f6ec4f4f906b903dac
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Also suspicious external links found.
See:
https://www.virustotal.com/nl/url/83f764c5a93c49da9ee46fc3eebc05b14cea1fcbdc8898e1e7e16620dc4e0fa9/analysis/1390259468/
filescan probably harmless? Given clean here:
http://maldb.com/www.0898it.com/
Given as blacklisted and likely compromised here:
http://sitecheck.sucuri.net/results/www.0898it.com
Because of sloppy IT-security managment, see:
Asafaweb result, which are flagging various insecurities via this scan:
https://asafaweb.com/Scan?Url=www.0898it.com
1. Internal server error messages exposed externally -
2. Stack trace information being spread could expose code-level information - extremely dangerous!
3. Excessive header warning - Info also available to attackers:
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET, UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
4. Clickjacking Warning
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious iFrame on site...we have protection!