Suspicious javascript or what?

[polonus]

Javascript Check is found to be suspicious:
Suspicious

data[//><!-- window.jquery || document.write("<script src='/sites/all/modules/jquery_update/replace/jquery/1.7/jquery.js'>\x3c/script>") //--><!]]> </script> <script type="text/jav...
Sucuri"s does not detect: http://sitecheck.sucuri.net/results/twojruch.eu
XSS attack vulnerable site? Drupal version up to date: 7.28

polonus

P.S. For evaluation see: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Ftwojruch.eu%2Fwiadomosci%2Frownosc%2Fbloginewsweekpl-atak-establishmentu-na-twoj-ruch-palikota&useragent=Fetch+useragent&accept_encoding=

External script link with suspicious web rep: https://www.mywot.com/en/scorecard/track.adform.net?utm_source=addon&utm_content=popup

D

[polonus]

Another one here: See: http://quttera.com/detailed_report/twojanuta.pl
plug-in php malcode?  Scam ads?
Nothing here: https://www.virustotal.com/nl/url/454d9117d377def69c3510b30168e0f6390ffa278e778564a3f4c3a9e50bb0d6/analysis/1402945597/
External script link to htxp://diff3.smartadserver.com/call2/pubjall/
-> https://www.mywot.com/en/scorecard/diff3.smartadserver.com?utm_source=addon&utm_content=popup

polonus

[polonus]

Flagged at Comodo's and Quttera's
http://app.webinspector.com/public/reports/22604437
&
http://quttera.com/detailed_report/nichesnowboards.com

Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> __tmpvar749749895 = eval; <code/>

See here: htxp://aw-snap.info/articles/js-examples.php (broken for avast! flags site as with as
JS:Agent-KD[Trj]

Sucuri detects site as infested with SEO-Spam: http://sitecheck.sucuri.net/results/nichesnowboards.com

Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}xViewState();

polonus

[polonus]

Glad to be able to report to avast! community members that  the excellent avast! Web Shield detects and blocks the malcode on: htXps://nichesnowboards.com/ as JS:HideLink-A[Trj].
We are being protected, folks! 

pol

[polonus]

Similar SEO-Spam malware here: http://sitecheck.sucuri.net/results/twosparrowsproductions.ca
http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Ftwosparrowsproductions.ca  -> TrojWare.JS.Agent.caa
6 instances of SEO Spam detected: http://sitecheck.sucuri.net/results/twosparrowsproductions.ca
BitDefender TrafficLight also blocks site as being malicious.
Also known as PHISH-IP, http://lists.clean-mx.com/pipermail/phishwatch/20131219/066860.html

polonus

[Pondus]

Glad to be able to report to avast! community members that  the excellent avast! Web Shield detects and blocks the malcode on: htXps://nichesnowboards.com/ as JS:HideLink-A[Trj].
We are being protected, folks! 

pol

VirusTotal
https://www.virustotal.com/en/file/98b86057499c53e8c057ba2b760d5efc3e03217d84ff8ed0a67e39a169725ff2/analysis/1403038946/

[Pondus]

Similar SEO-Spam malware here: http://sitecheck.sucuri.net/results/twosparrowsproductions.ca
http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Ftwosparrowsproductions.ca  -> TrojWare.JS.Agent.caa
6 instances of SEO Spam detected: http://sitecheck.sucuri.net/results/twosparrowsproductions.ca
BitDefender TrafficLight also blocks site as being malicious.
Also known as PHISH-IP, http://lists.clean-mx.com/pipermail/phishwatch/20131219/066860.html

polonus

VirusTotal
https://www.virustotal.com/en/file/9e144a0d8b574bce3bff1f0fb17c2fe468ee2981c754c1eb2d034213fbda86e3/analysis/1403039061/

[polonus]

Most scanners give this site  clean bill of health: http://zulu.zscaler.com/submission/show/563934b6ddc96f045625ebf47d84470e-1403180866
&
http://quttera.com/detailed_report/www.afdzal.net
&
http://urlquery.net/report.php?id=1403180114602
But we get suspicious iFrame check:
Suspicious

htxp://widget.stagram.com/follow/wan9571'
htxp://snapwidget.com/in/?u=d2fuotu3mxxpbnwxmdb8mnw0fhx5zxn8nxxub25l'

Included scripts check:Suspect - please check list for unknown includes


Suspicious Script:
   htxp://busuk.org/ping/widget/type3/1182050127/12
   document.write("<script type='text/javascript' src='htxp://ping.busuk.org/auto/verticalb.js?limit=12'></script>");

Sucuri's scan results seem to agree: http://sitecheck.sucuri.net/results/www.afdzal.net

avast Web Shield blocks as with JS:Clickjack-H[Trj], which equals TrojWare.JS.TrojanClicker.FbLiker.A.

polonus

[Pondus]

Most scanners give this site  clean bill of health: http://zulu.zscaler.com/submission/show/563934b6ddc96f045625ebf47d84470e-1403180866

VirusTotal
https://www.virustotal.com/nb/file/aeeea27e5d86dd4e16352c8b3e8c1c188f2a82048181bf844552d75af2eda337/analysis/1403187908/

[polonus]

We thank Pondus for reporting undetected website: : wXw.wydawnictwoasp.pl
What's on?
Javascript Check:
Suspicious

<script language=javascript>document.write(unescape(\'%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61
Spam Check: Suspicion of Site-Wide Defacement

tional//en\"> <html> <title>hacked by phantomghost</title> <meta content=\"official member : 4prili666h05t - ./yupi d...

polonus

[polonus]

What about this one: Suspicious on 001hao dot com

<div class="stat" ><script src="htxp://v1.cnzz.com/stat.php?id=3455938&web_id=3455938&show=pic" language="javascript" charset="gb2312"></sc 
See: https://www.mywot.com/en/scorecard/v1.cnzz.com?utm_source=addon&utm_content=popup

pol