I see an IDS alert for 2014-12-12 21:34:17 2 urlQuery Client 185.21.103.153 ET INFO HTTP Request to a *.pw domain
There has been a raise in malcious .pw URLs being used in spam.
Read:
http://www.domainregistration.com.au/news/2013/1305-pw-domain-spam.phpNot the .pw domain as such is mallicious it is where you land that is.
These domains are also abused for Nuclear Pack exploit kit .
Site has been compromised and is most probably harmful ->
http://sitecheck.sucuri.net/results/www.hopper.pw#sitecheck-detailsHosting report:
http://w3bin.com/domain/hopper.pwFAIL: Found differences between information provided by your authoritative name servers and glue provided by the parent name servers
& WARNING: Found stealth name servers:
ns.as-webservices.de.:
->
http://www.dnsinspect.com/hopper.pw/1418417178 hosted on a dedicated server:
http://whois.domaintools.com/hopper.pwavast also warns on: htxps://ipv4.www.hopper.pw/detectip/5h9if41c92gw6sasoqeidgyf1xy2d7el/
ISSUES ->
https://www.ssllabs.com/ssltest/analyze.html?d=hopper.pwVulnerable too Poodle attack viamagnific-popup/ code. Insecure and weak intermediate certificate.
Suspicious in code -hick-up:
netdna dot bootstrapcdn dot com/bootstrap/3.0.0/js/bootstrap.min.js benign
[nothing detected] (script) netdna.bootstrapcdn dot com/bootstrap/3.0.0/js/bootstrap.min.js
status: (referer=ipv4.wXw.hopper.pw/)saved 27726 bytes 75a42212affc118fef849aba4b9326a7da2acda1
info: [decodingLevel=0] found JavaScript
suspicious:
error: undefined variable head
info: [element] URL=api.github dot com/repos/asmaps/hopper dot pw?callback=callback
info: [1] no JavaScript
polonus