Author Topic: Suspicious code on site or already closed?  (Read 2359 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Suspicious code on site or already closed?
« on: November 23, 2013, 11:05:07 PM »
http://wepawet.iseclab.org/view.php?hash=4443350df6139b07f176b5291bae9c34&t=1368258326&type=js
and flagged here: https://www.virustotal.com/nl/url/30387bb6c3bc60f2558223346598f016f38aeffe32d3972238c49c9fd264de43/analysis/1385243043/
Suspicious javascript: Suspicious   script type="text/javascript">document.write(unescape("%3cscript src=%27htxp://s10.histats.com/js15.js%27 type=%27text/javascript%27%3e%3c/script%3e"));</script> <a href="http://w...
Suspicion of Spam: Suspicion of Spam    //wxw.thenewstrack.com/german-hackers-claimed-iphone-5s-fingerprint-scanner-cracked/" rel="bookmark"> german hackers cla...
404 error check: Suspicious 404 Page:
   document.write(unescape("%3cscript src=%27htxp://s10.histats.com/js15.js%27 type=%27text/javascript%27%3e%3c/script%3e")
According to this the malware was closed: http://support.clean-mx.de/clean-mx/viruses.php?ip=182.50.155.44&sort=ns3%20desc
But still with bad web rep: http://www.mywot.com/en/scorecard/thenewstrack.com?utm_source=addon&utm_content=popup-donuts
Code hick-up-> wXw.thenewstrack.com/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.3 benign
[nothing detected] (script) wXw.thenewstrack.com/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.3
     status: (referer=wXw.thenewstrack.com/)saved 11591 bytes e26e04f99f58785cc36fda5c84e5280e23d27a59
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined function t.widget
     error: undefined variable t
     suspicious:

WP issue: Wordpress internal path: /home/pervaiz/public_html/wp-content/themes/internationalpost-singlepro/index.php *
Too excessive header info spread: Running on: Apache/2.2.24
System info: (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered by: PHP/5.4.16
* themes vulnerability - one never should search for free themes.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Suspicious code on site or already closed?
« Reply #1 on: November 23, 2013, 11:34:19 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!