Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious code on site or already closed?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Suspicious code on site or already closed? (Read 2359 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Suspicious code on site or already closed?
«
on:
November 23, 2013, 11:05:07 PM »
http://wepawet.iseclab.org/view.php?hash=4443350df6139b07f176b5291bae9c34&t=1368258326&type=js
and flagged here:
https://www.virustotal.com/nl/url/30387bb6c3bc60f2558223346598f016f38aeffe32d3972238c49c9fd264de43/analysis/1385243043/
Suspicious javascript: Suspicious script type="text/javascript">document.write(unescape("%3cscript src=%27htxp://s10.histats.com/js15.js%27 type=%27text/javascript%27%3e%3c/script%3e"));</script> <a href="http://w...
Suspicion of Spam: Suspicion of Spam //wxw.thenewstrack.com/german-hackers-claimed-iphone-5s-fingerprint-scanner-cracked/" rel="bookmark"> german hackers cla...
404 error check: Suspicious 404 Page:
document.write(unescape("%3cscript src=%27htxp://s10.histats.com/js15.js%27 type=%27text/javascript%27%3e%3c/script%3e")
According to this the malware was closed:
http://support.clean-mx.de/clean-mx/viruses.php?ip=182.50.155.44&sort=ns3%20desc
But still with bad web rep:
http://www.mywot.com/en/scorecard/thenewstrack.com?utm_source=addon&utm_content=popup-donuts
Code hick-up-> wXw.thenewstrack.com/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.3 benign
[nothing detected] (script) wXw.thenewstrack.com/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.3
status: (referer=wXw.thenewstrack.com/)saved 11591 bytes e26e04f99f58785cc36fda5c84e5280e23d27a59
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined function t.widget
error: undefined variable t
suspicious:
WP issue: Wordpress internal path: /home/pervaiz/public_html/wp-content/themes/internationalpost-singlepro/index.php *
Too excessive header info spread: Running on: Apache/2.2.24
System info: (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered by: PHP/5.4.16
* themes vulnerability - one never should search for free themes.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Re: Suspicious code on site or already closed?
«
Reply #1 on:
November 23, 2013, 11:34:19 PM »
The only alert for me there is this one:
http://www.mywot.com/en/scorecard/thenewstrack.com?utm_source=addon&utm_content=rw-viewsc
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious code on site or already closed?