« previous next »
Pages: [1]   Go Down

Author Topic: Is this site detected?  (Read 1919 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Is this site detected?
« on: January 13, 2014, 01:55:27 AM »
See: https://www.virustotal.com/nl/url/ad4472c57525d28c23be168b2e240694a82f86b11f2942d8d023b77a99e0872c/analysis/
Nothing here: http://urlquery.net/report.php?id=8791578
Detected as suspicious: http://app.webinspector.com/public/reports/19415854
Javascript check: Suspicious
Quote
guage="javascript"> function dnnviewstate() { var a=0,m,v,t,z,x=new array('9091968376','8887918192818786347374918784939277359287883421333333338896','778787','94999
or
<style undefined>
  .dnn{position:absolute;top:-9999px}
</style>
-> http://jsunpack.jeek.org/?report=ea49d48f5d3bb859f1ccfa784a0b2832a47bbe7c
Known phishing IP: http://support.clean-mx.de/clean-mx/phishing.php?review=81.209.19.27&sort=id%20DESC

Here the site is detected with malware and as blacklisted: http://sitecheck.sucuri.net/results/toppform.fi/
malware: http://labs.sucuri.net/db/malware/malware-entry-mwspamseo

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Is this site detected?
« Reply #1 on: January 13, 2014, 02:24:45 PM »
For 9091968376','8887918192818786347374918784939277359287883421333333338896','778787','949990793917947998942577939317
the code output = <style undefined>.dnn{position:absolute;top:-9999px}</style>. Using x[4] instead, it should output:<style type='text/css'>.dnn{position:absolute;top:-9999px}</style>  –  JSFiddle interpretation credits go to Allen Hsu,

code hick-up: static.ak.fbcdn dot net/rsrc.php/v2/yl/r/UHi7G-9xDCW.js benign
[nothing detected] (script) static.ak.fbcdn.net/rsrc.php/v2/yl/r/UHi7G-9xDCW.js
     status: (referer=wXw.facebook.com/connect/connect.php?key=null&amp;url=/?channel=1&amp;id=110222019025377&amp;name=&amp;width=300&amp;locale=GB&amp;connections=50&amp;stream=0&amp;logobar=0&amp;css=)saved 12787 bytes ca0cf7722d0e28aed483fc7eb34c6c374714d11c
     info: [decodingLevel=0] found JavaScript
     error: undefined variable __d
     error: undefined function __d
     suspicious: Cavalry Logger code
VT: {"sha256": "6e4924a6b59faabc1ce5e496bb1b26dcff0649cbd9f6b99da2b6b0dbf5b320ca", "result": 1, "last_analysis_url": "/en/url/6e4924a6b59faabc1ce5e496bb1b26dcff0649cbd9f6b99da2b6b0dbf5b320ca/analysis/", "timestamp": "1386685922", "positives": 1, "last_analysis_date": "2013-12-10 14:32:02", "total": 51, "url_exists": true, "first_analysis_date": "2013-12-10 09:45:39", "reanalyse_url": "/en/url/submission/?force=1&url=http://static.ak.fbcdn.net/rsrc.php/v2/yl/r/UHi7G-9xDCW.js&token=4e837e553e5b0fa8e07970a865c699a78f4577e062d6777fa03577899148975e"}

polonus
« Last Edit: January 13, 2014, 02:44:12 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »