Hi Ijkoy & Michael (alan1998)
From a site like this one we would expect otherwise, but the overall security situation is worse than I ever thought.
Here we see errors and insecurities exposed:
https://asafaweb.com/Scan?Url=www.nvidia.com%2Fpage%2Fhome.htmlCustom Errors Fail can expose internal configuration details to attackers.
Excessive headers info also:
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Http Only Cookie * vuln - and Clickjacking vuln warnings - misspelled domain name for malicious purposes.
As this scan is also confirming this situation:
https://www.virustotal.com/nl/ip-address/184.51.126.9/information/Well Sucuri isn't the only scanner that detects.
Web Security Test detects this from Javascript Check
Suspicious
.location = "htxp://www.nvidia.ru/page/home.html"; } if (existingcookie=="de") { window.location = "htxp://www.nvidia.de/page/home.html"; } if (existingcookie=="es") { window.l...
and naturally we see traces of a hack as we check the 404 error check: Suspicious
Re:
http://jsunpack.jeek.org/?report=7b3271d196e510baaef41cd789101053d0df56eeSuspicious 404 Page:
document.write(unescape('%3c')+'\!-'+'-') //--></script><noscript><p><img src="htxp://omniture.nvidia.com/b/ss/nvidiau ->
Here I get a connection refused:
http://jsunpack.jeek.org/?report=333d9c6562d0eff5b0402f5a869155ff96552e0elooks here like someone launched some bitcoin vanish attack
So Sucuri detected a suspicious domain there: if (existingcookie=="RU") { window.location = "htxp://www.nvidia.ru/page/home.html"; } * vuln
see:
http://labs.sucuri.net/db/malware/malware-entry-mwblacklisted35so Sucuri blacklisted the site.
I would wait going there until this site has been cleansed/taken down.
polonus