« previous next »
Pages: [1]   Go Down

Author Topic: Domain 6 days old and suspicious script running?  (Read 1011 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Domain 6 days old and suspicious script running?
« on: February 24, 2015, 11:35:05 PM »
See: https://www.virustotal.com/nl/url/13300b7ca23ac9f9fe6557fa41ba16dad55aa503c06e0cf3bfa8a7784dd41ece/analysis/1424816134/
Kaspersky flags website.
Custom-errors.fail and warnings: https://asafaweb.com/Scan?Url=broste-bonesnot.us
Blank pages no blank script: http://www.webdeveloper.com/forum/showthread.php?291427-New-domain-displaying-strange-JavaScript
Malicious,  my friends: https://www.virustotal.com/nl/url/157beff286c570d893eedba9e653fd3f51170cefedeb0861976b41c72a17334b/analysis/
But given as probably harmless?
Link for researchers with NoScript active inside a browser with VM/sandbox: http://jsunpack.jeek.org/?report=acb3fd28f3941d5e511da281e5724f29c74f3fe4 - re: http://bugs.jquery.com/ticket/9801

-broste-bonesnot.us,184.168.221.93,ns71.domaincontrol.com,Parked/expired, -> registered and active website:
http://whois.domaintools.com/broste-bonesnot.us -> -ak2.imgaft.com,,,Ghosted, -> http://www.dnsinspect.com/imgaft.com/1424816958 -> http://whois.domaintools.com/imgaft.com
Netcraft Risk 1/10 red: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2Fak2.imgaft.com%2Fscript%2Fjquery-1.3.1.min.js
Sorry this site is not currently available! Not blocked by avast!

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: February 24, 2015, 11:52:28 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »