Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious script and outdated server software on website.
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Suspicious script and outdated server software on website. (Read 2330 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Suspicious script and outdated server software on website.
«
on:
March 11, 2015, 07:16:39 PM »
See:
https://www.virustotal.com/nl/url/b3dee72d84ceb19f154a062f7eab9af2ee8bcc7db7a9c9f924371918913dc344/analysis/1426096954/
See malware detected by Sucuri: Internal Server Error 500-error?v1 htxp://netcomber.com/404javascript.js
Website Malware MW:IFRAME:HD202?v01.1 htxp://netcomber.com/about-us
Website Malware MW:IFRAME:HD202?v01.1 htxp://netcomber.com/affiliates
Internal Server Error 500-error?v1 htxp://netcomber.com/anamericanfamily.net
Internal Server Error 500-error?v1 htxp://netcomber.com/aol.com
Site error detected. Details:
http://labs.sucuri.net/db/malware/500-error?v1
HTTP/1.1 500 INTERNAL SERVER ERROR
Outdated server software detected:
http://www.security-database.com/cpe.php?detail=cpe:/a:igor_sysoev:nginx:1.1.19
Included script: Suspect - please check list for unknown includes
Suspicious Script:
htxp://cdn.optimizely.com/js/16473106.js
e=eval("("+a+")"),"function"=== typeof b?d({"":e},""):e;h(new syntaxerror("json.parse"))}})();function pd(a,b){var c;c=$.trim(b);var d="";if
Report:
http://saferpage.de/netcomber.com
Possible Front-end SPOF: Possible Frontend SPOF from:
-cdn.optimizely.com -
(97%) - <script src="htxp://cdn.optimizely.com/js/16473106.js">
-ajax.googleapis.com -
(88%) - <link rel="stylesheet" href="htxp://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/ui--lightness/jquery-ui.css" type="text/css" />
(85%) - <script src="htxps://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js" type="text/javascript">
(10%) - <script src="-//-ajax.googleapis.com/ajax/libs/chrome-frame/1.0.3/CFInstall.min.js">
-platform.linkedin.com -
(28%) - <script src="//-platform.linkedin.com/in.js" type="text/javascript">
Quttera gives site as clean:
http://quttera.com/detailed_report/netcomber.com
Vulnerabilities: htxp://www.domxssscanner.com/scan?url=http%3A%2F%2Fnetcomber.com%2F
This script does not run:
http://jsunpack.jeek.org/?report=862bf5d0fe25c404cfdb920d86b8d5c84ea8f575
Fails and warnings:
http://www.dnsinspect.com/netcomber.com/1426097566
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37527
Not a avast user
Re: Suspicious script and outdated server software on website.
«
Reply #1 on:
March 12, 2015, 05:00:03 PM »
Norman / BlueCoat added detection .... see scan results
https://www.virustotal.com/en/file/ea6ca8761a6efbba55e924fdbec83b9a508d908549b8bc8a5c81186ccd3dd2c0/analysis/1426175826/
https://www.virustotal.com/en/file/bb7c0bae9b475499dc1f817d13d66edcec70276b9fe1cd6caef0e95002ef0f4d/analysis/
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious script and outdated server software on website.