« previous next »
Pages: [1]   Go Down

Author Topic: Blacklisted website and for a reason!  (Read 1232 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Blacklisted website and for a reason!
« on: May 05, 2015, 06:50:57 PM »
See 12 alerts from Fortinet's Webfilter: http://urlquery.net/report.php?id=1430843577133
Google safe browse check
WARNING
Google finds the site to be potentially dangerous: http://killmalware.com/autofocusstudios.com/
See: http://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fautofocusstudios.com&hl=en
See: https://www.virustotal.com/nl/url/3b9bd12faf304822303ddb51bb2c4c4fab4b69a5d75a688ffefdad26f2623e0a/analysis/1430843887/
IP badness history: https://www.virustotal.com/nl/ip-address/108.60.19.145/information/
Also listed as a PHISH site: 108.60.19.145 -> http://permalink.gmane.org/gmane.comp.security.phishings/53252

WordPress pug-ins on site:
-mailchimp-for-wp
-jetpack
-download-manager
-All in One SEO Pack * All in One SEO Pack version: 2.2.6.2
* Read: https://wordpress.org/support/topic/warning-from-host-for-a-resent-hack

Theme : photolux 
Version 2.3.1 – 23 April 2015:
- Fixed: Security fix: escaped the URLs every time the add_query_arg() function is used to fix the recently found XSS vulnerability of the add_query_arg() function
- Fixed: editor buttons lightbox dialog – media window displayed behind the dialog on Chrome
- Fixed: the navigation button display of the Simple Google Map widget
Stay up to date: http://www.wordpressexploit.com/


Included javascripts:
-http://autofocusstudios.com/wp-includes/js/jquery/jquery.js
-http://autofocusstudios.com/wp-includes/js/jquery/jquery-migrate.min.js
-http://autofocusstudios.com/wp-content/themes/photolux/js/main.js
-http://autofocusstudios.com/wp-content/themes/photolux/js/cufon-yui.js
-http://autofocusstudios.com/wp-content/themes/photolux/js/fonts/charis_sil.js
-http://autofocusstudios.com/wp-content/themes/photolux/js/grid-gallery.js
-http://autofocusstudios.com/wp-content/plugins/download-manager/bootstrap/js/bootstrap.min.js
-http://autofocusstudios.com/wp-content/plugins/download-manager/js/front.js
-http://autofocusstudios.com/wp-content/plugins/download-manager/js/chosen.jquery.min.js
-http://autofocusstudios.com/wp-includes/js/jquery/ui/core.min.js
-http://autofocusstudios.com/wp-includes/js/jquery/ui/widget.min.js
-http://autofocusstudios.com/wp-includes/js/jquery/ui/mouse.min.js
-http://autofocusstudios.com/wp-includes/js/jquery/ui/draggable.min.js
-http://autofocusstudios.com/wp-includes/js/jquery/jquery.form.min.js
-http://s0.wp.com/wp-content/js/devicepx-jetpack.js
-http://s.gravatar.com/js/gprofiles.js
-http://autofocusstudios.com/wp-content/plugins/jetpack/modules/wpgroho.js
-http://autofocusstudios.com/wp-includes/js/comment-reply.min.js
-http://stats.wp.com/e-201519.js
-gtranslate

Site malicious: http://zulu.zscaler.com/submission/show/86fbd6c12be04e473f987cd7a726f88a-1430843740

See atatched tracker tracker report - do not open links inside a browser - info provided for security research purposes only.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: May 05, 2015, 07:00:21 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »