Does Avast detect this dangerous object here (TROJ_GEN.F47V0724)?

[polonus]

See: http://killmalware.com/crosswiresolutions.com/#

Code: [Select]

var vclk_options = {sid:65918,media_id:2,media_type:2,version:"1.3",pfc:900000}; Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Hacked By Darkshadow</title> <script type="text/javascript">
Results from scanning URL: htxp://ajax.cloudflare.com/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js
Number of sources found: 22
Number of sinks found: 11 DOM XSS vuln. Shared javascript compromise.

polonus

[polonus]

Update - still there and detected as: TrendMicro-HouseCallTROJ_GEN.F47V0724
KasperskyUDS:DangerousObject.Multi.Generic  -> http://killmalware.com/crosswiresolutions.com/#
See it missed here: https://www.virustotal.com/nl/url/26bc0125354f3291afce04f8e45f5ab9a6b383712152dbb458383243bda71b4a/analysis/
Defacement: Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Hacked By Darkshadow</title> <script type="text/javascript">
Possible Frontend SPOF from:

ajax.cloudflare.com - Whitelist
(82%) - <script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js">
cdn.fastclick.net - Whitelist
(50%) - <script class="vclk_pub_code" type="text/rocketscript" data-rocketsrc="htxp://cdn.fastclick.net/js/adcodes/pubcode.min.js?sid=65918&media_id=2&media_type=2&version=1.3&exc=1&pfc=900000">

http://toolbar.netcraft.com/site_report?url=http://crosswiresolutions.com
WOT Trustworthiness:    Very Poor
WOT Privacy:    Very Poor
WOT Child Safety:    Very Poor -> https://mysitestats.org/www/crosswiresolutions.com

polonus

[polonus]

Update. Another one detected here: http://killmalware.com/jasonmgraham.com/
Missed here: https://www.virustotal.com/en/url/e045fbaec6bdfbf07e54ad23b2a85fde43e7ffdd099ea50e1ae7ef0288e3f463/analysis/#additional-info
Flagged: index.html
Severity:   Malicious
Reason:   Detected malicious PHP content - javascript
Details:   Website Potentially Defaced
GoDaddy abuse.

polonus

[polonus]

Update. Now clean: http://killmalware.com/crosswiresolutions.com/#
Quttera still detects here: https://www.virustotal.com/en/url/26bc0125354f3291afce04f8e45f5ab9a6b383712152dbb458383243bda71b4a/analysis/
but in fact it is not: http://quttera.com/detailed_report/crosswiresolutions.com
Given as defaced here: https://sitecheck.sucuri.net/results/crosswiresolutions.com
Script is not safe: -http://ajax.cloudflare.com/cdn-cgi/nexp/dok2v=919620257c/cloudflare.min.js
-> https://sritest.io/#report/a9ff395f-71ab-4926-ba89-d436405f00ed
Retirable code here: -http://crosswiresolutions.com/
Detected libraries:
jquery - 1.3.1 : -http://ak2.imgaft.com/script/jquery-1.3.1.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
1 vulnerable library detected

For the retirable code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fak2.imgaft.com%2Fscript%2Fjquery-1.3.1.min.js
Results from scanning URL: -http://ak2.imgaft.com/script/jquery-1.3.1.min.js
Number of sources found: 26
Number of sinks found: 12

Site parked: -http://mcc.securepaynet.net/parked/park.aspx/?q=pFHmpKOyLzMznaMypzMvrJuaqzWuMv5jLabyZwMzqaRyZ3RmAQD3ZQV1ZPHlAzA2pFHmpGZjZQN5AmVkZwt2AQR3BQH4AGLyZwMyMlHmpGVjZGLjZwRkZGL0ZmDjWGV2L3xyZ3R0AQLkBQp=-1&callback=jsonp1455234221145&_=1455234221151  rendering a

jsonp1455234221145({ returnval: 0 });

Also consider: https://asafaweb.com/Scan?Url=crosswiresolutions.com 
with 1 fail and 2 warnings.

polonus (volunteer website security analyst and website error-hunter)