« previous next »
Pages: [1]   Go Down

Author Topic: PHISH-site not flagged by Avast Online Security.  (Read 1339 times)

0 Members and 3 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34067
  • malware fighter
PHISH-site not flagged by Avast Online Security.
« on: June 21, 2015, 01:26:45 PM »
Bitdefender Trafficlight flags, WOT also flags: https://www.mywot.com/en/scorecard/avijehfarjood.com?utm_source=addon&utm_content=popup
Emsisoft also: https://www.virustotal.com/en-gb/url/0f2688cb9ae9530b2f8620d7d195084e61b1c3200106265c20210268f35b456f/analysis/1434884835/
Incident: htxp://avijehfarjood.com/oga/nmwpi/zieip/xlwi/game/index.htm
  Signature: CYSC.PHISH.SITE.AOL-4
  Incident-URL: '> htxps://www.c-sirt.org/en/incident/1d0b82a97a1749afecdd5489c16ef89b9ae1b8f2011e58f1a94ea66fcd43e03e'
...
Arabic/Sentacs coding unsafe? Technology profile: http://builtwith.com/avijehfarjood.com
Sucuri says site generating errors. Internal Server Error. Listed at PHISH tank.
Joomla Version 2.5.7 found at: htxp://avijehfarjood.com/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5  - X-Powered-By: PHP/5.4.39
Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_sp_image_rotator
The following components were detected from the HTML source of the Joomla front page.
k2
search
com_k2
The following plugins were detected from the HTML source of the Joomla front page.
shortcodes    Installing these expands the attack surface of mentioned webpage!
Externally Linked Host   Hosting Provider   Country

-www.zo2framework.org   Digital Ocean   United States

-avijehfarjood.ir   Leaseweb Germany GmbH (previously netdirekt e. K.)   Germany

-91.109.16.110   Leaseweb Germany GmbH (previously netdirekt e. K.)   

Look of any of these linked javascripts could be exploitable/vulnerable:
Linked Javascript
-/media/system/js/mootools-core.js
-/media/system/js/core.js
-/media/system/js/mootools-more.js
-/media/system/js/modal.js
-//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js
-/components/com_k2/js/k2.js
-/media/system/js/caption.js
htxp://avijehfarjood.com/media/com_zo2framework/js/bootstrap.js
htxp://avijehfarjood.com/media/com_zo2framework/js/jquery.min.js
htxp://avijehfarjood.com/media/com_zo2framework/js/jquery.cookies.2.2.0.js
htxp://avijehfarjood.com/media/com_zo2framework/js/zo2-uncompressed.js
htxp://avijehfarjood.com/plugins/system/shortcodes/assets/js/shortcodes.js
-/modules/mod_sp_image_rotator/assets/script/_class.noobslide.js

What about this, read : http://www.exedb.com/systemfiles/zo2-uncompressed[1].js.html
Some web servers have disabled automatic compression of JavaScript files, because they are served with the content type: application/x-javascript.
For these web servers we can use a web.config trick to change the content type of JavaScript files to text/javascript. This is a completely valid content type supported by all browsers. Info credits go to Mads Kristensen.

Consider also this scan: Malware detected: http://urlquery.net/report.php?id=1434782340404
polonus (volunteer website security analyst and website error-hunter)

Only trust code that you have tested yourself to be secure!
D.
« Last Edit: June 21, 2015, 01:43:44 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »