Author Topic: Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks! (Read 1526 times)

polonus · « **on:** August 31, 2015, 11:35:05 AM »

:)See: https://urlquery.net/report.php?id=1441005093642
Fortinet flags as malware. 3 detect: https://www.virustotal.com/nl/url/7088b51da205c84e5c9dbcdef8ba928e1e43c8c9b841ae55481c8a7d5710f0d1/analysis/
Sucuri detects as SEO Spam: https://sitecheck.sucuri.net/results/roachbrown.binachron.com
Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?sb
<div id='HiddenDiv'>////////</a><br/></div><style>.gjp2{position:absolute;clip:rect(408px,auto,auto,465px);}</style> </div><script type='text/javascript'>if(document.getElementById('HiddenDiv') != null){document.getElementById('HiddenDiv').style.visibility = 'hidden';document.getElementById('HiddenDiv').style.display = 'none';}</script>
*Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}xViewState();

WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.2
WordPress Version
3.7.10
Version does not appear to be latest 4.3 - update now.
The following plugins were detected by reading the HTML source of the WordPress sites front page.

nextgen-gallery latest release (2.1.9)
http://www.nextgen-gallery.com

WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /

Roach Brown 1.1http://wordpress.org/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

User ID 1 : oskar
User ID 2 : Nonesed?

Missed or clean?-> http://quttera.com/detailed_report/roachbrown.binachron.com
-> http://www.domxssscanner.com/scan?url=http%3A%2F%2Froachbrown.binachron.com%2F
-> -http://killmalware.com/roachbrown.binachron.com/profile/kdmccarthy/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/slideshow/monoslideshow.js

polonus · « **Reply #1 on:** August 31, 2015, 11:50:58 AM »

Avast detects JS.HideLink.A there, we are being protected, folks,

polonus

polonus · « **Reply #2 on:** August 31, 2015, 12:28:00 PM »

More PHISHing going on from that IP: https://urlquery.net/report.php?id=1440359402168
-> https://www.threatcrowd.org/ip.php?ip=97.74.141.1
http://www.scumware.org/report/97.74.141.1
http://www.nictasoft.com/ace/ip-search/?ip=97.74.141.1 (flagged by Avast as JS.HideLink.A as well

)

pol

Author Topic: Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks! (Read 1526 times)

polonus

Monokai Slideshow manipulation - malware? SEO Spam infection Avast blocks!

polonus

Re: Monokai Slideshow manipulation - malware? SEO Spam infection

polonus

Re: Monokai Slideshow manipulation - malware? SEO Spam infection