« previous next »
Pages: [1]   Go Down

Author Topic: malicious counter code only detected with urlquery dot net scan...  (Read 1693 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
malicious counter code only detected with urlquery dot net scan...
« on: October 12, 2015, 11:11:37 PM »
Re: https://www.virustotal.com/nl/url/1f0d1aa3375af349300bb2e3cfa76b40ed002878690e8e694949a873397de993/analysis/1444683106/  (no detection)
Neither here: https://sitecheck.sucuri.net/results/likada.ru
Nor here: http://zulu.zscaler.com/submission/show/88f4af2d1db792b8d5202115ed3b4208-1444683435

Twi counter scripts flagged, but what about -http://yastatic.net/share/share.js
going to adware see: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fyastatic.net%2Fshare%2Fshare.js
read: https://forum.avast.com/index.php?topic=161152.0    so-called: dotted quad host

Warning on website: Likada Pro directory | Профессиональный многофу... padlock icon
-likada.ru
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://likada.ru/my?action=auth
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

Insecure Identifiers are sent from Yandex yandex uid and likada dor ru phpsessid

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Re: malicious counter code only detected with urlquery dot net scan...
« Reply #1 on: October 13, 2015, 06:30:25 PM »
Another one: https://urlquery.net/report.php?id=1444751087598
Flagged: -mc.yandex.ru/metrika/watch.js & -counter.marketgid.com/js/mui.js?cbuster=1159217 flagged by Fortinet's Webfilter and -counter.yadro.ru blacklisted on DNS-BH / malwaredomains.com.

More malware reported in reports on same IP and domain there.

tracking detected from GoogleAnalytics, LiveInternet, Yandex.API, Yandex.metrics. (analytics and widget)

Blocked in my browser is tracking from -counter.yadro.ru, -stats.g.doubleclick.net, -yandex.st, -yandex.ru,
-mc.yandex.ru,

Not blocked is tracking from licensebuttons.net.  and i.creativecommons.org

A unique ID could have been insecurely sent to Yandex, i.e. Yandex-uid.

-counter.marketgid.com/js/mui.js?cbuster=1159217 is blocked by DRWeb's extension as
Quote
Page blocked by Dr.Web Link Checker

Dr.Web has blocked following the advertising link to ensure your privacy. If you still want to follow this link, click the «Open incognito»button, in this case the link will be opened in incognito mode in your browser. If you do not want to receive such warnings, you can change the lock level settings Dr.Web Link Checker, this happened while scanning the link with the xss dom scanner.
Link tries to go here: -http://counter.tovarro.com/setmuidn/images/mui.gif?muidn=f9dTScDXrA9j -> GIF89a,D;
GoDaddy abuse being taken down -> see:  https://malwr.com/analysis/ZTQ5NzM0NmUzYmY1NGE1MWJiZmYwZmIwYjkyOGI4MGE/  & https://www.virustotal.com/nl/domain/counter.tovarro.com/information/

polonus (volunteer website security analyst and website error-tracker)
« Last Edit: October 13, 2015, 06:32:01 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »