Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What is JS.eIframeDwNMe.6655 malcode on this website?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: What is JS.eIframeDwNMe.6655 malcode on this website? (Read 2429 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33905
malware fighter
What is JS.eIframeDwNMe.6655 malcode on this website?
«
on:
October 19, 2015, 03:54:01 PM »
See:
https://www.virustotal.com/nl/url/4ea9f925bfc4e4930cc1797c1d062e6b431cf0b82a308bbe476f41842a933bba/analysis/1445261758/
See 1 detection:
https://www.virustotal.com/nl/file/9d5a8797464cd914caf4ab9e65d05fca99b5a8d750f405a46d503c8be79c5bf5/analysis/1445210691/
Quttera flas the site as with 44 suspicious files:
http://quttera.com/detailed_report/dig-in-anchors.com
, like
/cmd.php?pid=90442655c6894997b3067cc93e84f064&bn=1
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details: <meta http-equiv="refresh" content="0; url='-https://www.mcssl.com/SecureCart/Checkout.aspx?mid=1388A7BB-2C59-4BF8-A0C1-5470C531A43A%26sctoken=be69f3c6e5304a27acc7d9516c03e1d7%26bhjs=0'">
Also consider:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fdig-in-anchors.com%2FvalidateChallengeAnswer.go.php
landing at -https://www.bankofamerica.com/pa/global-assets/external/coremetrics/hp/cmdatatagutils.js etc.
Domain is a verified PHISH.
Included script scans:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Freseller275720.gomobiledomination.com%2Fcontent%2Fjs%2Fjs-redirector.1.0.0.js
and
http://www.domxssscanner.com/scan?url=http%3A%2F%2Freputationdatabase.com%2Fpublic%2Fjs%2Fservices%2Fget_reviews.js
I get this block: uMatrix has prevented the following page from loading:
-https://www.mcssl.com/SecureCart/Checkout.aspx?mid=1388A7BB-2C59-4BF8-A0C1-5470C531A43A%26sctoken=be69f3c6e5304a27acc7d9516c03e1d7%26bhjs=0
Re:
http://urlquery.net/report.php?id=1445073837602
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What is JS.eIframeDwNMe.6655 malcode on this website?