« previous next »
Pages: [1]   Go Down

Author Topic: Has malware been cleansed here?  (Read 1060 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Has malware been cleansed here?
« on: October 29, 2015, 12:38:27 PM »
See: https://www.virustotal.com/nl/url/392981ea7afcf3e68797aadff2e3bd72179b12bdc3ba408054c35fab4ed56455/analysis/1446117811/
See: http://quttera.com/detailed_report/spino.cba.pl   given as clean. Flagged: https://urlquery.net/report.php?id=1446118027512
The alleged malware script -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fa.cba.pl%2Fr1.js
Code: [Select]
var minW=500, minH=300, cbaAd=document.getElementsByTagName('body')[0];
var _w = 400, _h = 200;
if (cbaAd)
{
 _w=cbaAd.clientWidth<=0?400:cbaAd.clientWidth, _h=cbaAd.clientHeight<=0?200:cbaAd.clientHeight;
}
var ok = false;
if (self==top || (_w>minW && _h>minH)) {
ok = true;
}
if (!ok) {
var dd = document.getElementById('bmone2n-1276.1.1.1');
if (dd) {
dd.parentNode.removeChild(dd);
}
} Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbbcdn-bbnaut.ibillboard.com%2Flibrary%2Fbbnaut-lib-1.7.5.min.js

External link prevented from loading was: uMatrix has prevented the following page from loading:
-http://t4.liverail.com/  creating a nosniff 400 Bad Request!

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »