Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What unknown malware resides here?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: What unknown malware resides here? (Read 806 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33920
malware fighter
What unknown malware resides here?
«
on:
November 21, 2015, 11:01:37 PM »
See:
https://www.virustotal.com/nl/url/24c00245366c563011c21cecc4b9ec5aedcc618da65e1831f692b118e4fe8503/analysis/1448142272/
Sucuri does not detect, Quttera neither.
Script loaded: -http://s11.cnzz.com/stat.php?id=1254870232&web_id=1254870232
Script loaded: -http://c.cnzz.com/core.php?web_id=1254870232&t=z blocked by uMatrix.
Domain info and badness history:
https://www.virustotal.com/nl/domain/600mi.com/information/
->
http://toolbar.netcraft.com/site_report?url=http://res1.600mi.com
Re:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.600mi.com
Probably Rackspace abuse:
http://toolbar.netcraft.com/site_report?url=http://firewall.systemarts.com
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.8
Result
It looks like a cookie is being set without the "HttpOnly" flag being set (name : value):
session : 65f2e06ff97b342b6c9a07faf7696679
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack.
Clickjacking warning given...
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What unknown malware resides here?