« previous next »
Pages: [1]   Go Down

Author Topic: Dodgy insecure iFrames on this website and other insecurity?  (Read 1286 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Dodgy insecure iFrames on this website and other insecurity?
« on: March 19, 2017, 07:32:08 PM »
See: http://isithacked.com/check/http%3A%2F%2Fwww.levante-emv.com%2F
Quote
<iframe border="0" scrolling="no" src="-http://api.levante-emv.com/participacion/rest/ultimaEncuesta/12" frameborder="0" height="330px" width="327px"></iframe>
<iframe border="0" frameborder="0" height="330px" scrolling="no" src="-http://cdn.comunidades.levante-emv.com/include8t/dayparting/blogs_destacados_ultimos_posts.html" width="327px"></iframe>
<iframe border="0" frameborder="0" height="330px" scrolling="no" src="-http://cdn.comunidades.levante-emv.com/include8t/dayparting/albumes_ultimas_img.html" width="327px"></iframe>
<iframe frameborder="0" height="80" scrolling="no" src="-http://www.levante-emv.com/estaticos/afiliados/afiliados.html" width="990"></iframe>
Potential problems here: 1 -> -estaticos02.levante-emv.com/elementosWeb/js/portada20170228162559.js
2 -> -estaticos01.levante-emv.com/elementosWeb/js/servicios20170228162559.js

Suspicious URLs found in: -http://www.levante-emv.com/

1: hxxp://ib·adnxs·com/seg?

Nothing malicious being flagged here: https://www.virustotal.com/pl/url/106841a2dd96ab68be59eb0b230d5a101973f188a6fd2b4c7c8ea782eb220a16/analysis/1489947746/

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fb.scorecardresearch.com%2Fc2%2F8731705%2Fcs.js

List of referenced blacklisted domains/hosts: 1
nuevaespana.ojdinteractiva dot com

Re: https://urlscan.io/result/bf9daced-da9a-43c7-a641-8b26bc7b3952/#summary

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Re: Dodgy insecure iFrames on this website and other insecurity?
« Reply #1 on: March 19, 2017, 07:45:35 PM »
Real issues there. Nice find polonus!

http://dnscheck.pingdom.com/?domain=levante-emv.com&timestamp=1489948685&view=1

Click some tabs here and get even more frightened http://push2check.net/levante-emv.com

Logged
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: Dodgy insecure iFrames on this website and other insecurity?
« Reply #2 on: March 19, 2017, 10:08:55 PM »
Hi Para-Noid,

Reports on that IP also: https://www.abuseipdb.com/check/213.0.95.35
and see the F-status on the webserver test: https://www.htbridge.com/websec/r/regio7-cat-spain/83453ffb80589cfcab75f7f1f0a3ce324b3df05bee21e04a86d1059166baac98

Like it when you are double-checking my alerts, and adding to the heads-up, Para-Noid.
Bravo, well done!

What they were up to then from that IP address? Well, read here:
Portscan & connect: 9 times on port(s): 41673 41674 41675 41678 41683 41687 41688 41689 41690 TCP

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »