Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Misused or defaced server ....spamvertizer detected....
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Misused or defaced server ....spamvertizer detected.... (Read 2053 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Misused or defaced server ....spamvertizer detected....
«
on:
July 25, 2017, 05:34:09 PM »
See:
https://www.virustotal.com/pl/url/6a7fb4bf04f0f4d1d911d53984b9c7b77c93e7f9f178474df7d9155111d65889/analysis/1500995464/
Final url after redirect:
https://www.virustotal.com/pl/url/6a7fb4bf04f0f4d1d911d53984b9c7b77c93e7f9f178474df7d9155111d65889/analysis/1500995464/
See:
https://aw-snap.info/file-viewer/?protocol=secure&tgt=www.opopgadgets.it%2Fcollections%2Fin-evidenza%2Fproducts%2Fi-breathalyzer-test-digitale-tasso-alcolico%3F%26adv_sub%3D%26amount%3D&ref_sel=GSP2&ua_sel=ff&fs=1
For -chimpstatic.com->
https://otx.alienvault.com/indicator/hostname/store.fiternity.com
shopify vuln? -
http://vizibot.com/wp-content/uploads/2016/12/products
This is anonymous tracking:
http://whois.domaintools.com/chimpstatic.com
fingerprinting via -http://hektorcommerce.com/
-https://www.opopgadgets.it/
Detected libraries:
jquery - 1.11.0 :
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 2.2.3 : (active1) -https://cdn.shopify.com/s/files/1/1943/6501/t/2/assets/vendor.js?3438344093735924012
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
handlebars.js - 1.3.0 : (active1) -https://www.opopgadgets.it/
Info: Severity: medium
https://github.com/wycats/handlebars.js/pull/1083
jquery - 3.1.1 : hxtps://sdk.azureedge.net/js/1.beeketing.e0327194f6b7b4c8ac8f.js
(active) - the library was also found to be active by running code
3 vulnerable libraries detected
Insecure F-Grade:
https://sritest.io/#report/c3c807fb-25c7-48a8-8aae-c6e42e0554ae
More F-Grade insecurity:
https://observatory.mozilla.org/analyze.html?host=www.opopgadgets.it
The spamvertizer report:
http://support.clean-mx.de/clean-mx/view_portalscontent.php?url=http%3A%2F%2Ftracker.mcontact.pro%2Fgo2.aspx%3Flink%3D9ee97ab5-73c2-4d99-903c-b0ffee00b511%2C129582_6400484382_662422417
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Misused or defaced server ....spamvertizer detected....
«
Reply #1 on:
July 25, 2017, 06:40:24 PM »
Another one on a misused or abused server, with a malware script launched from: -http://js.users.51.la/19239964.js
Re:
http://urlquery.net/report/45ede2f7-e5f0-4d6d-973d-b3acff7c4417
Retirable script libraries:
http://retire.insecurity.today/#!/scan/a0ae41adf8c0e220333799d84098bdc23ef3f67409041dcde2a31330aaf4ba10
See how the malware script influences: -https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/E3rjTDY6Od6.js
See: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs.users.51.la%2F19239964.js
Broke the above link on purpose, so the unaware would not click,
and those interested in the results could go there by launching link without - .
(for website security reasearch only).
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Misused or defaced server ....spamvertizer detected....
«
Reply #2 on:
July 25, 2017, 11:03:22 PM »
Likewise we detected this here:
https://www.virustotal.com/pl/url/a24b27672126105b7af2c5744070666dcf80c5d79d2babab3da65d42f03610a1/analysis/1501015762/
and just flagged by CleanMX:
http://support.clean-mx.de/clean-mx/view_portalscontent.php?url=http%3A%2F%2Fnodecheats.com%2Fcommunity%2Fshowthread.php%3Ftid%3D437%26amp%3Bpid%3D515%23pid515
On same IP - GoDaddy abuse:
https://www.scumware.org/report/43.255.154.97.html
Retirable jQuery library: -http://nodecheats.com
Detected libraries:
jquery - 1.11.3 : (active1) -http://nodecheats.com/assets/js/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Misused or defaced server ....spamvertizer detected....
«
Reply #3 on:
July 28, 2017, 12:02:59 AM »
Phishing website now under repair? ->
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=fietsbelproduction.nl%2F&ref_sel=GSP2&ua_sel=ff&fs=1
See blacklist history here:
http://urlquery.net/report/7046c135-0780-44d6-bd9e-9157c6ec2655
See:
https://fireproxy.crushus.com/www.fietsbelproduction.nl
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Misused or defaced server ....spamvertizer detected....