Author Topic: SE redirect on website through the x-adblock-key header  (Read 1789 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
SE redirect on website through the x-adblock-key header
« on: September 29, 2016, 03:08:31 PM »
See: http://killmalware.com/alfabetizacaosolidaria.org.br/#
See: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.alfabetizacaosolidaria.org.br%2F&ref_sel=GSP2&ua_sel=ff&fs=1

<customErrors mode="RemoteOnly" defaultRedirect="~/Error" />

The scan found some terms thathttp://toolbar.netcraft.com/site_report?url=http://alfabetizacaosolidaria.org.br are commonly used in spam hacks. Suggest you check through the content listed out below for anything suspicious.

Re: http://toolbar.netcraft.com/site_report?url=http://alfabetizacaosolidaria.org.br
This cannot be found: -mvx-179-191-84-243.mundivox.com -> http://toolbar.netcraft.com/site_report?url=http://mvx-179-191-84-243.mundivox.com
retirable code: http://retire.insecurity.today/#!/scan/9c44598579f81fec702a5a4a54abbcc71786c604b80d88c948ce8fd8126d9e22

Fail and three warnings: https://asafaweb.com/Scan?Url=www.alfabetizacaosolidaria.org.br

See the insecurity here: https://observatory.mozilla.org/analyze.html?host=alfabetizacaosolidaria.org.br

polonus
« Last Edit: September 29, 2016, 03:25:48 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SE redirect on website through the x-adblock-key header
« Reply #1 on: October 12, 2017, 09:09:39 PM »
Update: another example of this kind of sedoparking adware scheme: https://urlquery.net/report/226e83bd-b51c-46b2-bab6-aefdab65dff1
See also: https://www.virustotal.com/#/url/051b846471690caf941197252ebb6483df11d935c9837133ba92a7780591f76a/detection
A glimpse atthe source code: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=ww17.fioartd.com&ref_sel=GSP2&ua_sel=ff&fs=1
and also this: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fww17.fioartd.com&useragent=Fetch+useragent&accept_encoding=

error in code:
Quote
undefined variable $
     error: undefined function $
and here
Quote
-img.sedoparking.com/js/jquery-1.4.2.min.js benign
[nothing detected] (script) -img.sedoparking.com/js/jquery-1.4.2.min.js
     status: (referer=-ww17.fioartd.com/)saved 52770 bytes e9f6a3e32751709332e22616539b1fdcb8860366
     info: [decodingLevel=0] found JavaScript
     error: undefined variable div.style
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var div.style = 1;
          error: line:1: ....^

Also have a look here: https://otx.alienvault.com/indicator/domain/a46.ru/

polonus
« Last Edit: October 12, 2017, 09:14:11 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!