« previous next »
Pages: [1]   Go Down

Author Topic: Possible malware confirmed here?  (Read 767 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Possible malware confirmed here?
« on: November 12, 2017, 06:30:01 PM »
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=keepingitcountrysocal.com%2F%3Fm%3D201503&ref_sel=GSP2&ua_sel=ff&fs=1
With the Google Safebrowsing alert and the lines of malware block of scripts given.

Only flagged here is the blacklisting: http://www.isithacked.com/check/keepingitcountrysocal.com%2F%3Fm%3D201503

Given as unreachable here: https://quttera.com/sitescan/keepingitcountrysocal.com

Five detect: https://www.virustotal.com/nl/url/3671da4f167dbe938e3791d46a155e5266fae21072ac57d99573d1ee5a8f3550/analysis/1510506044/

More instances of the malware,    MW:JS:GEN2?web.js.malware.fake_jquery.002 given here:
https://sitecheck.sucuri.net/results/keepingitcountrysocal.com
with an error in the malscript:
Quote
found JavaScript
     error: undefined variable document.referrer
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var document.referrer = 1;
          error: line:1: ....^

4 vuln. libraries detected: http://retire.insecurity.today/#!/scan/3f8b7d65104f20c7ed367e4e11eed2a58d883192ada1d7c9ac72351ce145a128

7 problems: https://mxtoolbox.com/domain/keepingitcountrysocal.com/

Great number of sources and sinks on: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fkeepingitcountrysocal.com%2F
and here: Results from scanning URL: -http://maps.google.com/maps/api/js?sensor=false&ver=4.4.9
Number of sources found: 15
Number of sinks found: 26

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »