« previous next »
Pages: [1]   Go Down

Author Topic: What malware resides here, errors, retirable code...  (Read 808 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33913
  • malware fighter
What malware resides here, errors, retirable code...
« on: January 01, 2018, 03:40:04 PM »
2 to flag: https://www.virustotal.com/nl/url/7e843ce78111620add51c1c4da6954986d17469557942ddfaeaeb7efc303bc6b/analysis/1514816112/
Given as unable to properly scan: https://sitecheck.sucuri.net/results/alfalahksa.com

Consider these scan results: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=alfalahksa.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1

2 vulnerable libraries found: http://retire.insecurity.today/#!/scan/f36a560ae66a886affafef2e0731dd4e95404c8c10c4f4b51568956e8b1d4ff8

Errors met
Quote
suspicious: maxruntime exceeded 10 seconds   

Quote
on main.js: found JavaScript
     error: undefined variable $
     error: undefined function $
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html>
          error: line:3: ..............^ 
Quote
-alfalahksa.com/_include/js/bootstrap.min.js benign
[nothing detected] (script) alfalahksa.com/_include/js/bootstrap.min.js
     info: [decodingLevel=0] found JavaScript
     error: undefined function e
     suspicious: 
Quote
(script) -alfalahksa.com/_include/js/plugins.js
   --     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable a.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var a.fn = 1;
          error: line:1: ....^
Undefined in -alfalahksa.com/_include/js/1.9.1/jquery.min.js
Quote
//jsunpack.called CreateElement div  //jsunpack.url element = undefined

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33913
  • malware fighter
Re: What malware resides here, errors, retirable code...
« Reply #1 on: January 01, 2018, 04:09:52 PM »
Some more scan results resulting in info from a slightly different perspective:
https://privacyscore.org/site/36415/  Google Analytics used without the Anonymize IP extension.

Site does not redirect to HTTPS, although available. Vulnerable to SWEET32 and LUCKY13 attack.
No info proliferation, but no security headers being set.

Re: https://webcookies.org/cookies/alfalahksa.com/11560312
Various alerts for resource insecurely loaded over plaintext HTTP.
This is OK on non-TLS pages, but should never happen on TLS sites.

Nameserver config. OK -> https://toolbar.netcraft.com/site_report?url=alfalahksa.com

5 problems reported here: https://mxtoolbox.com/domain/alfalahksa.com/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »