Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious JavaScript Obfuscation detected....
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Suspicious JavaScript Obfuscation detected.... (Read 1395 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Suspicious JavaScript Obfuscation detected....
«
on:
April 15, 2019, 04:58:17 PM »
See:
https://urlquery.net/report/2e444bfc-676d-4fe1-9f69-a0328f141d36
Flagged here:
https://www.virustotal.com/en/url/407a9bcd9439b69f041c4fe8ace1156ac439dd4ce69dc245885790f5796f1b8d/analysis/1555338643/
blacklisted external links & blacklisted iframes:
https://quttera.com/detailed_report/dmuller.net
https://sitecheck.sucuri.net/results/dmuller.net
Blocked for me javascript to -http://s47.sitemeter.com/js/counter.js?site=s47phoenixnet
Site also blacklisted by Yandex:
https://www.yandex.com/infected?url=dmuller.net
Also detected: -http://mailhide.recaptcha.net/d?k=01lgAndaS1VU6rqbxzR7LMyA==&c=mgS5PlYSw5ukLXrkwl2eC-ttQigM7YLCzZmUwTNH-9E= 1
additional links like -EXTRALINK##-http://s47.sitemeter.com/js/counter.js?site=s47phoenixnet 1
EXTRALINK##-http://s47.sitemeter.com/stats.asp?site=s47phoenixnet 1
EXTRALINK##-http://s47.sitemeter.com/meter.asp?site=s47phoenixnet 1
FILE##v3track.php?trackref%3Dhttp%3a%2f%2fgoogle.com&trackuri%3D%2fspaceflight%2findex.php&trackdim%3Dx&trackcountry%3Dru
various ecxternal links extphp etc.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37527
Not a avast user
Re: Suspicious JavaScript Obfuscation detected....
«
Reply #1 on:
April 15, 2019, 09:13:33 PM »
scan using the full URL used at urlQuery and fortinets webfilter
https://sitecheck.sucuri.net/results/dmuller.net/wp?q=p%3Den%2Ftadalfil
https://www.virustotal.com/#/file/b05c63a25e3541fe0773f15f5d5b9ea43a4b1b4773c957bdacffbab6bcc84c46/detection
https://sitecheck.sucuri.net/results/134.249.116.78/jquery.js
https://www.virustotal.com/#/url/dab0812fe89ebcac05a3f37cbad6effaa06802bf91b00535ae789f8d05096aa2/detection
https://www.virustotal.com/#/file/6aa48a47b63effcf8d62194c1dc563a79ab7b737a90888cfaebfb046b2d96715/detection
https://www.virustotal.com/#/url/72911124dcd577dee006d816321d5a06668b06467a305934e47a2f20a8905e5d/detection
«
Last Edit: April 15, 2019, 09:26:09 PM by Pondus
»
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Suspicious JavaScript Obfuscation detected....
«
Reply #2 on:
April 15, 2019, 10:05:07 PM »
Hi Pondus,
Thanks for demonstrating this is again part of the same long ongoing malware campaig, involving:
-http://sd5doozry8.com/ykwnsxwz29?key=9a98439e5dcdf4fd2a011f7cbc76b00d
We have met this one a couple of times before,
Damian aka polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Suspicious JavaScript Obfuscation detected....