Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Ransomeware Troldesh from website..
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Ransomeware Troldesh from website.. (Read 905 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Ransomeware Troldesh from website..
«
on:
June 17, 2019, 04:39:08 PM »
Re:
https://urlhaus.abuse.ch/url/209681/
issues:
https://observatory.mozilla.org/analyze/topphanmem.net
hardened by abusers? - .\>
https://webhint.io/scanner/f37d44d7-705d-4c09-941e-85dcea7d7170
Blacklisted - javascript malware found:
https://sitecheck.sucuri.net/results/topphanmem.net
WordPress - Version does not appear to be latest
See:
https://urlscan.io/result/c20b9c6c-5e3b-4692-87c8-8d0513a5dc04
6 engines detect:
https://www.virustotal.com/gui/url/1bdb95e05cb47745f3d921d1a38b55398aae0e95bca17433529f28613aeb49a7/detection
dom-xss issues: Results from scanning URL: -http://topphanmem.net/wp-includes/js/wp-embed.min.js
Number of sources found: 149
Number of sinks found: 25
Retire.js
jquery 1.12.4 Found in -http://topphanmem.net/wp-includes/js/jquery/jquery.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
polonus (volunteer website security analyst & website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
Re: Ransomeware Troldesh from website..
«
Reply #1 on:
June 17, 2019, 05:20:34 PM »
The javascript malcode give aways: Unexpected 'eval'; use of single quotes 9several) ; Expected '=>' and instead saw '>';
decoding - simply replace eval with alert.
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Ransomeware Troldesh from website..