« previous next »
Pages: [1]   Go Down

Author Topic: Malware on website and vulnerabilities on hoster...blacklisted domain...  (Read 1028 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33913
  • malware fighter
Malware on website and vulnerabilities on hoster...blacklisted domain...
« on: September 09, 2020, 01:33:39 PM »
Is detection effective for uri and IP? (Google Safebrowsing alerts anyway).

See: https://urlhaus.abuse.ch/url/456023/  (executable malware)...

URL Detetced by 11 engines -> https://www.virustotal.com/gui/url/f35b59e24b58bc6b892543626d3131c54a342e434d470460788a6f0af46389fc/detection

Only 1 engine to detect IP: https://www.virustotal.com/gui/ip-address/146.185.219.132/detection

VT detection: https://www.virustotal.com/gui/file/8e99ebae5c7d8b8620f20ff54a24db4d15c817f24e2a3017525063a34308bf60/detection/f-8e99eba  Avast detects as Win32:Malware-gen
DOM-XSS issues: Results from scanning URL: -http://unfreseszesgrowesr.com/js/jquery.easing.1.3.js
Number of sources found: 6
Number of sinks found: 11
and
Results from scanning URL: -http://unfreseszesgrowesr.com/js/main.js
Number of sources found: 36
Number of sinks found: 5

Retirable jQuery library: https://retire.insecurity.today/#!/scan/22cfdc61b8c4fb25fd3aec4ec18dfc813368e63ce30959b137acf834c2d688b7
Re: Results from scanning URL: -http://unfreseszesgrowesr.com/js/jquery-3.3.1.min.js
Number of sources found: 34
Number of sinks found: 15

Technology used and vulnerabilities: https://www.shodan.io/host/146.185.219.132

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »