Author Topic: Hosting spammers with javascript S.EncodedJS.gen (Read 715 times)

polonus · « **on:** October 07, 2023, 06:41:18 PM »

Quote

-kamatera.com - hosting spammers "=offers.companyquote.co.uk"

Not detected: https://www.virustotal.com/gui/url/8dabf81917265d65791b52df6640818c07b9a114e158d60b5fa3b004364921a9/details

This IP flagged by 13 solutions - https://www.virustotal.com/gui/ip-address/185.167.97.244
Re: https://www.abuseipdb.com/check/185.167.97.244

See Trustpilot reviews: https://www.trustpilot.com/review/kamatera.com
See: https://www.shodan.io/search?query=kamatera.com
See: https://quttera.com/detailed_report/www.kamatera.com 11 suspicious files detected

Also found to be suspicious -> https://www.virustotal.com/gui/url/5cefa1d2348bcd4ce3e0a6ef1c3fe9d1134fa58626262a53589b77675ee0e4b6?nocache=1
(CLOUDFLARENET) - Uncaught SyntaxError: Unexpected token '<'
content.js:8 injected: env: missing script "f14895c8-24ac-4fbe-82b2-760ec8b25d4c"!
Mt @ content.js:8
3lazyload.min.js:1 Uncaught (in promise) Error: The message port closed before a response was received.
Warning for lazyload.min.js Security warning: The 'Expires' header should not be used, 'Cache-Control' should be preferred;
viewport element not been implemented. However host-only-attributes rightly implemented for that website.

Warning suspicious content detected - https://quttera.com/detailed_report/kamatera.com (9 likewise found)
Detected S.EncodedJS.gen Detected encoded JavaScript code commonly used to hide suspicious behaviour.

polonus (volunteer 3rd party cold reconnaissance website-security-analyst and website-error-hunter)