Author Topic: Infected URL?  (Read 4207 times)

0 Members and 1 Guest are viewing this topic.

Avastfan1

  • Guest
Infected URL?
« on: May 30, 2010, 10:24:54 AM »
Hello Everyone!

Can somebody please tell me if this URL is infected?

hxxp://drawmohammed.com/

Thanks!

Avastfan1
« Last Edit: May 30, 2010, 11:24:27 AM by Avastfan1 »

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3060
Re: Infected URL?
« Reply #1 on: May 30, 2010, 11:20:06 AM »

Avastfan1

  • Guest
Re: Infected URL?
« Reply #2 on: May 30, 2010, 11:25:04 AM »
Hi NMB,

Thank for the reply. Those links look really great! Are they hosted by reputable companies?

Avastfan1

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3060
Re: Infected URL?
« Reply #3 on: May 30, 2010, 11:26:12 AM »
Yes, they are reliable to some extent. I mean the scan for websites.

You can also try anubis service. But it is for an advanced user.

nmb
« Last Edit: May 30, 2010, 11:28:40 AM by nmb »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Infected URL?
« Reply #4 on: May 30, 2010, 03:12:58 PM »
Hi

The site was/is still hacked by Turkish hackers from Canada,
because they consider the site as blasphemous,
this was not so long ago 20-22 May last:
http://www.allpakistaninews.com/turkish-hackers-facebook-and-drawmohammed-com.html

Unmasked parasites give it clean, also subsequent link sites..
Scan for: htxp://drawmohammed.com
Hostname: drawmohammed.com
IP Address: 67.43.237.66
Date: 30-05-2010 06:55

Running on: Microsoft-IIS/7.0
Powered by: ASP.NET
links found there:
htxp://www.sonpeygamber.info/index/index.php?lang=en
1 page resulted in malicious software being downloaded and installed without user consent.
The last time suspicious content was found on this site was on 2010-04-10.

Malicious software includes 322 exploits.

Malicious software is hosted on 1 domains, including abbcp.cn/.

This site was hosted on 3 network(s) including AS39582 (GRID), AS35368 (DATAHOUSE), AS52 (UCLA).
http://www.Cyber-Warrior.Org/domain.asp
http://www.turk-h.org/defacement/view/4135/drawmohammed.com
http://www.google.com.tr/search?hl=tr&q=drawmohammed.com&meta=

Listings:
Domain clean by Google Safe Brownsing: drawmohammed.com

Domain clean by Norton Safe web: drawmohammed.com

Domain clean by Sucuri Web Blacklist: drawmohammed.com

Domain clean by the Phish Tank: drawmohammed.com

Domain clean by the Malware Domain List: drawmohammed.com

Checked links:

(Level: 0) Url checked:
htxp://drawmohammed.com
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (meta refresh)
htxp://www.lastprophet.info/en/?lang=en
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/togglelayer.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/overlib_mini.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/disablerightclick.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/includes/js/domnews.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mbt_transmenu/transmenu.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_lxmenu/functions.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_lxmenu/menu.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_lxmenu/pos_lxmenu.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_fpss/engines/jquery-comp.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/mod_fpss/engines/jquery-fpss-comp.js
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.lastprophet.info/en/modules/pagepeel_banner/ac_oetags.jslanguage=javascript
Blank page / could not connect
No ad codes identified

(Level: 2) Url checked: (script source)
htxp://www.google-analytics.com/urchin.js
Zeroiframes detected on this site: 0
No ad codes identified

polonus



« Last Edit: May 30, 2010, 10:59:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Avastfan1

  • Guest
Re: Infected URL?
« Reply #5 on: May 30, 2010, 07:33:59 PM »
As always, Polonus coming through with additional, comprehensive information!

Thanks!

Avastfan1

0strodamus

  • Guest
Re: Infected URL?
« Reply #6 on: June 02, 2010, 09:45:28 PM »
I'll say! Where does polonus dig all this stuff up from? Very informative!  ;D

Avastfan1

  • Guest
Re: Infected URL?
« Reply #7 on: June 03, 2010, 12:08:26 AM »
No idea. But the lad is an absolute gem!