54 instances of TROJ_CRYPCTB.NSA detected here? 

polonus · 2017-03-28T13:15:43.000Z

See: http://urlquery.net/report.php?id=1490704902278

Threat Name: Infostealer.Limitail
Location: -https://hacmint.com/cgi_bin/Invoice-Report.zip

Magento not updated, listed here: https://sitecheck.sucuri.net/results/hacmint.com
Update to: recommend version 1.9.2.4 or 2.0.7
Several issues not being patched: https://www.magereport.com/scan/?s=https://hacmint.com/
Two issues: https://sritest.io/#report/e54ed076-1d76-48a3-b3ca-0ee2f85b9d43

Vulnerable jQuery library to be retired: http://retire.insecurity.today/#!/scan/2d58d47ef3c2fef15d649f91f4725338f6e2177635f49f32d4aaf5409297e5ee

F-F-status: https://observatory.mozilla.org/analyze.html?host=hacmint.com

-/skin/frontend/default/theme224k/js/scripts.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘.input-box select, .input-box input, input.qty, .data-table textarea, .input-box textarea, .advanced’]] of length 126 which may point to obfuscation or shellcode.

Consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fhacmint.com%2Fskin%2Ffrontend%2Fdefault%2Ftheme224k%2Fjs%2Fscripts.js
overflowing code to -http://dev.techsoup.nl/sites/all/modules/jquery_update/compat.js for instance…

polonus

polonus · 2017-05-19T22:01:39.000Z

Update of this persistent threat: http://urlquery.net/report.php?id=1495228834063
See: https://sitecheck.sucuri.net/results/hacmint.com

polonus

polonus · 2017-05-27T22:08:34.000Z

Threat Name: Infostealer.Limitail
Location: htxps://hacmint.com/cgi_bin/Invoice-Report.zip
→ Domain Name Certificate Name EV Security Certificate’s Authentic Fingerprint
hacmint dot com hacmint dot com — B5:7D:FB:E6:B9:8A:99:7A:05:6B:EB:A4:E6:CA:E7:C6:64:98:A9:88

Seems persistent, see here: http://urlquery.net/report.php?id=1495919871071
See: -https://urlscan.io/result/a0ae7023-48ed-4fee-83de-ba192cd86cde/dom/
See: https://www.virustotal.com/pl/url/1e69fb6b1ec56febc32edca93dfac5bbf08c303e5b65d43cd3efda58ee94413f/analysis/1495921958/

Web application version:
Magento version detected: 1.9.0.1
Magento not updated. We recommend version 1.9.2.4 or 2.0.7 → https://www.magereport.com/scan/?s=https://hacmint.com/

96 blacklisted links: https://quttera.com/detailed_report/www.hacmint.com

polonus (volunteer website security analyst and website error-hunter)

mchain · 2017-05-29T03:19:12.000Z

Updated urlquery scan: http://urlquery.net/report.php?id=1496025490538

Announcements