Again the avast! Webshield detecting JS:HideLink-A[Trj]

Viruses and worms
1

Trojans detected:
Object: htxp://amani-international.com/ | {gzip}
SHA1: 243905323e88d14b1a89aad1c9c5d1a8168a1d23
Name: TrojWare.JS.Agent.caa avast! detects as JS:HideLink-A[Trj]

Site with the infamous GoDaddy subdomain error:


<!-- pageok -->
<!-- managed by puppet -->
<html>
<pre>pageok</pre>
</html>

See: https://www.virustotal.com/nl/url/37b1ccd40cd4a85d6657cf6eb4c62c4adf04d879d478f463326e2ff23047237b/analysis/
Missed: http://quttera.com/detailed_report/amani-international.com

SEO Spam: ISSUE DETECTED DEFINITION INFECTED URL
SEO Spam MW:SPAM:SEO htxp://amani-international.com
SEO Spam MW:SPAM:SEO htxp://amani-international.com/index.html
SEO Spam MW:SPAM:SEO htxp://amani-international.com/contact.html

HTTP Security Header Not So Happy Finds:
X-Frame-Options

Uh oh! X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.

Strict-Transport-Security

Uh oh! Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.

Nosniff

Uh oh! nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.

X-XSS-Protection

Uh oh! We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.

Content Security Policy

Uh oh! We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.

UTF-8 Character Encoding

Uh oh! utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.

Server Information

Uh oh! Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!

Cross Domain Meta Policy

Uh oh! Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pd

Side wide issue: Suspicious

l terms of our instant no fax payday loan instant
no fax payday loan own financial status whether they wish. apply

polonus