Blacklisted page not accessible....

polonus · June 18, 2014, 8:30pm

See attached image

polonus · June 18, 2014, 9:38pm

This one has been taken offline because of this report: http://sitecheck.sucuri.net/results/dikesalerno.it
Site fell victim to this attack GET /includes/class.pop.php HTTP/1.1
Host: vidintex dot com
Read about PHP Object Injection here:
https://www.owasp.org/index.php/PHP_Object_Injection
See: http://urlquery.net/report.php?id=1403126588808
link article author = Egidio Romano
Here they have never ever even heard of any infestations there: http://www.statscrop.com/www/dikesalerno.it
(statscrop is an unreliable web rep site)
See attached

pol

Secondmineboy · June 18, 2014, 9:41pm

The hoster of the first website is actually from here in Germany

Pondus · June 18, 2014, 9:44pm

polonus · June 18, 2014, 10:11pm

Thanks, Pondus, for revealing the fact that we were being protected,
while that malcode was spreading from there.
Seems the (bad?) hoster is spreading more “goodies” from that same IP: http://urlquery.net/report.php?id=1403040341993 (malicious Javascript)
and a Sality variant flagged here: http://urlquery.net/report.php?id=1402200424909

Damian

polonus · June 20, 2014, 8:28pm

Another one: See: http://killmalware.com/danestani.com/# HTML code contains blacklisted domain: wXw.forum.niksalehi.com (Questionable is this report - htxp://www.scamadviser.com/is-forum.niksalehi.com-safe.html)
Flagged only as blacklisted here: http://quttera.com/detailed_report/www.danestani.com
Given the all clear here: http://app.webinspector.com/public/reports/22651883?cache=true
Given clean by DrWeb’s: Checking: htxp://www.danestani.com
Engine version: 7.0.9.4080
Total virus-finding records: 5329733
File size: 340 bytes
File MD5: aa658211c46231bbc2a072bf3d23d7fa

htxp://www.danestani.com - archive JS-HTML

htxp://www.danestani.com/JSTAG_1[8f][45] - Ok
htxp://www.danestani.com/JSTag_2[94][40] - Ok
htxp://www.danestani.com - Ok

pol

Announcements