Comodo gives packed RokTabs Module as suspicious

See: Object: htxp://adosa.co.za/modules/mod_roktabs/tmpl/roktabs.js
SHA1: 3ee73f91cc1e17f60dd6be7cf10ce14262dd18ea
Name: Suspicious-WI.-> http://jsunpack.jeek.org/?report=ff3134478fe79cb56af77c9aa01db6e82f0447c6
A hidden rogue packed? Or just encrypted propriety code and benign?

Anyone to react?

polonus

nothing on the js file
https://www.virustotal.com/nb/file/e3ea93bfbdc03b31f629ec05dada972abb1013619ec26ea37789ee701528482d/analysis/1411484694/

but html is infected with HideMe spam link
https://www.virustotal.com/nb/file/dd5712fae94d0eba928a7f0dc7cced9be191d103ed8c302de13dbb406b0a2b00/analysis/1411484776/

Sucuri http://sitecheck.sucuri.net/results/adosa.co.za

Thank you, dear Pondus, we have something to start with now.

Well you know I started to rethink the issue analyzing here: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fadosa.co.za%2Fmodules%2Fmod_roktabs%2Ftmpl%2Froktabs.js+&useragentheader=&acceptheader=

Redirecting to a 404 now: htxp://alelaamazwiethu.co.za/

→ htxp://lalelaamazwiethu.co.za/about/10-activities.html → T+2.28s WARNING: None of your DNS servers have IPv6 addresses

T+2.28s	WARNING: your DNS servers originate from only one autonymous system (network). Locating DNS servers on multiple networks will improve resilience

polonus

Correction it is this licensed code: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fadosa.co.za%2Fmodules%2Fmod_roktabs%2Ftmpl%2Froktabs.js&useragentheader=&acceptheader=

and consider: https://news.ycombinator.com/item?id=7836092 reversing what?

pol