See: https://www.virustotal.com/en/url/b845b59436b8669d9b7451a500ea39e4d3fd09f1568d80e1b5f9ea128cd46341/analysis/1455727634/
and https://www.virustotal.com/en/file/2b810edea60c0b23932aede64b3caf5106f72bda4f78dac16af680b25e12f325/analysis/1455664875/
3 potentially suspicious files: /index_files/cb=gapi.loaded_1
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method unescape 0 = unescape;
/index_files/cb=gapi.loaded_0
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘%26undefined,undefined,128,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0’]] of length 150 which may point to obfuscation or shellcode.
/index_files/jquery.pjax.js
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: + has been called with a string containing hidden JavaScript code .
We recommend against using this property.
Outdated Web Server Nginx Found: nginx/1.0.13
Vulnerable libraries detected: -http://1.u0145464.z8.ru
Detected libraries:
jquery - 1.6.4 : -http://1.u0145464.z8.ru/index_files/jquery-1.6.4.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.5.1 : -http://1.u0145464.z8.ru/index_files/jquery.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
2 vulnerable libraries detected
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2F1.u0145464.z8.ru%2Findex_files%2Fjavascript.js
Blocked by an adblocker = uBlock₀ has prevented the following page from loading:
-http://reformal.ru/
Because of the following filter
-||reformal.ru^
Found in: hpHosts’ Ad and tracking servers
At IP we detect HTTP Server: nginx 1.0.13 (Outdated) → http://toolbar.netcraft.com/site_report?url=http://80.93.62.222
60% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.
polonus
polonus