hXXps://bancopostaimpresaonline.poste.it/bpiol/js/banner.js
http://killmalware.com/bancopostaimpresaonline.poste.it/bpiol/js/banner.js
https://sitecheck.sucuri.net/results/bancopostaimpresaonline.poste.it/bpiol/js/banner.js
Thanks Pondus, but would it be possible for Avast staff to take a closer look? if it is an obfuscated script with strange behaviors? It’s on a banking web site.
EDIT: I’ve submitted a ticket too.
Phishy patterns, could well be malware related!
Code landing at -http://lamviectrenmang.co advert campaign, see: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fbancopostaimpresaonline.poste.it%2Fbpiol%2Fjs%2Fbanner.js
Site is vulnerable to the Poodle attack!
Extensive server header info proliferation detected: IBM_HTTP_Server/6.1.0.25 Apache/2.0.47 Win32 exploitable by SSL Key Renegotation.
This external link is blocked by uMatrix: -http://webtrendslive.com/
Link not available:- http://mybank.alliance-leicester.co.uk/
This is an external spam link → -myonlineaccounts2.abbeynational.co.uk*;client.uralsibbank.ru
Interesrting Array going to an exploit kit…TSPY_ZBOT.AUY infested website!
Report for detection!
polonus (volunteer website security analyst and website error hunter)
hxxps://bancopostaimpresaonline.poste.it/bpiol/js/banner.js
https://www.virustotal.com/nb/file/90dca3d8b341d85239bd58e797ca0bac0d3d0e17ede45d63f2c9c69ca5373eb2/analysis/1439659539/
Avast’s response to my ticket:
“Our virus specialists have been working on the problem and they informed me that the script is clean and will remain undetected by Avast.”