Is this safe?

1234ava · 2015-08-15T08:23:12.000Z

hXXps://bancopostaimpresaonline.poste.it/bpiol/js/banner.js

Pondus · 2015-08-15T08:26:24.000Z

https://www.virustotal.com/nb/url/1a6f6344ae7efb52b80337a80f7b73fc4644e814c948687e2c9d54e1e8b6bee4/analysis/1439627058/

http://killmalware.com/bancopostaimpresaonline.poste.it/bpiol/js/banner.js

https://sitecheck.sucuri.net/results/bancopostaimpresaonline.poste.it/bpiol/js/banner.js

http://urlquery.net/report.php?id=1439627232181

1234ava · 2015-08-15T08:43:31.000Z

Thanks Pondus, but would it be possible for Avast staff to take a closer look? if it is an obfuscated script with strange behaviors? It’s on a banking web site.
EDIT: I’ve submitted a ticket too.

polonus · 2015-08-15T11:26:29.000Z

Phishy patterns, could well be malware related!

Code landing at -http://lamviectrenmang.co advert campaign, see: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fbancopostaimpresaonline.poste.it%2Fbpiol%2Fjs%2Fbanner.js
Site is vulnerable to the Poodle attack!
Extensive server header info proliferation detected: IBM_HTTP_Server/6.1.0.25 Apache/2.0.47 Win32 exploitable by SSL Key Renegotation.
This external link is blocked by uMatrix: -http://webtrendslive.com/
Link not available:- http://mybank.alliance-leicester.co.uk/
This is an external spam link → -myonlineaccounts2.abbeynational.co.uk*;client.uralsibbank.ru
Interesrting Array going to an exploit kit…TSPY_ZBOT.AUY infested website!
Report for detection!

polonus (volunteer website security analyst and website error hunter)

Pondus · 2015-08-15T17:30:39.000Z

hxxps://bancopostaimpresaonline.poste.it/bpiol/js/banner.js
https://www.virustotal.com/nb/file/90dca3d8b341d85239bd58e797ca0bac0d3d0e17ede45d63f2c9c69ca5373eb2/analysis/1439659539/

1234ava · 2015-08-21T10:36:56.000Z

Avast’s response to my ticket:
“Our virus specialists have been working on the problem and they informed me that the script is clean and will remain undetected by Avast.”

Announcements