JS:ScriptIP-inf alerts on website avisen.dk

Viruses and worms
1

Hi, can someone please help and explain to me why the site http://www.avisen.dk is blocked by avast?

I have checked on several sites:
https://www.virustotal.com/da/url/086b8aba804306dd8603dc2f5337f32da9c0f4858c0d78eb936d2f6f75d6084c/analysis/1419858911/
http://sitecheck.sucuri.net/results/www.avisen.dk
http://zulu.zscaler.com/submission/show/727db04cc94fdaa0ba789918ad4efd79-1419855680

As fare as I can see everything is fine.

Regards
Brian Frederiksen
Developer
Avisen.dk

2

http://urlquery.net/report.php?id=1419863984841
http://urlquery.net/report.php?id=1419863984664
https://www.ssllabs.com/ssltest/analyze.html?d=avisen.dk
http://mxtoolbox.com/domain/www.avisen.dk/?source=findmonitors
http://dnscheck.sidn.nl/?time=1419864433&id=1788358&view=basic&test=standard
http://dnscheck.pingdom.com/?domain=www.avisen.dk
http://multirbl.valli.org/lookup/194.152.39.110.html
https://manage.centralnic.com/support/domain_doctor/www.avisen.dk
http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.avisen.dk&useragent=Fetch+useragent&accept_encoding=

3

Detected file name: File name: b117f8da23446a91387efea0e428392a.pl/scripts/ws2043.min.js?b=20141202&cd=
Suspicious:

 [=p[t]||n(t)}p=[function(n){returnw[n]}];n=function(){return'\\w+'};t=1};while(t--){if(p[t]){h=h.replace(newRegExp('\\b'+n(t)+'\\b','g'),p[t])}}returnh}('o2e;if(!2e){2e={}}(q(){qf(n){wn᝺?"0"+n:n}if(1b3t.3F.4d!=="q"){3t.3F.4d=q(2f){waf(2X.aT())?2X.c2()+"-"+f(2X.c5()+1)+"-"+f(2X.c6())+"T"+f(2X.c1())+":"+f(2X.cY())+":"+f(2X.cS())+"Z":O};4y.3F.4d=1I.3F.4d=cV.3F.4d=q(2f){w2X.aT()}}ocx=/[\\cb\\aR\\b9-\\b8\\b7\\b5\\a6\\a3-\\a8\\ad-\\9S\\9Q-\\9P\\9U\\9Z-\\9Y]/g,6J=/[\\\

Detected potentially suspicious initialization of function pointer to JavaScript method write __tmpvar1512791708 = write;
Slider exploit: htxp://slider.min-a-kasse.dk/wordpress vulnerable, read: http://www.psd-tutorials.de/forum/threads/wordpress-slider-revolution-sicherheitsluecke.166696/
code hick-up: info: [script] tags.crwdcntrl dot net/c/2736/cc.js?ns=_cc2736
info: [decodingLevel=0] found JavaScript
error: undefined variable node
suspicious: → https://www.mywot.com/en/scorecard/crwdcntrl.net?utm_source=addon&utm_content=popup (two Reds),
also: https://www.robtex.com/dns/crwdcntrl.net.html

polonus
4

Hi polonus

Thank you for your reply.

I’m trying different stof on the page but can’t realy find out where the root of the problem is.
The slider you mention is only on the landingpage, but avast also blocks sub-pages.
Take this page http://www.avisen.dk/tipavisen.aspx?noads=true
It dosn’t realy contain a lot of stuff, but I still get the alert.
Is there some sort of log, somewhere in the avast client tool, that can tell me why it is blocking the page?

Thanks again.

Regards
Brian

5

Contact virus@avast.com link to thread and ask for any particulars:
site has a conditional redirect: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.avisen.dk%2Ftouch%2Fdefault.aspx&useragent=Fetch+useragent&accept_encoding=

polonus