Need second opinion/confirmation on this

hxxp://www.miccostumes.com/ (link broken just in case my information is correct)

^I found that link on another forum I frequent and my suspicions lead me to investigate this further and after checking the domain records I decided to check with unmask parasites and it found a suspicious inline script on the site.

I just want a second opinion in this too see if the unmask parasites information is correct and if the script was placed there intentionally by the site creator (considering the site hasn’t been updated since it was registered in April) or was part of a hack on the site (which I am doubting at this moment in time).

Wepawet - Benign
http://wepawet.cs.ucsb.edu/view.php?hash=bd3b595f44e8bbcb1c30a8c88b49b1b3&t=1279555790&type=js

NoVirusThanks - CLEAN
http://scanner.novirusthanks.org/analysis/af4092a3a1e7635e816fa5512c97a7d1/aW5kZXg=/

URLVoid - CLEAN

Report 2010-07-19 18:10:05 (GMT 1)
Website miccostumes.com
Domain Hash 847ff8304f9ef3f43c62a9245f48ca7b
IP Address 216.38.54.205 [SCAN]
IP Hostname host6.shoppingrun.com
IP Country CN (China)
AS Number 25847
AS Name SERVINT - ServInt
Detections 0 / 17 (0 %)
Status CLEAN

Hi demonix00,

The code is still there see: http://jsunpack.jeek.org/dec/go?report=c12d0a14be6e26f954a27cf3ef3202d1b970d915

and that goes here, but is benign:
http://wepawet.iseclab.org/view.php?hash=786d7ae714c71593238cfa52ae319c0e&t=1279559722&type=js

For a complete report see attached txt file NO KNOWN SIGNATURES FOR MALICIOUS CODE FOUND

polonus

Hi demonix00,

Also did a scan here: http://www.elsop.com/quick/
From the elsop report
00049 Error: 18 Invalid Scheme http://www.providesupport.com?messenger=sado44 Live Support
00131 Warning: 908 Missing / / Always A Secure Site
00138 Possible Error: 900 No DNS Entry https://ssl js: [Host Not Found 1 ] *
00138 Possible Error: 900 No DNS Entry http://www js: [Host Not Found 1 ] *
00152 Possible Error: 900 No DNS Entry https://ssl js: [Host Not Found 1 ] *
00152 Possible Error: 900 No DNS Entry http://www js: [Host Not Found 1 ] *
00157 Warning: 908 Missing / http://www.instantssl.com Server SSL Certificate *

  • shoukld be checked…

polonus