Kaspersky found some abuse going on here. Read on.
Vulnerable server header: Outdated Web Server Nginx Found: nginx/1.2.3
Server vuln: http://www.cvedetails.com/version/148772/Igor-Sysoev-Nginx-1.2.3.html
Same IP domains: http://sameid.net/ip/91.202.63.43/
IP badness history: https://www.virustotal.com/nl/ip-address/91.202.63.43/information/
DrWeb JS.Loadpays.2 launched from that IP and latest found: Adware.Downware.2095
htxp://myfiler.anchih.pp.ua/ is in Dr.Web malicious sites list!
My connnection is flagged to be not private here: htxps://www.urlquery.net/report.php?id=1409069061211 (Privacy error given by Chrome)
Site may be down: https://urlquery.net/report.php?id=1415455779074
See all the IDS alerts in “Recent reports on same IP/ASN/Domain”
like IDS alert: ET INFO HTTP Request to a *.ru.tf domain, ET INFO DYNAMIC_DNS HTTP Request to Abused Domain *.mooo.com, ET POLICY HTTP Request to a *.tk domain.
Kraken Virus Tracker confirms: myfiler.anchih.pp dot ua,91.202.63.43, ns1.lp-dns dot com, Criminals,
This only means to say there is up and active malcode there, no more no less.
DNS Inspection Report: http://www.dnsinspect.com/myfiler.anchih.pp.ua/1415455988
→ htxp://ns1.lp-dns.com/ is present in the Dr.Web database of unwanted sites!
XSS vuln: Results from scanning URL: htxp://myfiler.anchih.pp.ua
Number of sources found: 0
Number of sinks found: 123
Results from scanning URL: htxp://myfiler.anchih.pp.ua/js/jquery.min.js
Number of sources found: 38
Number of sinks found: 21 → document,cm.write (as source)
Javascript check: http://jsunpack.jeek.org/?report=3896f0ad1b2f9738374efa8d44b16040a8e48d6e
For security research only, open link with NoScript active in the browser and inside a VM/sandbox.
Code hick-up:
myfiler.anchih.pp dort ua/js/jquery.jcarousel.min.js benign
[nothing detected] (script) myfiler.anchih.pp dot ua/js/jquery.jcarousel.min.js
status: (referer=myfiler.anchih.pp.ua/)saved 17461 bytes 7f39276f2b5c4d00f2041df89290b1665b6aa577
info: [decodingLevel=0] found JavaScript
suspicious:
And undefined function q.getElementsByTagName
error: undefined variable q
In main.js: undefined variable $ -XSS vuln, see resultsfrom scanning URL: htxp://s0.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1414003384j
Number of sources found: 38
Number of sinks found: 12 via Java Lexer using javax annotations
Possibly remote inclusion vulnerability in code link htxp://sorgalla.com/jcarousel (Zend/PHP) - wrap circular 'loop
in myfiler.anchih.pp dot ua/js/jquery.jcarousel.min.js
polonus