Re: https://www.virustotal.com/gui/url/e688e26e214a7b1e756a4772bcd03100881b0e479507c3d20d39d55d0550ffd9/detection
Reported as spreading malware files: https://urlhaus.abuse.ch/url/798903/
7 detected files communicating with this IP address: https://www.virustotal.com/gui/ip-address/198.54.115.51/detection
Site is blacklisted: https://sitecheck.sucuri.net/results/zepham.com (see included iframes) Namecheap abuse…
with serving up Agent Tesla and open dir malware…

Running on: htxp://server230-2.web-hosting.com

opening up to: results from scanning URL: -http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=cpanelwhmreferral Number of sources found: 3 Number of sinks found: 154

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

APK file malware found associated with this IP:
https://www.virustotal.com/gui/url/1713560b3ac39e5fd3679d8b3a215de3bb45206c7ee9c018619e34f109a07c20/details
&
https://www.virustotal.com/gui/ip-address/104.27.160.72/relations
CloudFlare abuse om android.

Not a regular website and cannot be scanned: https://sitecheck.sucuri.net/results/https/judivbola.com
See included javascripts. Whitelist URL start etc: with results from scanning URL: -http://judivbola.com/js/login.js?v=32
Number of sources found: 16
Number of sinks found: 3
&
Results from scanning URL: -http://judivbola.com
Number of sources found: 4
Number of sinks found: 45

Retire.js
jquery 1.11.2 Found in -https://judivbola.com/Images/theme/v1/js/jquery.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

Script errors

File not found: /Image/theme/v1/js/script.js

SyntaxError: Invalid regular expression flags
eval ()()
:3:100()
Object.N [as F_c] (:2:148)()
Object.E_u (:3:274)()
Ka (eval at exec_fn (:1:157), :61:375)()
Object.create (eval at exec_fn (:1:157), :73:235)()
L (eval at exec_fn (:1:157), :12:208)()

SyntaxError: Invalid regular expression flags
eval ()()
:3:100()
Object.N [as F_c] (:2:148)()
Object.E_u (:3:274)()
Ka (eval at exec_fn (:1:157), :61:375)()
Object.create (eval at exec_fn (:1:157), :73:235)()
L (eval at exec_fn (:1:157), :12:208)()

Source code: HTML
-judivbola.com/
18,293 bytes, 195 nodes

Javascript 12 (external 7, inline 5)
-developer.livehelpnow.net/js/sdk/​lhn-jssdk-current.min.js
INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
38,144 bytes

-judivbola.com/Images/theme/v1/js/​jquery.js
-judivbola.com/js/​common.js?v=32
-judivbola.com/js/​header.js?v=32
-judivbola.com/js/​login.js?v=32
-judivbola.com/js/​jsencrypt.min.js
INLINE: function openTogel() { $(‘#div-togel’).css(‘display’, 'bloc
821 bytes

INLINE: $().ready(function () { $(‘#btnReg’).click(function () {
196 bytes

INLINE: window.lhnJsSdkInit = function () { lhnJsSdk.setup = {
717 bytes

INLINE: var win = null; function NewWindow(mypage, myname, w, h, scroll) {
423 bytes

judivbola.com/Image/theme/v1/js/​script.js
CSS 6 (external 3, inline 3)
judivbola.com/Images/theme/v1/css/​style.css
INJECTED

use.fontawesome.com/releases/v5.8.1/css/​all.css
INJECTED

-judivbola.com/Images/theme/v1/css/​slider.css
INJECTED

INLINE: -a.gootranslink:link {color: #0000FF !important; text-decoration: underline !impo
2,944 bytes INJECTED

INLINE: .BDTLL_icon_ok { background-image: url(data:image/png;base64,iVBORw0KGgoAAAA
26,787 bytes INJECTED

INLINE: .BDTLL_status { cursor: pointer; display: inline; margin-right: 3px;
117 bytes INJECTED

Tips

BeautifyCopy to clipboard
-https://judivbola.com/

<!-- Start Head_Tags_1_judivbola_com of -judivbola.com domain -->
<title>Bo Judi Bola Dan Togel Via Pulsa - VbOlA</title>
<meta name="description" content="-judivbola.com - Aplikasi judi bandar bola parlay, live casino poker pkv games android, betting bola jalan, bo togel terpercaya deposit pulsa ovo gopay.">
<meta name="keywords" content="judi bola,judi slot,judi tangkas,judi kasino,judi togel,judi online">
<link rel="canonical" href="-https://judivbola.com/">
<script src="-https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js"></script>
<script>
    /*
     * This entire block is wrapped in an IIFE to prevent polluting the scope of the web page with
     * functions created by this extension.
     */
    (function(realOpen, realSend, realFetch) {
            /*
             * Sometimes pages overwrite standard objects with global
             * variables. Where possible, we extract fresh versions from an
             * iframe.
             */
            const iframe = document.createElement('iframe');
            truncated 38144 bytes...
</script>
<meta property="og:url" content="-https://judivbola.com/">
<!-- End Head_Tags_1_judivbola_com of -judivbola.com domain -->

<!-- Start Head_Tags_1_judivbola_com of all domains -->

<!-- End Head_Tags_1_judivbola_com of all domains -->



<link rel="icon" href="Images/favicon.ico">
<link rel="stylesheet" href="Images/theme/v1/css/style.css">
<link rel="stylesheet" href="-https://use.fontawesome.com/releases/v5.8.1/css/all.css">
<link rel="stylesheet" type="text/css" href="Images/theme/v1/css/slider.css">
<script type="text/javascript" src="Images/theme/v1/js/jquery.js"></script>

<script type="text/javascript" src="js/common.js?v=32"></script></blockquote>

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)