See: unknown_html → https://www.virustotal.com/nl/url/27f025b7d63b3085cf06aac2a6a41beab829a3443b63af854b1e5c3c8254c97e/analysis/1398084105/
Malware not detected here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fprijm.com%2F
nor here: http://www.urlvoid.com/scan/prijm.com/
See: https://www.mywot.com/en/scorecard/prijm.com?utm_source=addon&utm_content=popup
Suspicious Javascript: om/s2/favicons?domain=7skgames dot rr dot nu’ alt=‘favicon’ width=‘16’ height=‘16’>7skgames dot rr dot nu</…Infected
malware check - Infected
om/s2/favicons?domain=7skgames dot rr dot nu’ alt=‘favicon’ width=‘16’ height=‘16’><font title=’ skill7 - play online games for …
404 error Check: Suspicious 404 Page:
.rr.nu’ alt=‘favicon’ width=‘16’ height=‘16’><font title=’ skill7 - play online games for real stakes against real oppon
Zulu Zscaler detects rightfully here: http://zulu.zscaler.com/submission/show/0bca692e6d2e95a37e80857290b02cd4-1398084781 100/100% malicious
So Prijm CMS is vulnerable - example of security through obscurity here → http://builtwith.com/?q=%20http%3A//prijm.com/
Also not very reassuring results here: http://sameid.net/ip/50.87.148.143/ (so what can we expect)
so overall badness history of IP: https://www.virustotal.com/nl/ip-address/50.87.148.143/information/
a can of rootkits and worms on that IP → https://www.virustotal.com/nl/file/b110d905c1765ed7f855260d8bcb76a73478fc6038257dd00bf720d492496d4c/analysis/
polonus
The code presented is not malicious per se, but I like to point out that
their problem also was how to change to api version with javascript.
This is kicking security problems because it should be done through server-side programming,
(but this will be a difficult task with hoster providing support for 437 sites on one and the same IP - i.m.o.- pol)
else it will be rather difficult or impossible to perform securely.
Info credits for above explanation should all go to Twitter’s Taylor Singletary.
polonus
For code flagged by Zscaler, see: http://jsfiddle.net/6VhTp/ & http://jsfiddle.net/E4Aqm/ & http://jsfiddle.net/58PLY/
Could there be a selfreplicating malware there?
Webutation alerts, but file scan does not deliver: https://www.virustotal.com/nl/file/3475ba5a2d78462f3c86b86caa5c5f8ab407496963f979732767ae816940d21c/analysis/1398091825/
Anyway as I described site certainly has vulnerabilities - themes are always at risk, the kernel CMS is often patched and updated.
Read about Core.js issues here:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/78797bbe-a931-4200-9b67-e462565d4052/vulnerability-issues-related-to-corejs?forum=sharepointadminlegacy
Flexslider also knows recent issues: https://drupal.org/project/issues/flexslider
All these issues and vulnerabilities aren’t at once solved by renaming the CMS software, I would like it would ;D and I would be a code sorcerer :o
polonus
I saw this and though, well, never going here. Thanks Pol for giving me the topic