Re: http://killmalware.com/estetika.ch/
Consider the file viewer report: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.estetika.ch&ref_sel=GSP2&ua_sel=ff&fs=1
What script is at the culprit of this? → -https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=fr
3 sources and 3 sinks: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fcse.google.com%2Fcoop%2Fcse%2Fbrand%3Fform%3Dcse-search-box%26lang%3Dfr
Custom errors: Fail and three warnings: https://asafaweb.com/Scan?Url=www.estetika.ch%2Freminder.asp
A meagre F-Status here: https://securityheaders.io/?q=www.estetika.ch
And the above mentioned script is also at the culprit of the insecurity here: https://sritest.io/#report/1180b727-c11c-4ef7-942e-8643970fbd0c
Insecure Log-in: ESTETIKA: tables de massage, cire ࠩpiler, coiff… padlock icon
www.estetika.ch
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://www.estetika.ch/login.asp
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
Insecure IDs tracking deteced: This website is insecure.
75% of the trackers on this site could be protecting you from NSA snooping. Tell estetika.ch to fix it.
Tweet
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
79=h7ptobbz_kfg7xujwjglasrtuqz_z1k_afyupk5_qp9cztzsahkbrvqrgora5nr8n7XXXXXXXXXXe6h2kjzpmtb1nndz1n37rbcrpdvhzvax0_vlcv8to5ftq_czjdrib7gzqs3fd7vmn3gyn1hqv-f6z23irkpp2ki3p8a6iooq4sgqrl2pd31z9tesan-o2ckcnspw1vwytaknm3cka
-www.google.com nid
Checking for cloaking
There is a difference of 29173 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page.
→ http://isithacked.com/check/estetika.ch
DatabaseMart abuse?: http://toolbar.netcraft.com/site_report?url=http://www.estetika.ch
Nameserver insecurity: DROWn vulnerable: https://test.drownattack.com/?site=ns09.shared-servers.com
Seems the website security is out of the hands of the web admin and SE adware marketing has a free range there
but at least the frameset link has been blocked by the code now:
line 39: < frame src=hxxp://ww1.obd4sale.com/?
which SE redirect was performed for DNS10.PARKPAGE.FOUNDATIONAPI.COM *
So a nameserver problem pointing somehow at * lies at the root of this, read here: https://support.logicboxes.com/helpdesk/index.php?/Knowledgebase/Article/View/51/7/why-do-i-see-a-parking-page-on-my-website-even-when-the-domain-and-hosting-are-active
Code error: ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js benign
[nothing detected] (script) ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
status: (referer=hxtp:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>
in Fancyzoom.js:
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined function $
error: line:3: SyntaxError: missing ; before statement:
error: line:3: <script type="text/javascript" src="js/jquery-1.4.2.min.js"></script><script type="text/javascript" src="js/FancyZoom.js"></script><script type="text/javascript" src="js/FancyZoomHTML.js"></script><script type="text/javascript" src="js/common.js"></script
error: line:3: ......................................................................^
How to fix? Read: -http://pcfilesfix.com/fancyzoom-js.html
polonus (volunteer website security analyst and website error-hunter)