see: http://app.webinspector.com/public/reports/24841007
Given as TrojWare.JS.Iframe.GJ
Site vuln for fmcarbscollegedot in see: Custom errors: Fail
Requested URL: htxp://fmcarbscollege.in/fmcarbscollege.in/(S(k4gsld55axnunf45uxnvfe45))/Default1.aspx?access=denied&ReturnUrl=/fmcarbscollege.in/trace.axd&foo= | Response URL: htxp://fmcarbscollege.in/fmcarbscollege.in/(S(k4gsld55axnunf45uxnvfe45))/Default1.aspx?access=denied&ReturnUrl=/fmcarbscollege.in/trace.axd&foo= | Page title: A potentially dangerous Request.QueryString value was detected from the client (foo=“”). | HTTP status code: 500 (Internal server error) | Response size: 6,690 bytes | Duration: 316 ms
and
Stack trace: Fail
Requested URL: htxp://fmcarbscollege.in/fmcarbscollege.in/(S(k4gsld55axnunf45uxnvfe45))/Default1.aspx?access=denied&ReturnUrl=/fmcarbscollege.in/trace.axd&foo= | Response URL: htxp://fmcarbscollege.in/fmcarbscollege.in/(S(k4gsld55axnunf45uxnvfe45))/Default1.aspx?access=denied&ReturnUrl=/fmcarbscollege.in/trace.axd&foo= | Page title: A potentially dangerous Request.QueryString value was detected from the client (foo=“”). | HTTP status code: 500 (Internal server error) | Response size: 6,690 bytes | Duration: 316 ms
Excessive headers warning:
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Clickjacking: Warning
Requested URL: htxp://fmcarbscollege.in/ | Response URL: htxp://fmcarbscollege.in/ | Page title: Raja Balwant Singh Management Technical Campus (Formerly FMCA) | HTTP status code: 200 (OK) | Response size: 20,301 bytes | Duration: 1,262 ms
Netcraft halts and reports Phishing, avast does not detect yet!
Very poort WOT web rep two reds.
Multiple threats detected:
GMT
htxp://fmcarbscollege.in/download/form_1.pdf on 08/05/2014 at 16:18 GMT
htxp://fmcarbscollege.in/download/form_2.pdf on 08/05/2014 at 16:18 GMT
fmcarbscollege.in/a7.swf <<SWF:Malware-gen
Avast should be detecting this as JS:Pdfka[trj] and swf:malware-gen
TrojWare.JS.Iframe.GJ belongs to a high level risk Trojan horse which is nasty to damage system files. It is very crafty virus that it can remain on all Windows operating systems. Mostly, the virus is distributed via suspicious links from social network or spam email attachment. Covered by the rootkit tactic, TrojWare.JS.Iframe.GJ can bypass antivirus programs and remain on computer deeply.
I get a suspicious file here: /default1.aspx
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What’s this?]
Details: Detected hidden iframe tag to ‘extremeplanet.pl’
Offset: 5921 flagged by Quttera’s which avast Webshield flags as infested with JS:Iframe-DOI[Trj].