You would not like to go here...

See: -http://exitoesclerosis.com
Detected libraries:
jquery - 1.4.2 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Links to avoid: https://www.mywot.com/en/scorecard/widgeo.net?utm_source=addon&utm_content=warn-viewsc
and https://www.mywot.com/en/scorecard/www.topcpm.com

See: http://killmalware.com/exitoesclerosis.com/#

This link cannot be found: http://toolbar.netcraft.com/site_report?url=https://jqueryrotate.googlecode.com
Poodle vulnerable and abused for DNS manipulation…

Crypto report with vulnerabilities: Certificate is installed correctly
jqueryrotate.googlecode.com
Warnings
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
SSLv3
This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
RSA remove cross certificates
The certificate chain contains a cross root (primary intermediate) certificate that should be removed. Use Symantec CryptoReport to remove cross root certificates.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by Google Inc to help secure personal and financial information.
Common name:
*.googlecode.com
SAN:
*.googlecode.com, *.cloud.google.com, *.code.google.com, *.codespot.com, *.developers.google.com, *.gcr.io, *.googlesource.com, *.u.googlecode.com, gcr.io, googlecode.com, googlesource.com
Valid from:
2016-May-18 11:16:47 GMT
Valid to:
2016-Aug-10 10:46:00 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Google Inc
Organizational unit:

City/locality:
Mountain View
State/province:
California
Country:
US
Certificate Transparency:
Not embedded in certificate
Serial number:
04af00a86ec30d52
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
GeoTrust Global CAIntermediate certificate
Google Internet Authority G2Intermediate certificate
*.googlecode.comTested certificate
Server configuration
Host name:
173.194.68.82
Server type:
Google Frontend
IP address:
173.194.68.82
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
SSLv3
Protocols not enabled:
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Enabled
OCSP stapling:
Not Enabled

polonus (volunteer website security analyst and website error-hunter)

UrlQuery > http://urlquery.net/report.php?id=1464283877361

Nothing malicious, just defacement
https://www.virustotal.com/en/file/2c8b22f9a13d6aaa95b519cd36234f18a6dcb871cb643016393ae14099b4654e/analysis/1464284710/

Hi Pondus,

Cannot agree there. No, “just defacement” is not being flagged by Avast,
whenever Avast flags a defacement it is a malicious defacement,
known here as HTML:Defacement-AA [Trj], which is malware,
that downloads adware and pop-ups via a backdoor onto the computer.

polonus

Avira

=================================================
The file ‘exitoesclerosis.com.htm’ has been determined to be ‘CLEAN’.
Our analysts did not discover any malicious content.

So not malicious, just defaced :wink:

Hi Pondus,

Thanks for the additional validation.
No malware, still some scripts we’d rather have normally scriptblocked (adtracking scripts).
Again no malware, you say, well Avast Webshield still blocks as with HTML:Defacement-AA[Trj] for me.
So like to hear from HonzaZ what is his final verdict.

polonus

HTML:Defacement-AA[Trj] seems to be just a warning for a hacked/defaced website
If it contained malicious code i think there would be a different detection name

I didn’t find anything malicious in the source code either. But as we all know, it can be hidden server-side (if I visit it for the 10th time, if I have an IP from the US, if I have a specific browser…)