dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed


seaman
Premium
join:2000-12-08
Seattle, WA
reply to mysec

Re: Is this website compromised?

mysec, very helpful observations, thanks. When I allow the app to run then selected content starts to load. It seem like I have to grant permission for each button/photo. Is it possible that this is just a very outdated website and my java settings are set on "paranoid"?


mysec
Premium
join:2005-11-29
kudos:4

1 recommendation

I don't know much about Java at all, except that the exploits are easily blocked with proper security policies in place.

I was not aware that Java applets on a web site needed to use the application executable to connect out.

By the way, I found that farid-send {dot} com is the same site, so everything looks legitimate:

Headlinessalon.com - Whois Information
We include detailed information like the server IP Address which is 209.237.150.20.
Headlinessalon.com resides at Web.com in Jacksonville, FL, United States.
-----------------------------------
farid-send.com
Location of the Host IP address
209.237.150.20:
Jacksonville in United States
 

----
rich


seaman
Premium
join:2000-12-08
Seattle, WA

said by mysec:

By the way, I found that farid-send {dot} com is the same site, so everything looks legitimate:

Nice work, thanks for connecting that!

mysec
Premium
join:2005-11-29
kudos:4

You are welcome!

I had a chance to take a peek at the code, and each of the buttons is loaded via the Java Applet. For example, the "Home" button, showing the home page URL:

<applet code="fphover.class" codebase="_fpclass/" > 
<param name="url" value="home.htm" valuetype="ref"> 
 

----
rich