Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on November 29, 2013, 04:38:06 PM

Title: Malicious site undetected?
Post by: polonus on November 29, 2013, 04:38:06 PM

See: http://zulu.zscaler.com/submission/show/097083d18a7c649caa376f6219d53ce4-1385738777
See: https://www.virustotal.com/nl/url/f88a1ab2fd579835d07fe08da5c4e1ba6d98fe6f21053b151359ea8b75f61854/analysis/1385738625/

Missed: http://quttera.com/detailed_report/sportstvasia.com  &  http://evuln.com/tools/malware-scanner/sportstvasia.com/
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 404 Not Found
Fortinet flags as Fortinet    JS/.BBDZ!tr
Safe virus viewer report: http://support.clean-mx.de/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fsportstvasia.com%2F

Recent finds  SimpleTDS go.php IDS on same IP,

pol

Title: Re: Malicious site undetected?
Post by: polonus on November 29, 2013, 05:23:43 PM

This site is not being blocked either: http://maldb.com/usse-sarl.com/
and http://evuln.com/tools/malware-scanner/usse-sarl.com/
completely missed: https://www.virustotal.com/nl/url/48ad7d3a2da0df384917d3aee46e54cc395f693b3083b5859e1c2b1eb6f10be5/analysis/1385741516/
see: http://jsunpack.jeek.org/?report=f5899924431796deb7ea36939b73cf2cfcabd950
Joomla update required: http://sitecheck.sucuri.net/results/usse-sarl.com
Joomla Version 1.5.18 - 1.5.26 for: htxp://usse-sarl.com/media/system/js/caption.js
Joomla Version 1.5.18 to 1.5.26 for: htxp://usse-sarl.com/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Not been detected here: http://zulu.zscaler.com/submission/show/73824bbd262bd2ab877344ac739f4792-1385741707
nor here: http://urlquery.net/report.php?id=8061114

The chain of redirects found:
to: htxp://yahoo.com
Redirect to this URL found in 3823 sites
to: htxp://www.bolltec.com/media/jce/mediaplayer/license.php
Redirect to this URL found in 1672 sites
to: httx://www.haphuongfoundation.net/vietnam/language/pdf_fonts/www/all2.php
Redirect to this URL found in 4880 sites
Also see: http://evuln.com/tools/malware-scanner/usse-sarl.com/

Consider also: http://sameid.net/ip/217.160.236.94/

polonus

Title: Re: Malicious site undetected?
Post by: Pondus on November 29, 2013, 05:41:47 PM

Your first post ..... site is dead   ;)    http://www.downforeveryoneorjustme.com/http://sportstvasia.com/

Title: Re: Malicious site undetected?
Post by: polonus on November 30, 2013, 12:19:15 AM

Hi Pondus,

That was a rather complicated way to arrive at that conclusion of the site status as "down for everyone and me".
At least at the time this was still up and active the threat was being flagged.
How many suspicious scanned website results did we encounter here on the forums, Pondus?
We can almost sniff them out, so to say,
Again thanks for your continuing assistance,

polonus