Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site with alerts, avast! Web Shield detects as JS:Recirector-KN[Trj]
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Site with alerts, avast! Web Shield detects as JS:Recirector-KN[Trj] (Read 1840 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Site with alerts, avast! Web Shield detects as JS:Recirector-KN[Trj]
«
on:
October 27, 2013, 10:18:56 PM »
https://www.virustotal.com/nl/url/8ad2e32ce42d171f5afe05d783e8c72b80df8975d5d3bff1f47a671ff5304591/analysis/1382908173/
and
http://urlquery.net/report.php?id=7219056
IDS alerts for ET CURRENT_EVENTS TDS Sutra - request in.cgi severity 2 & MALWARE-CNC Win.Trojan.Agent variant outbound connection severity 1
iFrame check: Suspicious <iframe frameborder="0" id="'+math.round(math.random()*100000)+'" width="120" scrolling="no" style="height:200px;backgro
Javascript check: Suspicious href="htxp://ocapojesyradyk.nm.ru/rss.xml" /> <link rel="alternate" type="text/xml" title="rss .92" href="htxp://ocapojesyradyk.nm.ru/rss.xml" /> <link rel="alternate" type="appl... avast! Web Shield detects as JS:Recirector-KN[Trj]
We have protection folks,
polonus
«
Last Edit: October 27, 2013, 10:40:21 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Secondmineboy
Avast Evangelist
Massive Poster
Posts: 3645
Re: Site with alerts, avast! Web Shield detects as JS:Recirectot-KN[Trj]
«
Reply #1 on:
October 27, 2013, 10:23:20 PM »
ScanURL gives red:
We recommend that you do not visit the specified website/URL (or do so with caution). One or more services we checked with below report that it may be suspicious.
AVG:
http://www.avgthreatlabs.com/website-safety-reports/domain/nm.ru/
(Malware detected in the last 7 days)
McAfee:malicious
http://www.siteadvisor.com/sites/ocapojesyradyk.nm.ru
Quettra gives 111 suspicious files:
http://www.quttera.com/detailed_report/ocapojesyradyk.nm.ru
Zulu gives malicious
http://zulu.zscaler.com/submission/show/1e1edbfd5885f2511d012c4cf9cabc88-1382908998
«
Last Edit: October 27, 2013, 10:33:49 PM by Steven Winderlich
»
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Site with alerts, avast! Web Shield detects as JS:Recirector-KN[Trj]
«
Reply #2 on:
October 27, 2013, 10:49:22 PM »
The redirect that avast! flags has suspicious iFrame: Suspicious <iframe frameborder="0" id="'+math.round(math.random()*100000)+'" width="120" scrolling="no" style="height:200px;backgro and suspicious javascript: Suspicious href="htxp://ocapojesyradyk.nm.ru/rss.xml" /> <link rel="alternate" type="text/xml" title="rss .92" href="htxp://ocapojesyradyk.nm.ru/rss.xml" /> <link rel="alternate" type="appl...
see:
http://jsunpack.jeek.org/?report=53661e4c19452ea6995ee3db5d41a1d3b41f4591
going to htxp://ocapojesyradyk.nm.ru/show3.html whay is actually being flagged by avast! Webshield as JS:Recirector-KN[Trj]
confirmed here:
http://zulu.zscaler.com/submission/show/88b64095996599e294100ffbcda1abc0-1382910333
and
http://zulu.zscaler.com/submission/show/1e1edbfd5885f2511d012c4cf9cabc88-1382908998
100/100% malicious
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37700
Re: Site with alerts, avast! Web Shield detects as JS:Recirector-KN[Trj]
«
Reply #3 on:
October 27, 2013, 11:05:11 PM »
virustotal extremly slow to night
html scan
jotti
http://virusscan.jotti.org/en/scanresult/9f643b1a861538c251043750a5e3f88e48ecbe76
metascan
https://www.metascan-online.com/en/scanresult/file/86156fe415b74f64bc06fc4afb795fe0
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site with alerts, avast! Web Shield detects as JS:Recirector-KN[Trj]