Why is the website harmful?

[Matthew_Wai]

http://60.210.11.231/
The Web Shield deems it harmful, do you know what it is?

[essexboy]

http://myip.ms/view/ip_addresses/1020398336/60.210.11.0_60.210.11.255

http://cnc-noc.net/mail/login.action

Not sure

[Pondus]

https://www.virustotal.com/en/url/6cb04a97832f2a70ab34451991168078dd7e6ae747d4e369f98dd8485c917bb5/analysis/1398513971/

IP is blacklisted by dev.null.dk and  spamsources.fabel.dk

seems to be an empty site now...click picture.   http://www.urlquery.net/report.php?id=1398514275777

[Matthew_Wai]

http://60.210.11.231/lvs/banner_1.jpg  quoted from the Web Shield report
Perhaps this file exists.

[Pondus]

it does....pic of a nice girl.       http://www.urlquery.net/report.php?id=1398515062630

[Matthew_Wai]

But it is not a banner at all!

[Pondus]

But it is not a banner at all!

?

[Matthew_Wai]

It is an advertisement for express delivery of documents, the words are in Chinese.
Do you think it is false positive?

[Pondus]

see my first post... from the IP ban blacklist, it seem it may have to do with spam

[Matthew_Wai]

What do you think will happen if I visit the URL after disabling the Web Shield?

[Pondus]

What do you think will happen if I visit the URL after disabling the Web Shield?

nada i guess.... and the pic file is clean according to VT.... 5 month old scan
but dont come back complaining if i am wrong.   



https://www.virustotal.com/en/url/7426cdaf3b4e6b40da0504bb800af974cf7918f233c256d5f6d0eb6177de85d1/analysis/

https://www.virustotal.com/en/file/2bb3608eab1a013999a13b80e704606bc7793b56669354380989b66232ac5aa1/analysis/1385649338/

[polonus]

See all threats here: http://threatstop.com/checkip -> 23 minutes ago threats MODIFIED ITAR, ITAR, CHINA threat level 1.
See: Up(nil):      APNIC   CN      60.210.11.231    to 60.210.11.231   60.210.11.231   
See: http://toolbar.netcraft.com/site_report?url=60.210.11.231%2Flvs%2Fbanner_1.jpg  (Risk rate 10 out of 10 RED)
htxp://60.210.11.231/file/MDAwMDAwMDGSJcByiJiZn3rq0LglSSlmpMcl_EJPHghyPvUhjxW-2w../209c2a443f46eb26807ff78378f7ad8d17d786cd/10958773-vxd-UG&  -> https://www.virustotal.com/nl/url/486f4c473bf280bd41c5cc62f02f4272e424f7c7211f583249061b3fe93e2668/analysis/1398518686/
url after redirect: htxp://60.210.11.231/lvs/redirect.html?kne=&d=0823C937 (flagged by avast! Webshield as URL:Mal).
-> http://urlquery.net/report.php?id=1398515062630
Trying to redirects to:  htxp://www.dbank.com/ping.php?js=all?v=1.26.23"%3B  -> htxp://www.dbank.com/ping.php?js=base
Emisoft is the only one to flag next to avast! shield.

pol

P.S. Everybody should be aware of the banner abuse by Zeus: http://www.gfi.com/blog/beware-malware-banner/
link article author = Mohammed Ali  (actually old info from 2011, then new but now still actual)

D

[Matthew_Wai]

After disabling "Block malware URLs" I could download and save the banner on http://60.210.11.231/lvs/banner_1.jpg
It read "NO THREAT FOUND" after manual scanning
The URL might have been blacklisted mistakenly.

[HonzaZ]

Hi,
This IP was blocked 21. June 2013, 11:38 because of this file we spotted:
hxxp://60.210.11.231/file/mdawmdawmdhmzntt3gw_6vm8w34pwr1wsbqbat_3thhkqpgcslagnq../ba97b7fbf4ab948d7ceb62df1626d016fbc97/%e9%97%ae%e9%97%ae%e5%ad%a6%e5%a0%82%e8%87%aa%e5%8a%a8%e7%ad%94%e9%a2%98%e5%99%a8beta%203.85.rar?key=aaabqfhcyxi8vv6i&p=&a=4022865-af11
I hope the infection has been cleared already, so I am unblocking the IP now;-).
Honza

[Matthew_Wai]

Do you mean avast will block a whole site just because a single file is infected?