Author Topic: Is this a malware site?  (Read 2429 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Is this a malware site?
« on: December 09, 2011, 10:48:14 PM »
Hi folks,

Scanned: http://www.virustotal.com/url-scan/report.html?id=a6f6b5a259fb2f9eb0eb2df8c77fddeb-1323461825  found nothing Given clean at Sucuri's
Suspicion of  UDS:DangerousObject.Multi.Generic malware, residing there.
See: http://r.virscan.org/6502ca9b3d3111c0736b026c60d3c42e
WOT rep very poor rep
Script anomalies
  -inner exception stack trace : var _0xb508=[];

   ReadToken(Boolean previsexpression)
   PeekToken(Boolean previsexpression)
   ContinueExpressionCore(CodeExpression leftexp)
   .ContinueExpression(CodeExpression leftexp)
   (Boolean bthrowerror)
   InternalParseStatementCore()
   InternalParseStatement()
   ParseStatement()
   ParseBlock()
   Parse(String code)
   
   Protect (String code)
   (String[] codes)
   Protect(String cod
   at Jsps._Default.Button1_Click(Object sender, EventArgs e)
Detected here: http://www.virustotal.com/file-scan/report.html?id=d40324772dc3be9d439c8cd99555dbe634626f89393d4c2818bddb2ac2f91365-1323449040
Not detected by avast Dropper/Win32.VB
see: http://camas.comodo.com/cgi-bin/submit?file=d40324772dc3be9d439c8cd99555dbe634626f89393d4c2818bddb2ac2f91365
Malware still alive, see: http://amada.abuse.ch/?search=clubdeleonesn1.com

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: Is this a malware site?
« Reply #1 on: December 09, 2011, 11:09:17 PM »
Quote
Malware still alive, see: http://amada.abuse.ch/?search=clubdeleonesn1.com
naaaa...-http.www.clubdeleonesn1.com/ is alive, but the "FGVb4.exe" is gone

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: Is this a malware site?
« Reply #2 on: December 09, 2011, 11:48:13 PM »
Just found additional information.
Google>NS1.WEBHOSTINGTAMAZUNCHALE.COM> IP Address:173.233.68.3>
And here we go:
http://www.malwareurl.com/ns_listing.php?ip=173.233.68.3

ns24a.turnkeywebspace.com => 173.233.68.3
ns24b.turnkeywebspace.com => 173.233.68.4
(AS40244) TURNKEY-INTERNET
173.233.68.179    Trojan Zbot config file     
Date/Details : 2011-02-28

Also,
Domain matching jklandscapes.com were found in our database.

6 other active domains were found on 6 IP(s) for AS40244 (TURNKEY-INTERNET)
Malicious URLs on jklandscapes.com : /facebook/cfg2.bin
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: Is this a malware site?
« Reply #3 on: December 10, 2011, 12:23:07 AM »
Quote
-http://clubdeleonesn1.com/js/AC_RunActiveContent.js

SOPHOS lab
Quote
SophosLabs has analyzed the submitted file(s) and determined they are not malicious.

AC_RunActiveContent.js -- clean

razoreqx

  • Guest
Re: Is this a malware site?
« Reply #4 on: December 10, 2011, 05:16:11 PM »
Will check into this one myself.    Getting a late start today