Author Topic: Need Someone to Test This Site Sandboxed. (Read 2908 times)

Jack 1000 · « **on:** May 12, 2012, 07:43:00 PM »

Dear Avast,

Please sandbox and test ghostvillage.com. About two years ago, Avast warned of a virus there, and a few weeks ago, I got a report from an Avast user who said that he/she went to the site and got a virus warning. However, checks with Virus Total, URLVoid, and Brightcloud show a clean site. Is this a FP that was not cleared?

Jack

DavidR · « **Reply #1 on:** May 12, 2012, 07:55:23 PM »

Two years and a few weeks ago are ancient history in terms of infected sites as the avast web shield is doing a live scan. So you can't chase possible FPs on old results.

No alert by avast on the site when I just visited it using firefox 12.0.

Pondus · « **Reply #2 on:** May 12, 2012, 08:27:53 PM »

Zulu report risky IP address by one or more sources
http://zulu.zscaler.com/submission/show/c85aeaac955724eadd0969abf582758c-1336846467

!Donovan · « **Reply #3 on:** May 12, 2012, 09:21:50 PM »

http://urlvoid.com/scan/ghostvillage.com/

No other site with the IP of 67.227.172.79. $:-\$

polonus · « **Reply #4 on:** May 12, 2012, 11:33:30 PM »

Hi !Donovan & Jack 1000,

I see a misused or defaced server history for that IP range. So there must be server issues for domains on that range have been defaced.
Let us see; server gives away to the world and hackers all of the version and also via the system info under certain circumstances
see: htxp://sitecheck.sucuri.net/results/ghostvillage.com/ under system details - safersite.de does not give this for the scan...
(this could be easily remedied: http://nixcraft.com/getting-started-tutorials/746-apache-php-web-server-security-hiding-version-information.html (link author = Nixcraft)). OK here: htxp://urlquery.net/report.php?id=54520
One code hick-up flagged: pagead2.googlesyndication dot com/pagead/ads.js benign
[nothing detected] (script) pagead2.googlesyndication dot com/pagead/ads.js
status: (referer=wXw.ghostvillage.com/)saved 10516 bytes ce5e416db4e9b7dbd24e979fefe8d7e9bea43dc3
info: [decodingLevel=0] found JavaScript
suspicious,

polonus

Jack 1000 · « **Reply #5 on:** May 13, 2012, 12:36:23 AM »

Quote from: polonus on May 12, 2012, 11:33:30 PM

Hi !Donovan & Jack 1000,

I see a misused or defaced server history for that IP range. So there must be server issues for domains on that range have been defaced.
Let us see; server gives away to the world and hackers all of the version and also via the system info under certain circumstances
see: htxp://sitecheck.sucuri.net/results/ghostvillage.com/ under system details - safersite.de does not give this for the scan...
(this could be easily remedied: http://nixcraft.com/getting-started-tutorials/746-apache-php-web-server-security-hiding-version-information.html (link author = Nixcraft)). OK here: htxp://urlquery.net/report.php?id=54520
One code hick-up flagged: pagead2.googlesyndication dot com/pagead/ads.js benign
[nothing detected] (script) pagead2.googlesyndication dot com/pagead/ads.js
status: (referer=wXw.ghostvillage.com/)saved 10516 bytes ce5e416db4e9b7dbd24e979fefe8d7e9bea43dc3
info: [decodingLevel=0] found JavaScript
suspicious,

polonus

Thanks much Polonus!

This site should be watched IMO based on this new information.

Jack

Author Topic: Need Someone to Test This Site Sandboxed. (Read 2908 times)

Jack 1000

Need Someone to Test This Site Sandboxed.

DavidR

Re: Need Someone to Test This Site Sandboxed.

Pondus

Re: Need Someone to Test This Site Sandboxed.

!Donovan

Re: Need Someone to Test This Site Sandboxed.

polonus

Re: Need Someone to Test This Site Sandboxed.

Jack 1000

Re: Need Someone to Test This Site Sandboxed.