Author Topic: HTML:Script-inf (Read 3014 times)

andyb · « **on:** June 16, 2012, 03:07:15 PM »

Avast is preventing me from opening xww.disboards.com

I get the following message:

nfection Details
URL:   hxtp://www.disboards.com/|{gzip}
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   HTML:Script-inf

I used urlvoid to scan the site and it came back clean. Is this a false positive?

Pondus · « **Reply #1 on:** June 16, 2012, 03:17:52 PM »

Urlvoid does not scan for infections.....it check if the url is on blacklisted

try sucuri.net and zulu.zscaler.com

you may post result here

andyb · « **Reply #2 on:** June 16, 2012, 03:26:23 PM »

web site:    xww.disboards.com
status:    Verified Clean
web trust:     Not Blacklisted
warn:    vBulletin version outdated: Upgrade required.
    *Cached results from the last 24 hrs.

Security report (Warnings found):
check    Blacklisted:     No
error    Outdated software:     Yes
check   Malware:    No
check   Malicious javascript:     No
check   Malicious iFrames:    No
check   Drive-By Downloads:     No
check    Anomaly detection:     No
check    IE-only attacks:     No
check   Suspicious redirections:     No
check   Spam:   No

andyb · « **Reply #3 on:** June 16, 2012, 03:28:06 PM »

URL: hxtp://www.disboards.com/

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

Referer:

Submitted on 06/16/2012 at 00:24 GMT

Status: finished

Redirections:

HTTP Status Code: 200 OK

Content Size: 135865 bytes

Content Type: text/html; charset=ISO-8859-1

IP Address: 108.171.164.208

Country: United States

Web Server: LiteSpeed
Benign
20/100 Send us feedback

Domain history:
hxtp://disboards.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/yui/connection/connection-min.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_global.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_menu.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_md5.js?v=384 on 06/16/2012 at 06:13 GMT
hxtp://disboards.com/clientscript/vbulletin_read_marker.js?v=384 on 06/16/2012 at 06:13 GMT
More
External elements (up to 10)
URL    Type    Risk
hxtp://www.disboards.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384    script    Benign
hxtp://www.disboards.com/clientscript/yui/connection/connection-min.js?v=384    script    Benign
hxtp://www.disboards.com/clientscript/vbulletin_global.js?v=384    script    Benign
hxtp://www.disboards.com/clientscript/vbulletin_menu.js?v=384    script    Benign
hxtp://www.wdwinfo.com/js/css-ie6.js    script    Benign
hxtp://partner.googleadservices.com/gampad/google_service.js    script    Benign
hxtp://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4ef969ad371af0aa    script    Benign
hxtp://www.disboards.com/clientscript/vbulletin_md5.js?v=384    script    Benign
hxtp://pagead2.googlesyndication.com/pagead/show_ads.js    script    Benign
hxtp://www.disboards.com/clientscript/vbulletin_read_marker.js?v=384    script    Benign
Content checks 0/100
Test    Description    Risk
Phishing Heuristics    Not a phishing page    This check had a neutral impact on the overall risk score.
Zscaler Content Check    No match    This check had a neutral impact on the overall risk score.
Zscaler Obfuscated Javascript Check    No match    This check had a neutral impact on the overall risk score.
URL checks 0/100
Test    Description    Risk
Zscaler URL Check    No match    This check had a neutral impact on the overall risk score.
Suspicious Domain name    URL Domain: disboards has suspicious character score 1.44    This check had a neutral impact on the overall risk score.
SURBL Block    URL Domain Result: None    This check had a neutral impact on the overall risk score.
SURBL Block    Nameserver Domain Result: None    This check had a neutral impact on the overall risk score.
Suspicious Sub-Domain Name    www. has suspicious character score 0.00    This check had a neutral impact on the overall risk score.
Top-Level Domain Risk    TLD of com has risk 0.0    This check had a neutral impact on the overall risk score.
Host checks 10/100
Test    Description    Risk
Netblock Size Risk    Netblock size has size 7    This check increased the overall risk score.
Geo-location Risk    Risk associated with country location of server:    This check had a neutral impact on the overall risk score.
Park/Disabled Domain    Parked domains may indicate that the domain is suspended or has not been used    This check had a neutral impact on the overall risk score.
Autonomous System Risk    ASN has risk 0.0    This check had a neutral impact on the overall risk score.

Milos · « **Reply #4 on:** June 16, 2012, 03:39:10 PM »

Hello,
avast! detect there script tag which goes to "safesurf-check.com".

Milos

!Donovan · « **Reply #5 on:** June 16, 2012, 03:43:45 PM »

Thanks for the confirmation Milos.

@andyb

Also See:
http://forum.avast.com/index.php?topic=99720.0
http://forum.avast.com/index.php?topic=99727.0
http://forum.avast.com/index.php?topic=99733.0

andyb · « **Reply #6 on:** June 16, 2012, 03:46:11 PM »

Thank you! I had searched for HTML:Script-inf but not disboards. Appreciate the quick replies.

Author Topic: HTML:Script-inf (Read 3014 times)

andyb

HTML:Script-inf

Pondus

Re: HTML:Script-inf

andyb

Re: HTML:Script-inf

andyb

Re: HTML:Script-inf

Milos

Re: HTML:Script-inf

!Donovan

Re: HTML:Script-inf

andyb

Re: HTML:Script-inf