See: https://www.virustotal.com/nl/url/4340acc100bfc87389195a380b316e21a780a4d315c8c5d7fa9044da5e42f921/analysis/1416682177/
Only detected by Symantec: https://www.virustotal.com/nl/file/9f7dfc4070f7c434a8f1b15e18ab17037185e49ef66bbca48eb43936d79e574a/analysis/1416598898/
Blacklisted by Quttera’s: http://quttera.com/labs-data-url/dl.wanqianbox.com
Outdated software makes the site vuln.: Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.6
IP badness history: https://www.virustotal.com/nl/ip-address/122.228.68.149/information/
http://www.herdprotect.com/ip-address-122.228.68.149.aspx & http://www.urlquery.net/report.php?id=1403564500005
& http://totalhash.com/network/ip:122.228.68.149
It is a user based detection:
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
polonus