Avast added site dev.shrem.ru in the blacklist and detected html:script-inf virus. I checked various antivirus but only avast detected virus. Why? On this website virus?
Well avast is not to only one to flag site: http://scanurl.net/?u=http%3A%2F%2Fdev.shrem.ru%2F&uesb=Check+This+URL#results
for instance here: http://zulu.zscaler.com/seen/a3682c48ac171045f6d06be6b21b2fc6-1376854104
and here: http://urlquery.net/queued.php?id=38181191
See: http://antivirus-alarm.ru/proverka/?url=dev.shrem.ru
I see no malcode only this hick up in the code
dev.shrem dot ru/wp-content/themes/shrem/assets/js/jquery.preloader.js benign
[nothing detected] (script) dev.shrem dot ru/wp-content/themes/shrem/assets/js/jquery.preloader.js
status: (referer=dev.shre dot .ru/)saved 1726 bytes 0ceeb5ab9cc72ce75a89355ad20a9b8df1ce50be
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined variable $.fn * reason unconditional echo
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^
suspicious:
polonus
I’m delete it. But avast holds domen shrem.ru in blacklist. I move rhis site on http://flyvion.ru/shrem/ and avast no detecte virus. When avast delete domen shrem.ru from blacklist?
Avast cannot as you see here: http://support.clean-mx.de/clean-mx/viruses.php?domain=shrem.ru&response=
One malware closed, but HTML:Script-inf active and up.
See: http://support.clean-mx.de/clean-mx/view_evidence?id=14232920&table=viruses
Also flagged here: http://scanurl.net/?u=http%3A%2F%2Fdev.shrem.ru%2F&uesb=Check+This+URL#results
See: http://www.mywot.com/en/scorecard/dev.shrem.ru
polonus
See: http://zulu.zscaler.com/submission/show/a3682c48ac171045f6d06be6b21b2fc6-1376854104
Here the loopscan results for that domain:
shrem.ru. 1800 IN SOA NS1.DIGITALOCEAN.COM. hostmaster.shrem.ru. (
1377805532 ; serial
3600 ; refresh (1 hour)
900
; retry (15 minutes)
1209600 ; expire (2 weeks)
1800 ; minimum (30 minutes)
)
shrem.ru. 1800 IN A
82.196.15.131
shrem.ru. 1800 IN NS NS1.DIGITALOCEAN.COM.
shrem.ru. 1800 IN NS NS2.DIGITALOCEAN.COM.
shrem.ru. 1800 IN NS
NS3.DIGITALOCEAN.COM.
Authoritative name servers
DNS Server TTL IPv4 address IPv4 glue IPv6 address Serial no. Query time
ns1.digitalocean.com 345600 4d 198.199.120.125 1377805532 116 msec
ns3.digitalocean.com 345600 4d 198.199.95.114 1377805532 204 msec
ns2.digitalocean.com 345600 4d 141.0.170.89 1377805532 36 msec
Authoritative name servers info
DNS Server IPv4 address BGP Prefix ASN Country Code Registry Date Alocated
ns1.digitalocean.com 198.199.120.125 198.199.120.0/22 46652 US arin 2013-03-27
ns3.digitalocean.com 198.199.95.114 198.199.92.0/22 14061 US arin 2013-03-27
ns2.digitalocean.com 141.0.170.89 141.0.168.0/21 46652 NL ripencc 2011-06-21
SOA record ( NS1.DIGITALOCEAN.COM )
mname (master name) rname (responsible name) serial refresh retry expire minimum
NS1.DIGITALOCEAN.COM hostmaster.shrem.ru 1377805532 3600 1h 900 15m 1209600 14d 1800 30m
NS records from ( NS1.DIGITALOCEAN.COM )
Domain name TTL NS
shrem.ru 1800 30m NS2.DIGITALOCEAN.COM
shrem.ru 1800 30m NS1.DIGITALOCEAN.COM
shrem.ru 1800 30m NS3.DIGITALOCEAN.COM
MX records from ( NS1.DIGITALOCEAN.COM )
Domain name TTL MX records IPv4 address
NO MX RECORDS FOUND.
A records from ( NS1.DIGITALOCEAN.COM )
Domain name TTL IPv4 address
shrem.ru 1800 30m 82.196.15.131
www.shrem.ru 1800 30m 82.196.15.131
AAAA records from ( NS1.DIGITALOCEAN.COM )
Domain name TTL IPv4 address
NOT FOUND
SRV records from ( NS1.DIGITALOCEAN.COM )
Domain name TTL pri weight target IPv4 address IPv6 address
NOT FOUND
List of Performed Tests
Test name Test details Status Indicator
DNS Servers response All name servers for this domain name respond to DNS queries. PASS
Zone serial numbers All name servers for this domain name respond with same serial ( 1377805532 ). PASS
Authority of name servers All name servers respond as authoritative for this domain name. PASS
Required glue records All required glue records on parent server exist. PASS
Glue records match All glue records and A records match. PASS
Existance of NS records All NS records exist in the domain name zone. PASS
NS records match NS records from parent server and authoritative name server match. PASS
Recursive queries All name servers for this domain name don’t respond to recursive queries. PASS
Public zone transfer (AXFR) All name servers for this domain name don’t respond to AXFR queries. PASS
Name servers on public IP All name servers for this domain name are on public IP addresses. PASS
Number of name servers Domain has recommended number of name servers (3). PASS
TTL values on parent server All TTL values on parent server match. PASS
TTL values on authoritative server All TTL values in authoritative records match. PASS
Reverse records of name servers Reverse records of DNS servers match with their IP addresses PASS
NS in different AS NS at least in 2 different autonomous systems thus their availability is not dependent on one network. PASS
NS in different subnets NS at least in 2 different subnets. PASS
Different IPv4 addresses of NS Name servers have different IP addresses. PASS
Server from SOA MNAME as NS record Primary name server ( NS1.DIGITALOCEAN.COM ) from SOA MNAME entry is not listed as primary NS at your parent NS. WARNING
MNAME entry check SOA MNAME entry is syntactically valid. ( NS1.DIGITALOCEAN.COM. ) PASS
MNAME in SOA from all NS All DNS servers return the same MNAME value in SOA record. ( NS1.DIGITALOCEAN.COM ) PASS
RNAME entry check SOA RNAME entry is syntactically valid. ( hostmaster.shrem.ru. ) PASS
Format of serial number The serial number of the zone hasn’t got recommended syntax YYYYMMDDnn. ( 1377805532 ) WARNING
SOA REFRESH value check SOA REFRESH value ( 3600=1h ) is within recommended range 20 minutes to 12 hours. PASS
SOA RETRY value check SOA RETRY value ( 900=15m ) is within recommended range 15 minutes to SOA REFRESH ( 3600=1h ). PASS
SOA EXPIRE value check SOA EXPIRE value ( 1209600=14d ) is within recommended range 14d-31d and is more than REFRESH + RETRY. PASS
SOA MINIMUM value check SOA MINIMUM value ( 1800=30m ) is not within recommended range 1 to 3 hours. WARNING
No MX records found MX records missing at your name servers. ERROR
Domain AAAA records Domain has A records and AAAA records at your name servers. INFO
TTL values in A records All TTL values in A records match. PASS
WWW server on public IP WWW servers for this domain name are on public IP addresses. PASS
WWW CNAME check CNAMEs with A record found for WWW servers. PASS
WWW PTR check Some reverse records don’t exist for some A records.shrem.ru → 82.196.15.131 → (NONE)
shrem.ru → 82.196.15.131 → (NONE)
WARNING
SRV SIP records check No SRV records detected. No further tests performed. INFO
DNSKEY records check No DNSKEY records detected. No further tests performed. INFO
Scanning took 16.637 seconds.
pol
But I set up this site, this data on the http://flyvion.ru/shrem/ and we have http://zulu.zscaler.com/submission/show/28c27b5a93990906f702f54ab6b57af2-1378404352
Why?
I see that is no longer being alerted nor blocked: http://flyvion.ru/shrem/ can be visited without alerts,
polonus