Hello! Could you tell why the anti-virus blocks the site hxtp://haxs.ru/ ?
Here check this site, the various services
https://www.virustotal.com/ru/url/bc389fd559e46f4c6d47b8a60e62edc651d3c1059f08a160832fb171cc1f8a00/analysis/1384654139/
http://zulu.zscaler.com/submission/show/084165264e0c785d0f90f65380a54251-1384653806
http://quttera.com/detailed_report/haxs.ru
http://jsunpack.jeek.org/?report=838ed31b64aaece68c5eac44a26e8971f38330c2
http://evuln.com/tools/malware-scanner/haxs.ru/
urlQuery: http://urlquery.net/report.php?id=7766418
Intrusion Detection Systems ET RBN Known Russian Business Network IP (91)
Russian Business Network http://en.wikipedia.org/wiki/Russian_Business_Network
and if you look under Recent reports on same IP/ASN/Domain you find Domains using same IP as Your site that has malware alerts
Like this one http://urlquery.net/report.php?id=7708640 and this http://urlquery.net/report.php?id=7695089
And may I note: Avast 2014 is not blocking it here. I’ve attached a ScreenShot. Why are their GIrls with minimal clothing and you advertising hacking tools? I’d say it’s a llittle more then just a RBNIP
Website is straight through blocked for me. :o
Well good friends, there is an alert on the javascript check performed and well for this:
Suspicious =15 location: http://www.haxs.ru/ cache-control: private ...and I get a 404 suspicious error page:
Suspiciousand this is blocked by avast! webshield too: htxp://csomsk.ru/load/razdel_ucoz_vse_dlja_web_mastera/stranica_404_htm_dlja_ucoz/prikolnaja_stranica_404_dlja_ucoz/74-1-0-3002 tp to see what is out there ->: http://jsunpack.jeek.org/?report=df1e3ea2df631d026b1faa31ae03fbfd036e5d5f (view in sandboxed browser with script blocking enabled)Suspicious 404 Page: .ru/prikolnaja_stranica_404_dlja_ucoz.png" alt="ð�ð¾ñ�ðµñ�ñ�ð»ð¾ñ�ñ�...">ð�ð°ð´ð½ð¾, ñ�ð²ð°ñ�ð¸ñ�
and a code hick-up here:
s23.ucoz dot net/src/ulightbox/ulightbox.js benign
[nothing detected] (script) s23.ucoz dot et/src/ulightbox/ulightbox.js
status: (referer=csomsk dot ru/load/mastera/404_ucoz/404_ucoz/74-1-0-3002)saved 22591 bytes 9687751a4a2265d6b5323287300be31278e07f6d
info: [img] s23.ucoz dot net/src/ulightbox/{href}
info: [embed] s23.ucoz dot net/src/ulightbox/{href}
info: [decodingLevel=0] found JavaScript
suspicious: m
This situation is not very encouraging - 476 websites on one and the same IP: http://sameid.net/ip/193.109.246.157/
This scan is confirming the avast! blacklisting →
Scan is 100/100% malicious: http://zulu.zscaler.com/submission/show/084165264e0c785d0f90f65380a54251-1384694070
and this info concernung the very external link flagged by Zulu Zscaler:
http://jsunpack.jeek.org/?report=7d26cad4568d356c9135954dfa0f75385aceac50
(but I have to mention the javascript was not found on that server)
but that link has a very bad web rep
→ http://www.mywot.com/en/scorecard/file-space.org?utm_source=addon&utm_content=rw-viewsc (read user reviews)
storage place for dubious material.
polonus
Okay, so very bad. Thanks for showing. Although I must asked, why is Avast! not blocking it for me?
Program: 2014.9.0.2006
VPS: 131103-1
It won’t update. Host unreachable. Link to manual VPS update please
Link to manual VPS update please
links to bookmark ( they are all found at www.avast.com > support > xxxxxx ) 8)
avast.com > support > downloads > software updates http://www.avast.com/en-eu/download-update
avast.com > support > FAQ http://www.avast.com/en-eu/faq.php?q=2014’
Hi alan1998,
Why is avast! not blocking. Did you somehow disable the shields? Are they active and running. Whenever shields not enabled you have lost a great part of your online protection and avast blacklisting capacity.
Remember, always and under all circumstances keep the avast! shields up and running!
polonus
Thanks Pondus
@Polonus, Avast! shields are running. Just not being blocked for me. Is my password set on Avast! maybe causing the issue?
Downloaded, Bookmarked and updated Avast! It’s not being blocked
Still blocked here.
Newest version and database.
Whoops. Missed typed that. It is being blocked. My bad. Someone needs to kill him link. I reported it by no one has done anything
As zulu and jsunpack report, there are either suspicious or malicious files or both in play. Is this more a case of wanting to access and not believing third-party scanning results or frustration in not being able to do so?
Better yet, change http to hxxp to prevent accidental clicking of a live infected site.
I’d stay away as it looks as if the your site is currently hacked.
avast! blocked site for me: See attached .jpg.
Hi mchain,
Whenever avast has appropriate detection, some folks still go into denial mode and question the detection.
In this case it is not a false positive, but a valid detection of an external link going to malcode at → s23.ucoz dot net.
My advice therefore would also be to leave the site as long as it is malware laden,
pol
That, I believe is the hack, that external link that should not be there. Thanks, Pol.