See: htxp://zulu.zscaler.com/submission/show/d83157557f2b26bb11d0f4d80f6596b3-1330799725
and
htxp://vscan.urlvoid.com/analysis/b82a50eded0c80ac672a2ddee61ce289/bWlrYWk=/
and
hxtp://urlquery.net/report.php?id=27652
polonus
See: htxp://zulu.zscaler.com/submission/show/d83157557f2b26bb11d0f4d80f6596b3-1330799725
and
htxp://vscan.urlvoid.com/analysis/b82a50eded0c80ac672a2ddee61ce289/bWlrYWk=/
and
hxtp://urlquery.net/report.php?id=27652
polonus
For the following instance we explore: hxtp://urlquery.net/report.php?id=27873 (no JS/Blacole.BV.1 or request alerts there)
and hxtp://zulu.zscaler.com/submission/show/b1657314011d599f207c8e3698363623-1330898401 100/100 malicious
Nothing detected here: htxp://vscan.urlvoid.com/analysis/9794bdae2eff397ea86285dd3626df78/aW5kZXgtaHRtbA==/
But then we go here: hxtps://www.virustotal.com/url/51b8f552e2b7dff010ba76fd7e248f79169c56031408f0eaaab8fa2c6061a24b/analysis/1330898595/
and upon trying to open the wepawet report from the additional info on the VT scan result page, the avast Webshiled detects and blocks the code there as
JS.ScriptSH-inf[Trj], so again would it have been there it would be neatly blocked by the avast Webshield,
polonus