What is this? See: http://urlquery.net/report.php?id=115995
Header request for: htxp://195.210.47.239/main.php?page=497eb35d05fab508
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Tue, 07 Aug 2012 23:28:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1~dotdeb.1
Content-Encoding: gzip
Content by request returned: 1: The file /var/www/main.php is corrupted.

Someting there with the loader?

Can anyone explain, does this come from main.php?page etc.?

polonus

Hi forum friends,

Soon found out the answer while requesting again this url with Webbug: htxp://195.210.47.239/main.php?page=497eb35d05fab508 (malcious).
This all is through the workings of the much-praised avast Webshield blocking this malcious request to this site as URL:Mal
So keep your avast Shields up to be really better protected,

polonus

Hi Polonus,

Using the TRACE request we get attached.

~!Donovan

Hi !Donovan,

Thanks for the additional verification. Browser dependant malware from there as well.
Our users should fully update and patch their OS and third party software always to be protected against all of Blackhole exploit kit’s exploits used that may slip through. Avast to protect,but fully updated and patched software to be even better all-round protected!
Check your software using secunia’s OSI: http://secunia.com/products/consumer/osi/online/

polonus

Hi !Donovan,

But something is wrong on their server side, see: GET /main.php?page=497eb35d05fab508 HTTP/1.1
Host: 195 dot 210 dot 47 dot 239 and the this is being returned a HTTP/1.1 500 Internal Server Error Content-Type: text/html
Probably they used an invalid content type,

polonus