htxp://video.baidu.com/ ?
Why is baidu frequently blocked (like in quttera and sucuri)? If the video is loaded from baidu, I don't think it is suspicious at all ???.
You are wrong. VirusTotal doesn’t say it is clean.
VirusTotal makes use of the symbol to indicate that the given file was not detected in any way by the antivirus under consideration. We do not use the word "clean" or "innocuous" because antivirus solutions do not tell you whether a file is goodware, they just flag maliciousness.
Of course that doesn’t mean it is clean.
I keep encounter a glitch in VT that it won’t rescan the file downloaded from the website if a file with same SHA256 checksum have been scan before. This is one of the case, so I’m not sure if it is still clean now. That’s why I’m asking if this is a FP or not.
You keep analyzing website code and questioning detections.
That is a good thing for all of us, very attentive your behavior and certainly helping Internauts.
Site definitely has issues. But we guessed that it is an IP detection mainly.
Javascript check: Suspicious
Then this is absolutly a IP block
A lot of website from that list is block, for example
[b]4399 related websites
ku6 ads related websites
279wo.com
gg.ewang.com[/b]
I have reported some issue related to this site to avast and I still keep the e-mail reponse say that it will be tested. But still it is not blocked. Is RedKit exploit kit safe?
I have reported some issue related to this site to avast and I still keep the e-mail reponse say that it will be tested. But still it is not blocked. [b]Is RedKit exploit kit safe?[/b]
[b]A closer look at the malicious Redkit exploit kit[/b]
http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/
http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/
https://blog.malwarebytes.org/exploits-2/2013/04/redkit-exploit-kit-does-the-splits/
http://blogs.mcafee.com/mcafee-labs/red-kit-an-emerging-exploit-pack
Very legitimate questions about :7k7k.xdwscache.glb0.lxdns dot com,
see: http://totalhash.com/search/dnsrr:7k7k.xdwscache.glb0.lxdns.com
You probably have read that all VIP corporational computers that now make the trip to mainland China,
will make a one-way-trip only. Not that these managerial computers may be full of malware,
but they cannot go back to be hung into the firm’s network on return.
Even computers with just a browser OS, because one visit to facebook or the downgraded Chinese https monitoring sytem (B.F)
make them only fit to be shredded completely - monitoring compromise has sunken in so those computers can no longer be trusted.
I wonder what kind of security these computers will get when making the trip from Hong Kong. ;D
But back on topic now. the site you mentioned is located at an Anonymous Proxy - IP 8.37.230.27
No Snort nor Suricata IDS alerts for resurrected RedKit, Borland Delphi 4.0 heuristic trojans,
and you know yourself how dubious these detections are and they are very FP prone.