Hi.
Avast writes ‘URL:Mal’ alert on my site (ismeretlenek.com) and ‘HTML:Script-inf’ on another site (hellostrange.rs).
Virustotal scan: -ismeretlenek.com: https://www.virustotal.com/hu/url/3e373c4b3fbd51c00fa63c93d3c0d4be405599d1ad86aff4e9e508d1a1d174f8/analysis/
-hellostrange.rs: https://www.virustotal.com/hu/url/05e35bf3789687d9a8bc884da6936c756cfa4d5456631cb3b9901b02ed0c78f6/analysis/1382534216/
http://zulu.zscaler.com/submission/show/a326188c8fd7bb5218da88a28d9c70a7-1382534474
http://zulu.zscaler.com/submission/show/98a40430eec56f5a6e9f59b8ebcfb736-1382534518
It writes the site is Benign.
There isn’t any virus scanners except Avast, which say the website isn’t safe.
URL:mal means the url or IP is on a blacklist.
the IP (192.3.90.172) is on one lst here. http://whatismyipaddress.com/blacklist-check
can you attach a screenshot of the avast message that say HTML:Script-inf’
Probably the Zscaler IP Reputation IP address has been identified as risky by one/more sources was the cause of the detection.
See code hick-up here:
code.jquery dot com/undefined benign
[nothing detected] (element) code.jquery.com/undefined
status: (referer=code.jquery dot com/jquery-2.0.2.min.js)saved 11101 bytes 703f09fcf517f353d4f11e8890a856cf77d2b625
info: [script] codeorigin.jquery dot com/jquery-wp-content/themes/jquery/js/modernizr.custom.2.6.2.min.js
info: [script] ajax.googleapis dot com/ajax/libs/jquery/1.9.1/jquery.min.js
info: [script] codeorigin.jquery dot com/jquery-wp-content/themes/jquery/js/jquery-migrate-1.1.1.min.js
info: [script] codeorigin.jquery dot com/jquery-wp-content/themes/jquery/js/plugins.js
info: [script] codeorigin.jquery dot com/jquery-wp-content/themes/jquery/js/main.js
info: [script] use.typekit dot net/wde1aof.js
info: [img] codeorigin.jquery dot com/jquery-wp-content/themes/jquery/content/books/learning-jquery-4th-ed.jpg
info: [img] codeorigin.jquery dot .com/jquery-wp-content/themes/jquery/content/books/jquery-in-action.jpg
info: [img] codeorigin.jquery dot com/jquery-wp-content/themes/jquery/content/books/jquery-succinctly.jpg
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 234 bytes
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
error: undefined variable s
and
pagead2.googlesyndication dot com/pagead/ads.js benign
[nothing detected] (script) pagead2.googlesyndication dot com/pagead/ads.js
status: (referer=ismeretlenek dot com/)saved 19686 bytes 82e7446341de1dc7c6e1a1b40d77238c05e40082
info: [decodingLevel=0] found JavaScript
error: line:4: SyntaxError: missing ; before statement:
error: line:4: ;“,p,“impl=true;id=”,c.id,';id=”‘,g,’“;time=',v,”;“,b?'experiment=”‘+b+’“;':”“,h?'mode=”‘+h+’“;':”“,m?'experiment=”‘+m+’“;':”",k
error: line:4: .^
error: ./pre.js:96: out of memory *
error: ./post.js:36: out of memory * (* probably caused by overriding the toolkit script - note by me, polonus)
info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP, 195 bytes
info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera and browser=Firefox, 0 bytes
info: Decoding option browser=IE8/Vista, 64 bytes
info: [javascript variable] URL=pagead2.googlesyndication dot com/pagead/js/r20131017/r20130906/impl.js
info: [script] pagead2.googlesyndication dot com/pagead/js/r20131017/r20130906/impl.js
info: [decodingLevel=1] found JavaScript
file: 82e7446341de1dc7c6e1a1b40d77238c05e40082: 19686 bytes
file: 4c8b0fbe3d7a4571cface2945a43c92186ba410f: 195 bytes
Quttera scanner finds this potentially suspicious file:
code.jquery.com/jquery-2.0.2.min.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar234156617 = eval; *
Threat dump: see: http://jsunpack.jeek.org/?report=1377da1ba711c756b54cfcc1ab059319e5fb2438
(view in browser with NoScript & RequestPolicy extensions active and in a VM)
File size[byte]: 83501
File type: ASCII
MD5: 6E18B5A96B1A354C922A5BBA3D80CD13
Scan duration[sec]: 0.767000
On the eventual insecurity implications read: http://berniesumption.com/software/eval-considered-useful/ link author = berniecode
See general insecurity advice here: https://asafaweb.com/Scan?Url=ismeretlenek.com
Excessive headers: warning & c;ickjacking warning
If avast is the only one to flag, report the false positive to Avast at: http://www.avast.com/contact-form.php
polonus
Hi magic93
See:
Domain Name: ISMERETLENEK.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: [link removed] Name Server: NS1.AFRAID.ORG
Name Server: NS2.AFRAID.ORG
Name Server: NS3.AFRAID.ORG
Name Server: NS4.AFRAID.ORG
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 05-aug-2013
Creation Date: 21-may-2013
Expiration Date: 21-may-2014
Why was Referral URL: [link removed] Name Server: NS1.AFRAID.ORG?
As I get a fail here:
I was unable to connect to the SMTP port on 69.197.18.182. I only waited 5 seconds, so it may be that your mail server is slow, or may not be responding. Skipping further tests for 69.197.18.182 FailQuote from DNSsy - recent scan
polonus
Magic…
“IP address has been identified as risky by one/more sources”
That means NOT only avast is reporting it as dangerous (or at least suspicious)
Can you tell me the reason why it has been identified as risky?
http://i43.tinypic.com/1zch3lt.png
http://zulu.zscaler.com/submission/show/27ae89901557e85430d49108c03b03cd-1366933141
???
I get too many errors for file “_index_defaultpage.html” for http://ismeretlenek.com/ and avast blocks that as URL:Mal
see: http://urlquery.net/report.php?id=7094423
These are the DrWeb online url checker results:
Checking: htxp://pagead2.googlesyndication.com/pagead/show_ads.js
File size:19.22 KB
File MD5:aefcbf57a15bb1da28f55af7aee1965a
htxp://pagead2.googlesyndication.com/pagead/show_ads.js - archive JS-HTML
htxp://pagead2.googlesyndication.com/pagead/show_ads.js/JSTag_1[4aee][1f8] - Ok
htxp://pagead2.googlesyndication.com/pagead/show_ads.js - Ok
Checking:htx://ismeretlenek.com:443/socket.io/socket.io.js
File size:73.00 KB
File MD5:dfcd0f8a4ea58a14c1bc5bad5b22cf04
htxp://ismeretlenek.com:443/socket.io/socket.io.js - Ok
Checking:htxp://ismeretlenek.com/js/devnull.js
File size:5062 bytes
File MD5:a50d7d4db4d59b300a824415f98552cb
htxp://ismeretlenek.com/js/devnull.js - archive JS-HTML
htxp://ismeretlenek.com/js/devnull.js/JSFile_1[0][13c6] - Ok
htxp://ismeretlenek.com/js/devnull.js - Ok
Checking:htxp://ismeretlenek.com/
Engine version:7.0.5.6250
Total virus-finding records:4593111
File size:10.90 KB
File MD5:ed5f6bdd20b20bd966dbfc8e1609d308
htxp://ismeretlenek.com/ - archive JS-HTML
htxp://ismeretlenek.com//JSTAG_1[13d8][10a] - Ok
htxp://ismeretlenek.com//JSTAG_2[2a44][138] - Ok
htxp://ismeretlenek.com//JSTag_3[13dd][105] - Ok
htxp://ismeretlenek.com/ - Ok
polonus
Some interesting false virus alert. Avast blocked the IP address for nothing. :-*
You are wrong. Avast blocks it because it is blacklisted.
I suggest you stop using that site. That domain is for sale it is not a trusted site.
At the top it clearly says: “Click here to buy Whatismyipaddres.com for your website name!”