Faux Avertissement

system · October 13, 2013, 4:30pm

Bonjours,
J’ai acheter avast
mais maintenant quand je veut aller sur mon site que je fait pour le loisir il me dit que c’est un cheval de trois alors qu’il n’y a que des images et un mp3 sur le serveur !!
Le lien http://thehurr-durr.tk (Il n’y a pourtant pas de virus)
Lien virus total https://www.virustotal.com/fr/url/52e1f666c104ce110fd674cb955ded35ccdaf0f4f68caf9fb3035b1326a6cea6/analysis/1381681057/
Merci de faire quelque chose

essexboy · October 13, 2013, 4:36pm

It has some very suspicious java scripts on the site http://zulu.zscaler.com/submission/show/42abe927b9b37ea40a341db184251686-1381682059

system · October 13, 2013, 4:41pm

And now ?
Thanxs

essexboy · October 13, 2013, 4:46pm

We will need to wait for one of the website experts to look at the specific problem

Pondus · October 13, 2013, 4:57pm

suricata filter give alarm http://urlquery.net/report.php?id=6693013
Recent reports on same IP/ASN/Domain and you find website uing same IP With this alarm http://urlquery.net/report.php?id=4553954

system · October 13, 2013, 5:13pm

Bon bah c’est pas grave je vais le fermer alors

Para-Noid · October 13, 2013, 5:58pm

I’m not as expert as polonus but I found this https://asafaweb.com/Scan?Url=thehurr-durr.tk
I found quite a few “404 errors”. This report showed some “clickjacking” exploits.

You may want to wait for polonus to respond. He uses more tools than I can count.

polonus · October 14, 2013, 2:07pm

See the history of the site here: http://urlquery.net/queued.php?id=46287022
This detailed report: http://www.quttera.com/detailed_report/thehurr-durr.tk
And this: thehurr-durr dot tk/jquery.js?v=86c benign
[nothing detected] (script) thehurr-durr dot tk/jquery.js?v=86c
status: (referer=thehurr-durr dot tk/)saved 93868 bytes 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined function q.getElementsByTagName
error: undefined variable q
suspicious:
Michael Scheidell on Emerging Threats reports for the IDS alerts: This is a good hit of course, the sig isn’t intended to
cover known bad, but alert that you’ve got someone going to .tk, which is 99.999% abused. Bad registrar and a lot of abuse.

So a site to shun and block, also because a known PHISH: http://support.clean-mx.de/clean-mx/phishing.php?ip=31.170.165.118&sort=id%20DESC

How many bad apples are there in one IP basket? See: http://sameid.net/ip/31.170.165.118/

polonus

jeffersonsant · October 15, 2013, 1:29am

url a été déverrouillé
fixé a été à jour VPS 131014-1

url was unblocked
was fixed in VPS update 131014-1.

system · October 15, 2013, 6:05pm

Elle a été déverrouiller c’est dire ?
Merci

Faux Avertissement

Announcements