Hi malware script detectors,

See: http://jsunpack.jeek.org/?report=23ec91757a7ceae4affcbfeda5e41238397b743b
Found and flagged here: http://urlquery.net/report.php?id=14946
VT scan result
{“sha256”: “1bbbe50609809186b89cbc94f302ddf220ecdf2f32fb70305682667322a0011d”, “result”: 1, “last_analysis_url”: “/en/url/1bbbe50609809186b89cbc94f302ddf220ecdf2f32fb70305682667322a0011d/analysis/”, “timestamp”: 1350797142, “positives”: 3, “last_analysis_date”: “2012-10-21 05:25:42”, “total”: 32, “url_exists”: true, “reanalyse_url”: “/en/url/submission/?force=1&url=htxp://vogueon.ru/modnyiy-tsvet-volos-osen-2011-zima-2012/fancybox/fancy_shadow_nw.png&token=e6b942a28702b2daea87c87f15361404e83444e66716d4e9567dc197f1aee1fa”}
Suspicious as given here: http://zulu.zscaler.com/submission/show/8af3fe5c65cdc84da800e578f2990bf2-1381592406
Quttera finds many (33) insecurities in the webcode (potential suspicious)
/kak-sdelat-grubyie-pyatki-barhatnyimi-za-4-dnya/index.html
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection. → http://jsunpack.jeek.org/?report=6d73addffa315705e6bfdc5b83977c1b8d26e38e
avast could detect this, when not a FP as JS:Decode-BHU[Trj]
Open with NoScript/ReqestPolicy active and in a virtual machine/sandbox

polonus

Your urlquery scan is old - 2012-10-21

New scan - 2013-10-12 http://urlquery.net/report.php?id=6659311

Hi Pondus,

Thanks, Pondus, for jumping on that and as always - thanks for your valuable comments.
Really appreciate that indeed.
So that means they have cleansed their slate at that site?

The site was just for setting the frame for the example of the iFrame code
more to isolate it and question if there was detection by avast?
Then it does not matter anymore whether it is an old or more recent url query javascript code flag!
So my question was if the isolated iFrame script as given by me is being detected,
by the shields for example?

Damian