Is this site blacklisted?

This site, -http://kaspersky.ee is in Dr.Web malicious sites list!
See: http://urlquery.net/report.php?id=11916
See suspicious code there: -www.google-analytics.com/ga.js suspicious
[suspicious:2] (ipaddr:72.14.204.101) (script) -www.google-analytics.com/ga.js
status: (referer=kaspersky dot ee/)saved 32614 bytes 3f31577e302ac3a4836068cc4777677bf2677855
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
bad iFrame scanner results:

No zeroiframes detected!
Check took 1.50 seconds

(Level: 0) Url checked:
-http://kaspersky.ee
Zeroiframes detected on this site: 0

(Level: 1) Url checked: (script source)
-http://kaspersky.ee/templates/kaspersky_ee/js/dynapi.js
Zeroiframes detected on this site: 0

(Level: 2) Url checked: (script source)
-http://kaspersky.ee/templates/kaspersky_ee/js/path_to_script/dhtmlapi.js
Blank page / could not connect

(Level: 1) Url checked: (script source)
-http://kaspersky.ee/templates/kaspersky_ee/js/func.js
Zeroiframes detected on this site: 0

(Level: 1) Url checked: (script source)
-http://kaspersky.ee/templates/kaspersky_ee/js/stm31.js
Zeroiframes detected on this site: 0

(Level: 1) Url checked: (script source)
-http://kaspersky.ee///mc.yandex.ru/metrika/watch_visor.js
Blank page / could not connect

polonus

Hosts a link to hxxp://3dnews.ee.

VT Results: http://www.virustotal.com/file-scan/report.html?id=a6e0b36e80056c870b9b75dc0111e0ec1acfd48ccca7f7519bb80543581d214c-1323904048

I explored this (3dnews.ee) site’s coding and it hosts links to other sites that host links to other sites. They also have a loaded javascript file on the homepage.


Isn’t google-analytics.com/ga.js the Google tracking javascript?

Hi Donovansrb10,

Thanks for delving further into that and the heads-up on the issue. Also good thing avast(&Gdata) is the only one to flag it as JS:Downloader-AXK [Trj],

polonus

Im also using DNS/Norton on the router and it allowed the traffic.

Hi razoreqx,

That is why it should be blacklisted, well DrWeb already has put it on the malicious sites list, as they apparently know that part of the malware theater,. Malware links from ip 92.62.98.10 are probably all dead now. Site served up PHP/BackDoor.AR, PHP.Agent-4, and unknown_html_RFI,

@donovansrb10 -http://3dnews.ee redirects to -http://www.3dnews.ee/est/

polonus

Found the same in my VM as well… I reported that up to DNS/norton as well.

Nice find btw :slight_smile: