Is this site malware or no? and something weird happen

Viruses and worms
1

I was looking up about a/c filter which way does the arrow go… and i saw this link on bing
hxxp://besthomeairpurifier1.com/air-conditioner-filter-which-way-does-arrow-go.htm/
It opened notepad with something weird instead of loading… got me thinking is the page malware? Do you all get the same results? its so weird why open it download a document without me telling it to and open it in notepad? I’m running a scan of my pc with mbam and sas to make sure nothing happened… Just saying its weird right? Note: It did this in IE9

2

It does the same in Firefox and opera and other browsers i think… it doesn’t load a site… in other browsers that isn’t IE it asks if you want to download the file or not… its not just the page it goes to its the site itself as well… Scan came out clean… but its still very weird

3

Could have been through a recent WP hack, site has WordPress issues, see: http://sitecheck.sucuri.net/results/besthomeairpurifier1.com/air-conditioner-filter-which-way-does-arrow-go.htm/ Page Risk Index (heuristics)
Suspicious code returned ////1: ? ?? ]^^^^{ 6 ;S ( O ;?I e ; # =; ^^ R? I P$C^etc.////
I get a warning for XSS attack code,

polonus

4

Well you have to cleanse your browser history cache from this content, this is just some trojan html malware avast detects in your browser. Good we have avast there! Code is malicious and online scanners do not detect. Thanks for the heads-up,

polonus

5

Why would you go to the potentially malicious site at hand with in a different browser to see if you get infected…? ::slight_smile:

6

I went to the site to see um if well it auto downloads the weird file auto without me telling it to like it did in IE

7

So you’d risk the possibility of an exploit that wasn’t executed successfully that runs the file in a different mode e.g executable? I wouldn’t take risks like that.

8

The file was only detected when scanning the browser cache afterwards. The site’s content can be examined only through third party scanners, malzilla with sandbox and with a special file-viewer also in secure settings (sandboxed, script blocking etc.). To experiment opening such a site in various common browsers is playing out a considerable risk, because malcode could escape the browser, could infect the OS, could interfere with the networksettings etc. etc.
As far as I can see now taking the browser history cache to the chest would be the most secure option, as this malware apparently goes under the detection radar so far. Never go to live malcode directly in one of the main website browsers…that is playing with fire,

polonus