@HS2234

Probably this was a hidden iFrame redirect. A “payload”??? Well viruses may also contain a payload that performs other actions, often malicious. That is called a (malicious) payload. Here we had an instance of suspicious code that the avast Webshield detected and flagged…

Probably it already has been cleansed there…
This was the code that was found there ealier with a scan at 2012-01-20 12:19:50 to be precise…
dsp.apsmediaagency dot com/dsp.php?class=MzM2fDcyOHg5MA== benign
[nothing detected] dsp.apsmediaagency dot com/dsp.php?class=MzM2fDcyOHg5MA==
status: (referer=wXw.google.com/trends/hottrends)saved 2590 bytes d9c4fb22ef1a7ab68360674e4b7b34e4421cf715
info: [decodingLevel=0] found JavaScript
error: undefined variable c1
error: line:24: SyntaxError: missing } in XML expression:
error: line:24: document.location.href = ‘htXp:/amc.convomedia.com/p.php?r=’ + c1 + ‘|’ + c2 + ‘|’ + c3;
error: line:24: … ultimately going -^ IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=1 HEIGHT=1 SRC=“dsp_serve dot php?class=MzM2fFVTfDAuMDAwNTY3”^

@winmaltech Why you should copy what I already posted

Can you give the URL as a non-live-link, so hxtp or wXw etc.? Then we can see what may be out there?

And if the vicitim should scan for evental remainders of that incident, he should scan the whole of Local → Google etc.

polonus

Nope… it is not down
http://www.downforeveryoneorjustme.com/http://dsp.apsmediaagency.com/dsp.php?class=ODE1fDE2MHg2MDA=

if you are quoting sucuri it say: Unable to properly scan your site. Site empty (no content).
and this you can see here urlQuery http://urlquery.net/report.php?id=32188

zscaler
http://zulu.zscaler.com/submission/show/46623d8d72a3d21b7871fac056170000-1331910339

That was because the OP misquoted the domain.

Hi Pondus and Asyn,

Well with WebBug I executed GET for hxtp://dsp.apsmediaagency.com/dsp.php?class=ODE1fDE2MHg2MDA=
and got->

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 16 Mar 2012 15:27:47 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 205
Connection: close
Vary: Accept-Encoding

404 Not Found

Not Found

The requested URL /dsp.php was not found on this server.

polonus

I scanned local - google with avast and mbam… nothin found… But since chrome has sandbox nothing woulda happned right?

anybody?

you are safe and clean dont worry!