No access to trusted site http://www.cwy-jcm.org

Viruses and worms
1

I am receiving a Malicious URL Blocked red pop-up when I go to a trusted site that I visit often. cwy-jcm.org

This is strange as it just started and won’t allow me access to this site through any means.

The site is safe and online.

Thank you for the help.

2

This site gives two re-directs and lands at see: http://urlquery.net/report.php?id=17820
iFrame leads to /iepngfix_tilebg.js not found on that server
I see no alert for that site with DrWeb URL checker →
-http://www.cwy-jcm.org/ redirects to -http://www.cwy-jcm.com/
-http://www.cwy-jcm.com/ redirects to -http://cwy-jcm.com/

Checking: -http://w.sharethis.com/button/buttons.js
File size: 65.98 KB
File MD5: ccc685ab203c6632df6a6c72fc7b7ff4

-http://w.sharethis.com/button/buttons.js - Ok

Checking: -http://cwy-jcm.com/
Engine version: 7.0.0.11250
Total virus-finding records: 2573428
File size: 2892 bytes
File MD5: e83116bcfe63bfbc9f3ba34bc1e29c26

-http://cwy-jcm.com/ - archive JS-HTML

-http://cwy-jcm.com//JSTAG_1[3e0][5c] - Ok
-http://cwy-jcm.com//JSTAG_2[955][1df] - Ok
-http://cwy-jcm.com/ - Ok

Domain report for the AS where that IP also resides: AS Name: PEER1 - Peer 1 Network Inc.
IPs allocated: 445440
Blacklisted URLs: 1069

Hosts…
…malicious URLs? Yes
…badware? Yes
…botnet C&C servers? Yes
…exploit servers? No
…Zeus botnet servers? No
…Current Events? Yes
…phishing servers? No
…spam servers? No
…spam bots? Yes
…spam activity? Yes

Site has previously being hacked, see: http://www.google.com/support/forum/p/Webmasters/thread?tid=0d319c0321905f1a&hl=en seems like an ongoing malware campaign, was via mentioned /iepngfix_tilebg.js not found on that server now anymore. See no issues now,
sucuri gives site clean: http://sitecheck.sucuri.net/results/http://cwy-jcm.com/
web rep status: http://www.webutation.net/go/review/cwy-jcm.com

polonus

3

Hi runningtoday,
The site is safe according to urlQuery

And clean according to VirusTotal

The site is also clean according to Sucuri

You can report a false positive here:
http://www.avast.com/contact-form.php?loadStyles

@Polonus

You beat me to it. ;D

Also, nice confirmation that the site was hacked. :wink:

The .com version is also reported clean by Sucuri, see:
http://sitecheck.sucuri.net/results/cwy-jcm.com

4

Hi Donovansrb10,

Only just by a sec, and the site status has now twice been established clean.
Thanks for confirming my findings,

polonus

5

Thank you for the help!

6

No problem. Glad we could help! :wink: