problem at my site

Hello

avast make report at my site

please check where this virus link?

rh.net.sa

what does avast say?
attach a screenshot of the avast warning please

http://urlquery.net/report.php?id=1395640299052
Severity level 2

http://quttera.com/detailed_report/rh.net.sa
Suspicious

VirusTotal
https://www.virustotal.com/nb/file/d1c321104a5e6e2bb65f20a750139b2016926da8da45c04a20464de6e2cfb973/analysis/1395945769/

See: rh.net.sa,162.222.212.26,bob.ns.cloudflare.com,Parked/expired,
Well both domain and IP are being blocked by avast! as URL:Mal, rgar is a general detection.
Appears on this list: http://www.cloudflare-watch.org/domains/rba-rhe.html
See potentially suspicious files here: http://quttera.com/detailed_report/rh.net.sa (like Eddy reported)
which may point to obfuscation or shellcode. (unknown html rfi-eval adware code)
See: http://jsfiddle.net/3TG9n/

polonus

Hello,
it looks that there was hosted Sality. Can you confirm that it is clean now? I suggest to change all passwords and update all systems. Then contact us through http://www.avast.com/contact-form.php

Milos

Hello

im delete all files can you check now

VirusTotal
https://www.virustotal.com/nb/file/d1c321104a5e6e2bb65f20a750139b2016926da8da45c04a20464de6e2cfb973/analysis/1396093614/

quttera: http://quttera.com/detailed_report/rh.net.sa

hello

check via your self

http://www.rh.net.sa/webstyles/default/lib/jquery-1.9.0.min.js

it’s empty

and another file delete and make 404

Not empty at all…

You should use at least jQuery version 1.11.0

http://blog.jquery.com/2014/01/24/jquery-1-11-and-2-1-released/

Wondering why a site with the SA TLD is in Arabic(?) though.

Offline Steven Winderlich

im sure i empty the file :slight_smile: it’s cache at avast

Eddy

my site is arabic saudi arabia site ,

and i remove the jQuery file ,

please check again


http://upload.3rby.net/uploads/13960989851.png

Little mix-up.
Thought SA was South Africa, but that is ZA :wink:

See historical badness here for AS: http://sitevet.com/db/asn/AS13335
These results are OK: http://dnscheck.pingdom.com/?domain=rh.net.sa&timestamp=1396115948&view=1

pol

Hello Steven,

avast! is blocking the connection, not the website content itself. As the OP states, it is indeed empty.

@anassatef Based on my analysis, the Quttera results are false positive.

~!Donovan

Yes, its empty.

Havent seen that. :slight_smile:

To see what !Donovan means: http://jsfiddle.net/pU338/

polonus