Just wanted to ask if avast will block a site when the site is detected of selling replica items??
this was a reason they blocked my website but left other websites unblocked
i cannot find any logical reason for this.
previously, when they support site was still the old inteface, they helped in solving the issue, but after everything changed, their attitude seemed to have change also…any reason for this?
ScanURL: http://scanurl.net/?u=http%3A%2F%2Fshinewatch.com%2F&uesb=Check+This+URL#results
Sucuri:http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fshinewatch.com%2F
Virustotal:https://www.virustotal.com/en/url/77abb4a5a18030021db34707ab9e62e1b1092abd012ec825fad06781896418ad/analysis/1376585137/
URLQuery:http://urlquery.net/report.php?id=4573703
Zulu: http://zulu.zscaler.com/submission/show/cc5b3b0963dc9eaf8119085661569ffa-1376585286
Quettra: http://www.quttera.com/detailed_report/shinewatch.com
There are many suspicious scripts on the site as you can see in Zulu report…
Thanks you, Steven Winderlich for going over these scans for us.
Some additional info to create the full picture here.
Could have been a general IP block: http://urlquery.net/report.php?id=558113 for malware from the same IP
Info on hoster: Blacklisted URLs: 684
Hosts…
…malicious URLs? Yes
…badware? Yes [
…botnet C&C servers? Yes
…Zeus botnet servers? Yes [
…Current Events? Yes
…phishing servers? Yes
…spam bots? Yes
…spam activity? Yes
See this report from MysteryFMC: http://forum.hosts-file.net/viewtopic.php?f=70&t=1775
Crimeware friendly hoster? http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-ecatel-as29073.html (same link author)
polonus
Seen with jsunpack
shinewatch dot com/catalog/view/javascript/jquery/jquery.cycle.js benign
[nothing detected] (script) shinewatch dot com/catalog/view/javascript/jquery/jquery.cycle.js
status: (referer=shinewatch dot com/)saved 3890 bytes 9ba2698a05384e2187a4e6a1f7aed5937d85f252
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable D.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var D.fn = 1; * exploitable → http://blog.exodusintel.com/tag/exploit/ for var effects via added Button element real…
error: line:1: …^
suspicious:
pol
hi if i delete the suspicious scripts, will the website function properly?
i guess it has to do with hosting…
i just checked… all the same ips got blocked…
guess i have to change better hosting ip …
Hi shinewatch,
Yes, I think you come to some sort of conclusion and it is a valid one. Also consider why here. Security issues as exposing excessive header information that can be abused by attackers:
Running on: Apache/2.2.23
System info: (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.6 Perl/v5.8.8
Powered by: PHP/5.2.17
and the collection of domains on that same IP: http://sameid.net/ip/94.102.48.20/
and they could do this google search query like example for vulnerabilities to attack your site with: http://www.google.com/search?q=front+page+5.0.2.2635+vulnerabilities&btnG=Search&client=flock&channel={flock%3Acontext}&oe=utf-8
polonus