Hi Goni,
Detected here: http://www.google.com/safebrowsing/diagnostic?site=maxconline.com
You get the alert as you allow NS in the browser and it directs to:
htxp://presarioproductions.com/maxc and there the
JS:Downloader-RW[Trj] is found… site
DrWeb URL checked: htxp://presarioproductions.com/maxc redirects to htxp://presarioproductions.com/maxc/
Checking: htxp://presarioproductions.com/maxc/Scripts/AC_RunActiveContent.js
File size: 3233 bytes
File MD5: db8f4e6949c0fc0fc9cadf85d02e099a
htxp://presarioproductions.com/maxc/Scripts/AC_RunActiveContent.js - Ok
Checking: htxp://presarioproductions.com/maxc/
Engine version: 5.0.2.3300
Total virus-finding records: 1541554
File size: 10.80 KB
File MD5: 9dd669feb48ef3b580cbbbe99d881a5e
hxtp://presarioproductions.com/maxc/ infected with JS.Redirector.64
partly unrated at URLVoid…but unmasked parasites found it suspicious at
the last time on 2010-07-05.
Malicious software includes 11 trojans, 10 exploits, 8 scripting exploits. Successful infection resulted in an average of 2 new processes on the target machine.
Malicious software is hosted on 6 domains including kemidi.in/, which is a Latvia site with following threats:
Threats found: 3
Here is a complete list:
Threat Name: MSIE Java Deployment Toolkit Input Invalidation
Location: htxp://kemidi.in/x/?src=sftmaster&id=qqq&o=o
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: htxp://kemidi.in/x/?src=kostes&id=media&o=o&ID=18254&fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qTTZlM002TWpvaWFXUWlPM002TmpvaU5ESTVNak0wSWp0ek9qRXlPaUpoWkhabGNuUnBjMlZmYVdRaU8zTTZOam9pTVRBMk56RTNJanR6T2pRNkltdHdjR2tpTzNNNk5Eb2lNalk0T1NJN2ZYTTZNem9pYldRMUlqdHpPak15T2lKaU0yRTNZakk0WWpNeFlUQTNNV1l5TldVNVpXUm1abVZrWmpObVltTXhZaUk3ZlE9PQ%3D%3D
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: htxp://kemidi.in/x/?src=kostes&id=media&o=o&ID=18254&fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qTTZlM002TWpvaWFXUWlPM002TmpvaU5EWTNNakkxSWp0ek9qRXlPaUpoWkhabGNuUnBjMlZmYVdRaU8zTTZOam9pTVRBMk56RTNJanR6T2pRNkltdHdjR2tpTzNNNk5Eb2lNVFF4T0NJN2ZYTTZNem9pYldRMUlqdHpPak15T2lKbVptWTBaV00xT1RsbU1XRTNZamMxWldGbFpUZzBZak5sTmpBeU1qWXlOQ0k3ZlE9PQ%3D%3D
dsystem.serveirc.com/, maybe cleansed now…
vipemu.in/.
Threats found: 1
Here is a complete list:
Threat Name: MSIE Java Deployment Toolkit Input Invalidation
Location: htxp://vipemu.in/x/?src=sftmaster&id=ust111&o=o
1 domain appears to be functioning as intermediaries for distributing malware to visitors of this site, including dsystem.serveirc.com/.
This site was hosted on 1 network(s) including AS26496 (PAH).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, wxw.presarioproductions.com appeared to function as an intermediary for the infection of 1 site including maxconline.com/.
see attached gif image