See: http://urlquery.net/report.php?id=6265493
Nothing here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fapron090611news.cocolog-nifty.com
polonus
See: http://urlquery.net/report.php?id=6265493
Nothing here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fapron090611news.cocolog-nifty.com
polonus
See: Object: htxp://apron090611news.cocolog-nifty.com/
SHA1: 41b197f055bf3cb1744fdb84fb42e635f5d5dbb7
Name: TrojWare.JS.Iframe.mh → http://zulu.zscaler.com/submission/show/39d1b524b549603ee0a7259e58fe1fde-1380789544
Going to that site avast! Web Shield blocks this address/|{gzip} as JS:iFrame-EO[Trj]
We have detection and are being protected!
pol
P.S. Some malicious history: https://www.virustotal.com/en/ip-address/202.248.45.8/information/
D
Hi, i think avast has problem with “lostwebtracker” which is included to page by script in banner-description.
there is hidden iframe that load page, but its not tracker… it just shows google ads as far i can see.
quttera say suspicious. http://quttera.com/detailed_report/apron090611news.cocolog-nifty.com
Hi Tondah,
Yes, you are right, with ww2.lostwebtracker dot com redirecting here: htxp://rtbstream.com/v2/click?data=eHZwSTNKN1M3cFlTUTNMYzhPcEY4dHN6cERseWlCS1NBS2h5bFRQSkR2MkJJZ2drNzdDcDBvX1pMS1gzYXZudjN0SW9rMkY0RERCaTBIaUdScVBLNjRRM1BhaVBXeF9zTjhoa3FMN0xNUEUx0
See: https://www.virustotal.com/en/ip-address/141.8.224.159/information/
and http://jsunpack.jeek.org/?report=3cf407c5c6349c608ed78282a147143ccecefa05 (for security researchers only, use NoScript and run inside a VM)
Because of your remarks, this should be re-evaluated, but it is not only avast! Web Shield that blocks, also Zscaler that flags that external link:
htXp://app.f.m-cocolog.jp/t/typecast/1557647/1569512 link Malicious
polonus
Hi Pondus,
Quttera flags this (39 instances of this): Severity: Suspicious
Reason: Detected URL that was generated during page execution.
Details: Procedure [write] has been called with a string containing hidden URL ‘lostwebtracker.com’
which IDS alerted for as “2013-10-03 10:33:05 urlQuery Client Internal IP 2 ET CURRENT_EVENTS DNS Query to a .tk domain - Likely Hostile”
polonus