See: https://www.virustotal.com/nl/url/a773006b04536bbd8c83f6de3a4e485f8164e261cffe78cc78dc5f53431e45ba/analysis/
Detected here: http://urlquery.net/report.php?id=3404314 -IDs alert for EXPLOIT-KIT Redkit exploit kit redirection attempt
For the two hidden/malicious iFrames see: http://evuln.com/tools/malware-scanner/thetoponlineshopping.com/
Hidden iFrame found.
size: 2x2
src: htxp://ypagesworld.com/omcd.html?i=779512 ->redirects tohtxp://irishbusinessschoolnigeria.com/omcd.html?i=779512
&
Hidden iFrame found.
size: 2x2
src: htxp://ypagesworld.com/omcd.html?i=779512 ->redirects tohtxp://irishbusinessschoolnigeria.com/omcd.html?i=779512
Both instances landing here:
http://urlquery.net/report.php?id=3404403
polonus
Pondus
2
OK, Pondus, thanks and with you here, my friend, but the missed detection should be reported to VT…
On the other hand google safebrowsing blocks a vist to the redirected site anyways, so a lot of browser users (like those on fx and chrome) are being protected,
but that is not the point. Topic is about detection discrepancies…
polonus
Another example for this IDS alert: FILE-FLASH Action InitArray stack overflow attempt
See: https://urlquery.net/report.php?id=767696
and the accompanying VT results: https://www.virustotal.com/nl/url/b60fbe6aa2089f040f683b662071d5e010a3e3e8055e55962e9721e532476887/analysis/
Nothing detected! Understandable: https://www.virustotal.com/nl/domain/www.dl.bazisaz.com/information/
and https://www.virustotal.com/nl/ip-address/95.211.80.118/information/
The IDS alerts comes from theseso-called flash rules:
1 24889 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24890 FILE-FLASH Action InitArray stack overflow attempt off drop off
1 24891 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24892 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24893 FILE-FLASH Action InitArray stack overflow attempt off drop off
1 24894 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24895 FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt off drop drop
1 24896 FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt off drop drop
Domain seems down: Down: NA RIPE NL abuse at leaseweb.com 95.211.80.118 to 95.211.80.118 bazisaz.com htxp://www.dl.bazisaz.com/edu/gamemaker/gamemaker-01.flv
polonus