My site in the blacklist, and for this I can not understand.
Who can help deal with this problem
Here’s a link to the website: Cheat-help.ru
Sorry in advance for my english
It is not the domain that is blocked, but the IP.
The reason for it is that there are malicious websites hosted on the same IP.
http://zulu.zscaler.com/submission/show/8f714df721f3b28928eadb020794f22d-1391602583
http://urlquery.net/report.php?id=9236546
You can ask to unblock the url here : http://www.avast.com/contact-form.php
how many the answer comes?
You will most probaply not get an answer, maybe they will reply here if you gave them a link. It can take some cause they need to check it back.
Hello,
there was “cheat-help.ru/_ld/0/23_45_steam_hack_v.rar|>steam_hack_v13/steam%20hack%20v13/steam%20hack%20v13.dll”. Can you confirm that you have cleaned it? I suggest to change all passwords and update all systems.
Milos
The file has been replaced
There is some serious cross-scripting going on http://www.domxssscanner.com/scan?url=http%3A%2F%2FCheat-help.ru
There is also some anomaly behavior: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fcheat-help.ru%2F
Quettra gives malicious: http://www.quttera.com/detailed_report/Cheat-help.ru
When I checked quttera earlier today it only detected 1 suspicious file.
Looks like someone has put malicious malware file back there.
And guess what…
It appears to be the same file that Milos found and that the op claimed to have removed…
The website (at least) seems to be spreading illegal hacks/cracks etc.
Asked about this on their official website hosting
Said that nothing is not present
it Wpe pro
was downloaded from the official site
When I entered the IP of the server 193.109.246.80 into scumware.org
I found so many “bad” items it boggles the mind. If anything the server
has some serious issues. I wouldn’t visit that site for any reason, except
to give essexboy something to do.
Pavrl, many (and I really mean many) malicious things are on the website and that IP.
it Wpe pro was downloaded from the official siteNo, it wasn't steam is not offering/spreading malware.
Asked about this on their official website hosting Said that nothing is not presentIf they say that, they are lying and/or don't have any clue what they are doing. Every check I and others did shows otherwise.
Was replaced file when checking?
Site definitely has issues. Main site still blocked as with URL:Mal!
Original malcode was found in htxp://cheat-help.ru/load/css/6 → http://jsunpack.jeek.org/?report=4dd9a9a3869ab8c6ee6f285ed501ed3f08591261
An iFrame check comes up as suspicious: Suspicious
/abnl/?adsdata=1dxq0vw8w5fr4vugxbz^nclg!gy1mpjj7pbx0cgerevnyj5x0h4lri2iun;7ahawzusdtqhgrdkccx^tl^o0v’
Injection check comes up as right-out malicious:
Suspicious Text before HTML view code here: http://jsunpack.jeek.org/?report=a007f3488a1b3c281dc3edcf19cd3c17f3e0f5f8
Javascript Check comes up as: Suspicious
().src = “htxp://counter.yadro.ru/hit;ucoznet?r”+escape(document.referrer)+((typeof(screen)==“undefined”)?“”:“;s”+screen.width+““+screen.height+””+(screen.colordepth?screen.color…
Included scripts check comes up as suspicious: Suspect - please check list for unknown includes
htxp://rtrgt2.com/apu.php?zoneid=1708
Suspicious Script:
htxp://rtrgt2.com/apu.php?zoneid=1708
document.createelement(‘iframe’); iframeb0f5caa.setattribute(‘style’, ‘display:none; position:absolute; top:0px; left:0px;’); iframe
Suspicious Script:
htxp://s80.ucoz.net/src/uwnd.js?2
.ru/i)){g=1;var a=/v=([^\s&;]+)/;var d=a.exec(b.url);if(d&&d[1]){n=“htxp://video.rutube.ru/”+d[1];l=640;f=360}}else{if(b.url.match(/dailym
404 Error Check comes up as suspicious: Suspicious
Suspicious 404 Page:
.ru/e.gif?p=u404" width=0 height=0> new image().src = "http://
Despite of this code mess, I get no avast! alert on htxp://cheat-help.ucoz.ru/panel/?a=ustat&u=cheat-help&d=0&il=ru&sdc=1
There are php vulnerabilities found for userv/3.2.2
This external link has Web Rep issues: https://www.mywot.com/en/scorecard/spotsniper.ru?utm_so
also consider: http://www.quttera.com/detailed_report/free-aim-wf.ucoz.ru → http://jsunpack.jeek.org/?report=01855d2faf8eda2deaeba6a32e7715309e7bf1dc
This malware from same IP has apparently been closed: http://support.clean-mx.de/clean-mx/viruses.php?id=14815911
polonus