A malcious detection found because of anomalous loading of the webpage was found to exist on wXw dot shanhaiichiba dot com/en/
See: htxp://zulu.zscaler.com/submission/show/a04ad3e726e1f944f1b0b36a618a0c0e-1337780415 (external element flagged)
see: htxp://urlquery.net/report.php?id=58604
nothing here: htxp://vscan.urlvoid.com/analysis/f89e57611f437867ca4dcb7273c73849/ZW4=/
but detected as suspicious here: htxp://sitecheck.sucuri.net/results/www.shanhaiichiba.com/en/
This is not a signature-based rule, but looks at anomaly behaviors on how the web site is being loaded. Our engine found it to be malicious (related to remote includes).quote from sucuri's link author: dcid This is what BadStuff detector found in the realm of iFrame malcode: Level: 0) Url checked: htxp://www.shanhaiichiba.com/en/ Zeroiframes detected on this site: 0 No ad codes identified
(Level: 1) Url checked: (script source)
htxp://s21.cnzz.com/stat.php?id=3180119&web_id=3180119&show=pic
Zeroiframes detected on this site: 0
No ad codes identified
Malicious see: htxp://zulu.zscaler.com/submission/show/3094f41fc051f4eb58125dcfb8d97db1-1337781419
(Level: 2) Url checked: (script source)
htxp://s21.cnzz.com/+a+
Blank page / could not connect
No ad codes identified
(Level: 2) Url checked: (script source)
htxp://s21.cnzz.com/+a[b][0]+
Blank page / could not connect
No ad codes identified
reported to virus AT avast dot com,
polonus