Hello,
reason why we blocked this site was batcave.stopklatka.pl/1.pac ( Banker) This file doesn’t exist anymore and this site will be remove from our block list.
This could be at the root of the following Wordpress issue:
www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/thickbox.js?ver=3.1-20110528 suspicious
[suspicious:2] (ipaddr:87.98.235.107) (script) -www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/thickbox.js?ver=3.1-20110528
status: (referer=-www.batcave.stopklatka.pl/)saved 12447 bytes d0f5711524217420df59a96d18f8dd9339dd7087
info: [img] -www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/
info: [iframe] -www.batcave.stopklatka.pl/wordpress/wp-includes/js/thickbox/
info: [decodingLevel=0] found JavaScript
error: undefined variable thickboxL10n
error: undefined variable jQuery
error: undefined function jQuery
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
Requested object could be infected with Trojan-Downloader.JS.Iframe.bxv
Has to be seen this is a generic detection for this, anyway I see this detected there “Incognito exploit kit v2.0 HTTP GET request” in a recent site scan - Phishing goin’ on, see the recent report for AS16276 OVH Systems for your site and others in this scan report from urlQuery: http://urlquery.net/report.php?id=9578
Well avast’s Sirmer reported the request is going nowhere now, but update and cleanse the hole to be exploited not to be reinfected again,