Author Topic: adf.ly is malicious? (Read 10067 times)

danny96 · « **on:** June 19, 2011, 05:35:02 PM »

I just wanted to download texture pack for minecraft on website www.minecraftforum.net and when I clicked download It wanted to redirect me on adf.ly (as always) but avast! blocked It. I was doing this about 20x times about 1 week ago (with same texture pack) and It was OK. Maybe a false positive?
URL was 178.77.79.79/lang

polonus · « **Reply #1 on:** June 19, 2011, 05:49:38 PM »

Hi danny96,

See why here: http://www.urlvoid.com/scan/adf.ly
There are several exploits hosted on that site, but a lot of the exploits on IP 69.65.43.7 and
69.39.236.36 are "dead" allthough ip status is "up" see: http://hosts-file.net/?s=adf.ly
server2.adf.ly is classified as having status EMD (malware; severity: High Risk),
see http://hosts-file.net/?s=adf.ly

polonus

Asyn · « **Reply #2 on:** June 19, 2011, 05:50:14 PM »

Report    2011-06-19 17:31:21 (GMT 1)
Website    adf.ly
Domain Hash    97d3881a388d64236c80a94f40d9ce60
IP Address    69.39.236.36 [SCAN]
IP Hostname    server2.adf.ly
IP Country    US (United States)
AS Number    32181
AS Name    ASN-GIGENET - GigeNET
Detections    4 / 23 (17 %)
Status    DANGEROUS

http://amada.abuse.ch/?search=adf.ly
http://hosts-file.net/?s=adf.ly
http://www.malwareblacklist.com/searchClearingHouse.php?search=adf.ly
http://www.phishtank.com/

danny96 · « **Reply #3 on:** June 19, 2011, 06:04:26 PM »

Quote from: Asyn on June 19, 2011, 05:50:14 PM

Report    2011-06-19 17:31:21 (GMT 1)
Website    adf.ly
Domain Hash    97d3881a388d64236c80a94f40d9ce60
IP Address    69.39.236.36 [SCAN]
IP Hostname    server2.adf.ly
IP Country    US (United States)
AS Number    32181
AS Name    ASN-GIGENET - GigeNET
Detections    4 / 23 (17 %)
Status    DANGEROUS

http://amada.abuse.ch/?search=adf.ly
http://hosts-file.net/?s=adf.ly
http://www.malwareblacklist.com/searchClearingHouse.php?search=adf.ly
http://www.phishtank.com/

I visiting this website daily and no reports yet until now.

polonus · « **Reply #4 on:** June 19, 2011, 06:18:31 PM »

Hi danny96,

The malware and website infection landscape is an everchanging one, exploits and silent drive-by-downloads are uploaded and taken down in an ever so quickly changing tempo, your site had a rather good web reputation rating: http://www.mywot.com/en/scorecard/adf.ly but one sees that users already starting reporting spyware, adware, phishing and malware from there, and the bad news has not reached here: http://www.webutation.net/go/review/adf.ly and the name of the game is SWF and that is where the malware exploit tragedy starts there. Good avast protects!
The url you reported served up: Trojan/Win32.Trojan Horse or a Bifrose variant...

polonus

Pondus · « **Reply #5 on:** June 19, 2011, 06:24:11 PM »

Website infected every 3.6 seconds
http://www.scmagazine.com.au/News/150874,website-infected-every-36-seconds.aspx

Asyn · « **Reply #6 on:** June 19, 2011, 10:31:07 PM »

Quote from: danny96 on June 19, 2011, 06:04:26 PM

I visiting this website daily and no reports yet until now.

S..t happens.

Author Topic: adf.ly is malicious? (Read 10067 times)

danny96

adf.ly is malicious?

polonus

Re: adf.ly is malicious?

Asyn

Re: adf.ly is malicious?

danny96

Re: adf.ly is malicious?

polonus

Re: adf.ly is malicious?

Pondus

Re: adf.ly is malicious?

Asyn

Re: adf.ly is malicious?