Avast WEBforum

Other => Viruses and worms => Topic started by: aghariakalbe on April 03, 2021, 02:19:13 PM

Title: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: aghariakalbe on April 03, 2021, 02:19:13 PM
Hi, I have been getting the threat secured for a while now continuously. The blacklisted URL that is getting blocked is wpad.ib-wrb304n.setup.in. I have attached the popup screenshot and the Mbam scan log.
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: aghariakalbe on April 03, 2021, 02:20:33 PM
Here is the mbam log
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: polonus on April 03, 2021, 04:03:07 PM
Just wait for a final verdict form avast team, as this could be an FP,
as there is only one engine to flag at VT at the mo for -wpad.ib-wrb304n.setup.in:
https://www.virustotal.com/gui/url/c4d3d0daae2e256104372bc12f296fddf1b8ea7d50c7076e8b6be8a1a9da6f13/detection  But it is also flagged at DrWeb's as "non-recommended-site".

More leaning towards this: https://www.virustotal.com/gui/ip-address/199.59.242.153/detection
also see: https://www.virustotal.com/gui/ip-address/199.59.242.153/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: Pondus on April 03, 2021, 04:10:42 PM
@polonus, your VT scan is 6 months old, see attached screenshot

I have now refreshed it






Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: DavidR on April 03, 2021, 04:43:44 PM
What is strange for me is that the process responsible for the connection is svchost.exe. Whilst this in some cases is legit usage, but has also been used by malware in the past.

So yes I agree this needs further investigation.
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: aghariakalbe on April 03, 2021, 06:26:28 PM
@polonus Thanks for replying. The window keeps popping up and is really annoying. Should I speak to the avast support team regarding it. Where should i check the status of FP for this url.
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: aghariakalbe on April 03, 2021, 06:28:22 PM
@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: DavidR on April 03, 2021, 07:45:10 PM
@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.

Other scans on this site/url:
This one considers it a Medium Security Risk - https://sitecheck.sucuri.net/results/setup.in
This on reports security hints - https://webhint.io/scanner/25bc1403-eb1e-46a3-a889-e23c8f2fdb4a

These in themselves don't mean it is infected, but the failings mentioned could make it more likely to become infected/hacked.

Combine this with the unknown access from your system that you didn't initiate, just makes me more suspicious.  However I'm no expert in this area, it really needs a qualified malware removal specialist to investigate.
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: ArnabM on April 03, 2021, 08:02:43 PM
@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.

Hi! I am getting the same error with the same URL with svchost.exe as the process accesing it in my laptop and Desktop.
I had submitted my logs  in this forum but am yet to recieve a reply.
Title: Re: "Threat Secured" keeps popping up with the URL: Blacklist notification
Post by: polonus on April 05, 2021, 11:13:40 PM
Scanned for the IP DavidR has come up with, detection:
https://www.virustotal.com/gui/ip-address/199.59.242.153/detection

polonus