Author Topic: Possible Malware loading link found  (Read 2500 times)

0 Members and 1 Guest are viewing this topic.

guyguy

  • Guest
Possible Malware loading link found
« on: April 28, 2014, 10:36:04 AM »
Hi

First time I have reported a problem website.  Hopefully I can provide enough information for you to proceed.

This page...
http://www.androidegis.com/how-to/record-high-quality-videos-on-galaxy-s3-at-30mbps/

Has a link titled...
HX Custom ROMs

When clicked, it goes through the following sites in this order...
1. hhx-custom-roms.com/galaxy-s3-mod-hx-is-back.html
2. za.zeroredirect1.com/zcvisitor/9fd34740-ceab-11e3-bf12-0e1d57b0b976
3. za.zeroredirect2.com/zcredirect?visitid=9fd34740-ceab-11e3-bf12-0e1d57b0b976&type=js&browserWidth=1187&browserHeight=1032&iframeDetected=false
4. browser-boost.com/6/

At that point it appears that a Malware load is attempted.  The false message "IMPORTANT UPDATE! You should update your Media Player Immediately" is presented.  It looks like going any further will result in downloading something called "ADK media player".

These sites were reached on Firefox 28.0, avast! Free Antivirus 2014.9.0.2018 installed with the avast! Online Security 9.0.2018.95 extension active.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user
Re: Possible Malware loading link found
« Reply #1 on: April 28, 2014, 02:07:46 PM »
Quote
1. hhx-custom-roms.com/galaxy-s3-mod-hx-is-back.html
this URL seems to load some ads ... click pic in top right corner   http://urlquery.net/report.php?id=1398686623719

IP is listed as  ET RBN Known Russian Business Network IP group 172  see wiki info here  http://en.wikipedia.org/wiki/Russian_Business_Network

quttera report suspicious   http://quttera.com/detailed_report/hx-custom-roms.com

unmaskparasites suspicious   http://www.UnmaskParasites.com/security-report/?page=hx-custom-roms.com

URL is on Malwarebytes and Norman blocklist.....





« Last Edit: April 28, 2014, 02:35:50 PM by Pondus »