Author Topic: Redirect attempt a malware? (Read 3916 times)

avastreally? · « **on:** April 27, 2013, 09:30:05 AM »

he i was reading a high regarded computer forum (via WOT and bitdefender traffic light) (notebookreview.com)
but when i refreshed the page is got a message that:
avast blocked:
ocatell.womenpjs.com.jpg
has been blacked, i refreshed again and the same message
what is this? is the site hosting this advertisment?
here is the report log

* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, April 26, 2013 4:16:07 AM
*

4/27/2013 2:12:07 AM http://ocatell.womenpjs.com/17.jpg [L] URL:Mal (0)
4/27/2013 2:15:12 AM http://ocatell.womenpjs.com/17.jpg [L] URL:Mal (0)

mikaelrask · « **Reply #1 on:** April 27, 2013, 05:39:44 PM »

hey!

according zulu scan is a suspicious url that link

http://zulu.zscaler.com/submission/show/de5d8f779b0162291412c674dac22ee3-1367077099.

mchain · « **Reply #2 on:** April 27, 2013, 10:16:56 PM »

hi avastreally?,

Your link redirects to here: http://urlquery.net/report.php?id=2209608 to SoftLayer Technologies.

Click upper-right for screenshot of redirect.

It might help to use AdBlock Plus add-on to block annoying or malicious ads or use NoScript in your browser.

I assume you mean the link is blacklisted?

[EDIT:] Virus Total URL scan: https://www.virustotal.com/en/url/84ea93c721a7d5f05a882a9ce0de05ccbf1f81ae237c6d4fdecc4476aa643806/analysis/1367093964/

avastreally? · « **Reply #3 on:** April 28, 2013, 12:19:57 AM »

Quote from: mchain on April 27, 2013, 10:16:56 PM

hi avastreally?,

Your link redirects to here: http://urlquery.net/report.php?id=2209608 to SoftLayer Technologies.

Click upper-right for screenshot of redirect.

It might help to use AdBlock Plus add-on to block annoying or malicious ads or use NoScript in your browser.

I assume you mean the link is blacklisted?

[EDIT:] Virus Total URL scan: https://www.virustotal.com/en/url/84ea93c721a7d5f05a882a9ce0de05ccbf1f81ae237c6d4fdecc4476aa643806/analysis/1367093964/

Thanks @mikaelrask
hey @mchain
i have a script blocker (well i have spywareblaster)
but i was wondering why it came up as i have used that site many times(i read it page by page everyday) and all of a sudden it has redirects , which made me thing something else was at work here
can you recommend another script blocker for chrome? or the one i have is good enough?
i dont visit bad site as i have world of trust (WOT) and bitdefender traffic light (though i want to submit a false positive to bitdefender but the forum would not let me sign up)
i would like to congrats avast for doing a good job of blocking it ( as its new and other places have it as ok but avast still blocked it (reliable

)
any more advice? (i already did avast, malwarebytes and superantispyware scan)

mchain · « **Reply #4 on:** April 28, 2013, 07:10:53 PM »

Quote from: avastreally? on April 28, 2013, 12:19:57 AM

Quote from: mchain on April 27, 2013, 10:16:56 PM
hi avastreally?,

Your link redirects to here: http://urlquery.net/report.php?id=2209608 to SoftLayer Technologies.

Click upper-right for screenshot of redirect.

It might help to use AdBlock Plus add-on to block annoying or malicious ads or use NoScript in your browser.

I assume you mean the link is blacklisted?

[EDIT:] Virus Total URL scan: https://www.virustotal.com/en/url/84ea93c721a7d5f05a882a9ce0de05ccbf1f81ae237c6d4fdecc4476aa643806/analysis/1367093964/
Thanks @mikaelrask
hey @mchain

...but i was wondering why it came up as i have used that site many times(i read it page by page everyday) and all of a sudden it has redirects , which made me thing something else was at work here
can you recommend another script blocker for chrome? or the one i have is good enough?
i dont visit bad site as i have world of trust (WOT) and bitdefender traffic light (though i want to submit a false positive to bitdefender but the forum would not let me sign up)
i would like to congrats avast for doing a good job of blocking it ( as its new and other places have it as ok but avast still blocked it (reliable )
any more advice? (i already did avast, malwarebytes and superantispyware scan)

Even well-known and reputable sites can get hacked with unwanted and malicious links that redirect to sites outside of the webpage you are currently viewing. That fact alone is why polonus will take the time to chase and track down where the malware originates from; this sort of malware linking is beyond a user's control as the website owner needs to be notified of the issue. Doing so will make the site safer and help protect other visitors from any malware attacks as well as protect the reputation of the website.

You'll note that the malicious link started with a .jpeg and ended with a redirect to SoftLayer Technologies. AdBlock Plus will take care of that by blocking the .jpeg from even downloading to the page you are viewing and you should not even be affected. The add-on does work in Chrome: http://adblockplus.org/en/chrome but you should know Google is now actively discouraging its use and possibly blocking install of it. I already have it installed, so...

As an aside, unless a website requires https://, do not use secure http: unless the site requires it. Online banking sites require this. Avast! WebShield cannot scan https:// for malware, just so you know. Forcing sites not designed for https:// to run as htttps:// will not result in increased security, but less, as WebShield cannot monitor the secure connection.

Kudos for avast!

avastreally? · « **Reply #5 on:** May 03, 2013, 07:08:28 AM »

Quote from: mchain on April 28, 2013, 07:10:53 PM

Quote from: avastreally? on April 28, 2013, 12:19:57 AM
Quote from: mchain on April 27, 2013, 10:16:56 PM
hi avastreally?,

Your link redirects to here: http://urlquery.net/report.php?id=2209608 to SoftLayer Technologies.

Click upper-right for screenshot of redirect.

It might help to use AdBlock Plus add-on to block annoying or malicious ads or use NoScript in your browser.

I assume you mean the link is blacklisted?

[EDIT:] Virus Total URL scan: https://www.virustotal.com/en/url/84ea93c721a7d5f05a882a9ce0de05ccbf1f81ae237c6d4fdecc4476aa643806/analysis/1367093964/
Thanks @mikaelrask
hey @mchain

...but i was wondering why it came up as i have used that site many times(i read it page by page everyday) and all of a sudden it has redirects , which made me thing something else was at work here
can you recommend another script blocker for chrome? or the one i have is good enough?
i dont visit bad site as i have world of trust (WOT) and bitdefender traffic light (though i want to submit a false positive to bitdefender but the forum would not let me sign up)
i would like to congrats avast for doing a good job of blocking it ( as its new and other places have it as ok but avast still blocked it (reliable )
any more advice? (i already did avast, malwarebytes and superantispyware scan)
Even well-known and reputable sites can get hacked with unwanted and malicious links that redirect to sites outside of the webpage you are currently viewing. That fact alone is why polonus will take the time to chase and track down where the malware originates from; this sort of malware linking is beyond a user's control as the website owner needs to be notified of the issue. Doing so will make the site safer and help protect other visitors from any malware attacks as well as protect the reputation of the website.

You'll note that the malicious link started with a .jpeg and ended with a redirect to SoftLayer Technologies. AdBlock Plus will take care of that by blocking the .jpeg from even downloading to the page you are viewing and you should not even be affected. The add-on does work in Chrome: http://adblockplus.org/en/chrome but you should know Google is now actively discouraging its use and possibly blocking install of it. I already have it installed, so...

As an aside, unless a website requires https://, do not use secure http: unless the site requires it. Online banking sites require this. Avast! WebShield cannot scan https:// for malware, just so you know. Forcing sites not designed for https:// to run as htttps:// will not result in increased security, but less, as WebShield cannot monitor the secure connection.

Kudos for avast!

Thanks for your time and detailed help, i have contacted the admin, hopefully this is resolved soon
o/

mchain · « **Reply #6 on:** May 04, 2013, 12:58:41 PM »

You're welcome.

polonus · « **Reply #7 on:** May 04, 2013, 01:27:14 PM »

Looking at it with Redleg's FileViewer, I get a redirect to: Location: htxp://waihuizhifu.com/images/124.gif
which on it it's turn give this redirect: The location line in the header above has redirected the request to: htxp://mbm999.info/1.gif (see attached)
Same IP had this IDS alert on domain: ET POLICY Maxmind geoip check to /app/geoip.js
which is a Fraudulent IP abuse IDS detection....

Author Topic: Redirect attempt a malware? (Read 3916 times)

avastreally?

Redirect attempt a malware?

mikaelrask

Re: Redirect attempt a malware?

mchain

Re: Redirect attempt a malware?

avastreally?

Re: Redirect attempt a malware?

mchain

Re: Redirect attempt a malware?

avastreally?

Re: Redirect attempt a malware?

mchain

Re: Redirect attempt a malware?

polonus

Re: Redirect attempt a malware?