Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Why this uri is not blocked? Suspicious Filename Character!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Why this uri is not blocked? Suspicious Filename Character! (Read 1475 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Why this uri is not blocked? Suspicious Filename Character!
«
on:
November 17, 2013, 03:40:53 PM »
Suspicious Filename Character Usage %EF%BF%BD%EF%BF%BD%C6%B7%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD_2013 has suspicious character
Malzilla flags:
Server IP(s):
0.0.0.0
=========================
HTTP headers:
HTTP/1.1 404 Not Found
Content-Length: 1308
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 17 Nov 2013 14:39:03 GMT
Connection: close
See:
https://www.virustotal.com/nl/url/a9ad00fd318944ed303622bc68a256e30ffab9e9762ffaf4410755ba57ba785c/analysis/1384698351/
Two to flag, but nothing here:
https://www.virustotal.com/nl/file/e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075/analysis/1384666751/
dl.aj553 dot com/��Ʒ������_2013.exe benign?
No alerts now:
http://urlquery.net/report.php?id=7772938
But these issues recently: see recent reports/
Onconclusive result:
http://app.webinspector.com/public/reports/18449482
Redirect status: Code: 403, Content cannot be read!
Two security warnings here:
https://asafaweb.com/Scan?Url=dl.aj553.com
for excessive header info spread and clickjacking vulnerability.
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 403 Forbidden
pol
«
Last Edit: November 17, 2013, 03:59:25 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33925
malware fighter
Re: Why this uri is not blocked? Suspicious Filename Character!
«
Reply #1 on:
November 17, 2013, 03:53:22 PM »
This malware site resides on the one and the same IP:
https://www.virustotal.com/nl/url/a250cdcf4f21453cc8d1c25f8327dddc86e24a6966f16918a07fde47af1af18e/analysis/1384699476/
and htxp://jipin.bj0574.com is in Dr.Web malicious sites list!
I hope users now understand why I run DrWeb url checker in the browser next to avast residential
as a kind of "additional rear mirror extension".
I always got a lot of flank cover from that DrWeb extension because of overlapping detection range.
Our user Dim@rik knows why
.
By the way BitDefender Traffic Light is blocking this site as well.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Why this uri is not blocked? Suspicious Filename Character!