Author Topic: Redirect malicious? Google Safebrowsing blocks - avast! does not!  (Read 1526 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
See: http://urlquery.net/report.php?id=8736597
and http://maldb.com/ilexweb.com/#
Quttera flags as suspicious: index
Severity:    Suspicious
Reason:   Detected suspicious redirection to external web resources at HTTP level. [What's this?]
Details:    Detected HTTP redirection to htxp://scanlifeweb.com/hitin.php?land=20%26affid=39602.
File size[byte]:    18446744073709551615
File type:    Unknown - hitin.php?land=20&affid=39602 HTTP/1.1
MD5:    00000000000000000000000000000000
Scan duration[sec]:    0.001000
Blacklisted since 2010: http://www.malwaredomainlist.com/forums/index.php?action=dlattach;topic=3190.0;attach=550
Suspicious conditional redirect: http://sitecheck.sucuri.net/results/ilexweb.com/ -> http://labs.sucuri.net/db/malware/malware-entry-mwhta7

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
Re: Redirect malicious? Google Safebrowsing blocks - avast! does not!
« Reply #1 on: January 07, 2014, 03:49:35 PM »
Hi folks,

Whenever we see requests for "test404page.js" that is know to be a bad thing.
Blacklisted site example: htxp://y9911.com/test404page.js
500 Can't connect to y9911 dot com:80 (Bad hostname)
Content-Length: 165
Content-Type: text/plain
It is malvertisers trying to boost from Google 404 Plug-in.
Well anyway that is the game and the eventual illegal gain!
404 item hijacking it is being called.
View-page results are often better than the real life results.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!