« previous next »
Pages: [1]   Go Down

Author Topic: Malicious URL  (Read 7679 times)

0 Members and 1 Guest are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Malicious URL
« on: December 28, 2017, 04:56:40 AM »
hxxp://dechehang.com/
V.T-https://www.virustotal.com/#/url/6d5711fad0a14c96da6a771e6f0f48ea5b689c54b424e110a513c15882b90e57/detection

Fortinet:Malware
CyRadar:Malicious
Forcepoint ThreatSeeker:Suspicious
AOS:It is safe  ???
Google Safe Browser:No alerts.

Note:Reported to avast viruslab.
« Last Edit: December 28, 2017, 05:32:27 AM by Be Secure »
Logged
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Malicious URL
« Reply #1 on: December 28, 2017, 05:30:02 AM »
You can report a suspicious/malicious sample (File/Website) here: https://www.avast.com/report-malicious-file.php
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Malicious URL
« Reply #2 on: December 28, 2017, 05:33:03 AM »
Quote from: Asyn on December 28, 2017, 05:30:02 AM
You can report a suspicious/malicious sample (File/Website) here: https://www.avast.com/report-malicious-file.php
Thanks i already did.
Logged
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Malicious URL
« Reply #3 on: December 28, 2017, 05:51:39 AM »
NP, good job.
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33939
  • malware fighter
Re: Malicious URL
« Reply #4 on: December 28, 2017, 01:20:07 PM »
Redirects found: URLs that redirect found in: -http://dechehang[.]com/

1: -http://tongji.baidu.com/hm-web/welcome/ico?s=3374ad26b834d55a05500564f2a3b27b ->
-https://tongji.baidu.com/web/welcome/login

Re:  IP -101.201.50.204 -> https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=dechehang.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1

Detected: https://sitecheck.sucuri.net/results/dechehang.com
Web application version:
WordPress version: 3.5.1
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress under 4.8
Outdated Web Server Nginx Found: nginx/1.0.15

polonus
« Last Edit: January 11, 2018, 12:41:18 PM by HonzaZ »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Malicious URL
« Reply #5 on: December 31, 2017, 12:04:05 PM »
Why avast! not blocking this malware website.....? :o
Logged
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33939
  • malware fighter
Re: Malicious URL with FileCryptor.GRC malware!
« Reply #6 on: December 31, 2017, 02:10:51 PM »
« Last Edit: December 31, 2017, 02:14:33 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Malicious URL
« Reply #7 on: January 02, 2018, 05:52:09 PM »
BUMP :o
Logged
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Malicious URL
« Reply #8 on: January 11, 2018, 12:40:57 PM »
Hi,
We have been blocking dechehang[.]com/gz2qrn.php since 08.09. 2016, 16:48, but since we haven't seen anyone in our userbase (200+ M) actually "visit" the URL in the past 6 months, it was removed from VPS to make space for other (useful) detections. Of course once we see it active, it will return to VPS again.
The URL is still blocked by URLInfo (cloud service that is used by for example AOS, our browser plugin) and all samples touching the URL (or downloaded from it) will automatically be blocked, so there is no need to be worried.
Honza
Logged
Pages: [1]   Go Up
« previous next »