Help with a threat detection please!

[polonus]

Hi sevienetito13,

Please block that live link like with -http  or hxtp:// etc.
The link probably is not "live" anymore, but we do not want the uninformed click such live links here.

Always keep at the back of your head, that when you see a link ending in dot su not to click,
su (soviet union) domains are known to be suspicious and therefore may come on a deny list by default.

The term bl*cklist should now preferably be written as deny list, wh*telist then becomes allow list.
Even unix kernel code terms no longer will have a term like bl*cklist.
They will adopt to using these new unbiased terminology.

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)

[polonus]

Resilience & Security a mere 20%, see: https://dnsspy.io/scan/msz.su
Recommendations

We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.

All IPv4 nameservers are hosted by the same provider (AS13335 - CLOUDFLARENET, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
All IPv6 nameservers are hosted by the same provider (AS13335 - CLOUDFLARENET, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
No DNSSEC records found. Consider enabling DNSSEC, as it provides a way to validate DNS responses for data integrity.
All the nameservers are being operated from a single domain (cloudflare.com). If that domain gets compromised or goes offline, the DNS will be unavailable. Consider spreading the nameservers across multiple domains.

Hosted in Singapore  @LeaseWeb Asia -> https://www.shodan.io/host/23.106.124.56 Apache mod_evasive2/1.10.1-win -
mod_evasive is a module for Apache that provides evasive action in the event of an HTTP Distributed Denial of Service (DDoS/DoS) attack or brute force attack 23.106.124.56

pol

[sevienetito13]

Thanks for answering, I changed the live link as you said and will keep in mind the use of deny/allow list. I don't understand what the info of dnsspy means, Is Avast Denylisting the page for some reason? But do we know why my pc is trying to connect to that page from a svchost.exe ? Is there something else I should check?

[polonus]

Hi sevienetito13,

I do not know that, because malware or compromise is often rather short-lived.
Seems it has not survived up to now, and the main domain is not malicious.

For you is is important to know that by blocking it at the time avast has kept you out of harm's way,
and you haven't become infested at least not by this particular threat.
That is a reassuring thought, isn't it?

I wish you a pleasant day,

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)