Author Topic: Website infected with URL:mal  (Read 953 times)

0 Members and 1 Guest are viewing this topic.

Offline Florian53

  • Newbie
  • *
  • Posts: 1
Website infected with URL:mal
« on: May 02, 2024, 10:05:29 AM »
Dear all,

HOpe you are doing well :-)

I have 2 websites in my company which are infected with an URL:MAL

No error shows up on the website but when I visit with the free version of avast, adblock pops up with this error:

"We cancel the connexion to tags.stickloader.info because this element was infected by URL:Mal"

Websites are:
serre-acd.ch
and
numeractive.ch

Do you have any idea from where this comes from ?
I am using wordpress with latest version

Thanks a lot,
Florian
« Last Edit: May 02, 2024, 10:07:57 AM by Florian53 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: Website infected with URL:mal
« Reply #1 on: May 02, 2024, 12:55:18 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: Website infected with URL:mal
« Reply #2 on: May 02, 2024, 03:18:13 PM »
16 instances to detect: https://www.virustotal.com/gui/url/44ce3e990b4d703da17cbbe34ec00a78063cbd030e8edbdbb9ffb9eae04f6bb6?nocache=1

Not detected as such here: https://urlscan.io/result/3b3f0863-f1a9-420a-83a8-ae16d4a10811/

Whitelisted websites could, however, contain malware. https://www.abuseipdb.com/check/188.114.96.3

As for in the "cloud', these same entities sometimes also provide cloud servers and mail services
which are easily abused. Pay special attention when trusting or distrusting these IPs.

Moreover here this link has a blacklist status: https://quttera.com/detailed_report/tags.stickloader.info
because of Threat name: S.HttpRedir.gen

polonus
« Last Edit: May 02, 2024, 03:41:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline lichesssatrancturkiye

  • Jr. Member
  • **
  • Posts: 28
Re: Website infected with URL:mal
« Reply #3 on: May 02, 2024, 06:05:28 PM »
uBlock origin also blocking this website

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5712
  • Spartan Warrior
Re: Website infected with URL:mal
« Reply #4 on: May 06, 2024, 09:13:34 AM »
Well you have issues with both sites.  Botnet malware.  Extremely dangerous.  [EDIT:  Avast Free blocked both sites]

DO NOT VISIT

See attached jpgs attached below.   

Suggest getting service at a website that specializes in cleaning infected websites.  https://sucuri.net/  Other such available online.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: Website infected with URL:mal
« Reply #5 on: May 06, 2024, 12:14:28 PM »
Referenced Blacklisted Domains
-horions.com  3 to flag: https://www.virustotal.com/gui/url/22def217dac3897530a28e5bc70ecf8f607c8171722aa730f724c8639ef053a6
Not being flagged here: https://urlscan.io/result/0561bc94-34c5-474b-867a-2eded6b3df1b/#transactions

Avast does no longer flag htxps://numeractive.ch/fr/ now. https://www.virustotal.com/gui/url/b8c1f331b0c9822109e57a8789e5fdda7734723b010b9f8d6b07aa2c3251a128?nocache=1

Anyway, this is now flagged by 10 vendors: https://www.virustotal.com/gui/domain/stickloader.info
Has this -https://www.cloudflare.com/5xx-error-landing  (CloudFlare Brazil - reported allthough whitelisted)

Title: Cloudflare abuse. 188.114.97.3 was found in our database! (with port-scanning, hacking,  Phishing Volksbank, etc.).
 
polonus
« Last Edit: May 06, 2024, 12:21:27 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: Website infected with URL:mal
« Reply #6 on: May 06, 2024, 03:28:26 PM »
Read on this threat here: https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-031

Info credits go to: Cyber Security Agency of Singapore

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!