For some time Avast Free Antivirus reports: “Threat secured, We’ve safely aborted connection on www-notebookcheck-com.webpkgcache.com because it was infected with URL.Mal”
And this URL was not blocked on 2 other PCs, each with a different and also well-known antivirus program (BitDef… and Kasp…).
https://webpkgcache.com is a service from Google - I can’t imagine something like that sneaking past these security fanatics.
I sent the said URL as a false positive to www.avast.com/false-positive-file-form.php.
Response from Avast: “…Thank you for contacting Avast and reporting a suspected false positive detection. I’m happy to help. Our virus specialists checked the detection and confirmed it as correct. If you’re the owner of the reported website and want to change the detection, feel free to contact us again for a new analysis once the website is cleaned…”
In both the Avast Antivirus alert and the Avast response, I’m missing any information about the nature of the alleged infection - this lack of information saddens me!
I’m still leaning towards this being a case of false positive as apparently only the Avast antivirus engine is alerting this as a URL:Mal. I don’t like false positives. I would like to ask about the experiences of other users. Is this really a URL:Mal and if so, what kind - or is it a false positive? :-\
At the time of the alert are you actually trying to connect to the site notebookcheck-com.webpkgcache.com as why it would be doing that seems somewhat strange (to me). But then again I don’t use the Chrome browser. As to mee this mashed URL appears to be trying to get cached content for notebookcheck-com (presumably the ‘-’ would be a ‘.’ period) for the actual site.
The warning message is independent of the browser used.
This warning pops up whenever I search something on google.com with the term ‘notebookcheck’ e.g. ‘flip cover samsung a54 notebookcheck’ or search something else with notebookcheck.
www.notebookcheck.com is a trustworthy site and Avast does not complain when you visit it.
So obviously there seems in fact nothing right with URL:Mal. I have now entered a corresponding exception in the Avast settings because I am fed up with questionable false positives, especially since I have not received any information about the type of infection.
As an Avast User I can’t say why Avast might be alerting on this URL as I’m not in possession of the full information available to the Virus Labs Team (who responded).
But security weaknesses could lead to exploit.
Personally I would avoid cached data in search results, not only could that cached data be outdated. But also I don’t know what checks might be done by Google when caching previous search data.
When posting URLs to suspect sites drop the hXXps://wXw elements (or change them as I have) before the domain name to prevent them being active and exposure to suspect sites.
You’re VT link still has cached results from a site also considered malicious by Avast, my previous VT link had many more domains in that and not only the hXXps://wXw.hct-busvermietung.de/ on in your link. Which just goes to show those results are constantly changing.
Thanks a lot! You’re the first one to let me know what’s behind URL:Mal in the first link (www-notebookcheck-com.webpkgcache.com), PHISHING. There was only a sparse “URL:Mal” in the Avast AV alert. Now I can do more with it.
And with the 2nd link hct-busvermietung.de I also assume that it is a malicious website. A little research revealed information about an immensely dubious company.
Do not click or go to above links - AOS&P blocks them all. It is all a big phishing scheme/campaign. A japanese Amazon phishing scheme. Links broken for security by me (pol).
