info about this link

hello, i went to watch a videos recently but i notice some links that i not recognized. i can know that i access those link because i use ublock origin in medium mode so the logger have the list of link accessed(i set ublock to block 3rd party script and frame but those link came from image). usual link for the video supposed to be google. but i never see this new link. here’s the link

htxp://bjdobr10.s.llnwi(.)net/v1/nguyen1/drama/171209/Infinity.challenge.e548.171209.720p-next-1.mp4

htxp://ic-727da800-0b0c75-1bjdobr10.s.loris.llnwd(.)net/v1/nguyen1/drama/171209/Infinity.challenge.e548.171209.720p-next-1.mp4 (2nd link is the same link if i try to download using download mananger)

https://www.virustotal.com/#/url/b4022f38ed2b82d3a9a6a56500f47484a1cfcd2bb54a16b8341b321f9dcf1c3b/detection
https://www.virustotal.com/#/url/0ab5536f41c75b1b78cb9c6f18c2a560db4b9cfa90bd99d4aabf0164dca672fd/detection
both link deteted as clean by virustotal

i searched in google for llnwd.net and it gives me result about limelight networks
is it trusted and safe?

ill attach picture from ublock origin logger

With 209 security incidents on that IP alone, not to say it is a very trusted environment.

What you tried to scan is too extensive for most scanners (too big)
Re: http://urlquery.net/queue/d302674b-faff-4a4d-aac5-2c6ba7ae0db1
See: http://urlquery.net/report/1e7c1c5b-447e-4c5e-8448-661088bf6fc4

urlquery dot net alerts: https://cymon.io/95.140.228.1 (malicious activities reported).

pol

Hi edricnow,

Fresh results from 4 hours ago: https://app.cymon.io/search/term/bjdobr10.s.llnwi.net%2Fv1%2Fnguyen1%2Fdrama%2F171209%2FInfinity.challenge.e548.171209.720p-next-1.mp4 given as suspicious on various IP.
Also see the timestamp per day for highest malware spreading activity…2017-10-30 for instance.

Sure a destination to shun,

polonus

hello polonus ty for the fast reply

how do you see those 209 incidents? from cymon.io link? (my internet so slow right now so the load not finished yet)

i assume the 2nd urlquery dot net (cdn dot k9tools) is the old address that using that ip right?
i guess its better to avoid llnw(.)net link then from now on, gonna block it using my ublock blacklist

so i tried to play another embedded web player for the video and got another link that i never see from the website again. this one not blocked by ublock again while the rest need bypass from ublock

you can see from the index.php it lead to connect to cdn dot kshowonline ( the website is kshowonline by itself, so i guess they host the video now, i dont know using what server tho)

here’s the link that i got from my download manager

htxp://cdn.kshowonline(.)com/ksohd/548%20%EB%AC%B4%ED%95%9C%EB%8F%84%EC%A0%84.E548.171209.720p-NEXT.mp4?s=1512921345&e=1512928545&h=2b919a296e8e4d76b276b6974a618ef6

ill attach the picture for more details and more link from ublock

Howdy edricnow,

If you are experiencing problems with your device, go to the link here at:

https://forum.avast.com/index.php?topic=194892.0

and then produce the requested logs and wait for the help of a qualified remover,
which might appear in due time.

I am just into volunteer cold reconnaissance website security scanning and website error hunting,
we can bring you the relevant facts and diagnostics,
while others as qualified removers handle the device specific cure with their special tools.

polonus aka Damian (volunteer website security analyst and website error-hunter)

hello sorry if its confusing

so far no problem i can see on my device, i know the rest of the link on the website and already block most of them using ublock add on
but i dont know about these 2 new link above thats why i ask. sorry about that

so if i want to scan this link htxp://cdn.kshowonline(.)com/ksohd/548%20%EB%AC%B4%ED%95%9C%EB%8F%84%EC%A0%84.E548.171209.720p-NEXT.mp4?s=1512921345&e=1512928545&h=2b919a296e8e4d76b276b6974a618ef6

using urlquery is enough? sorry if im asking too much

That would be OK if it detects that domain:- zzmjrubb.cn is the site engaged in the malware distribution
an hour ago by -hosts-file.net (these are all short lived abuse but might just infest you).

What you try to use is an abuse address, you should not go there, as it is engaged in malware distribution.

If you are watching video which is protected through DRM,
well some copyright parties might not regret it when viewers meet with malware,
or when such channels are abused by malcreants, who is going to complain and what tree to bark up to?

polonus