malicious link or not?

Duch · February 12, 2016, 3:12pm

Hi all

Is this link malicious or not please. Avast ver 11.1.2253 dont show any warnings

hXtp://logs-confirms26.at.ua/account/recovery/index.html

thx for info

Asyn · February 12, 2016, 3:17pm

→ https://sitecheck.sucuri.net/results/logs-confirms26.at.ua/account/recovery/index.html

Duch · February 12, 2016, 3:20pm

thx Asyn but Avast don`t block this link :-\

Asyn · February 12, 2016, 3:23pm

You can report it here: https://support.avast.com/support/tickets/new?form=3

bob3160 · February 12, 2016, 3:27pm

http://screencast-o-matic.com/screenshots/u/Lh/1455290682475-6482.png

I used http://scanurl.net/ to do my check. Submit it if it makes you feel better.

polonus · February 12, 2016, 3:37pm

IP there certainly has issues, there are various IDS alerts, so break that link hxtp://etc./
Website has outdated CMS: Web application details:
Application: vBulletin 3.8.2 - http://www.vbulletin.com/
vBulletin version outdated: Upgrade required.

polonus

Duch · February 12, 2016, 3:40pm

thx guys

but when i tried to sign up to support (throught fb account) i see only this

http://s10.postimg.org/x6tiw1k7t/login.jpg

and link (posted by me) looks like a password stealer

http://s16.postimg.org/6nh79r1k4/link.jpg

HonzaZ · February 12, 2016, 3:54pm

Hi, it will be blocked in the next update

Duch · February 12, 2016, 3:56pm

Thanks for the quick reply HonzaZ, that’s what i wanted to read

Pondus · February 12, 2016, 4:08pm

Possible Facebook Phish >> https://www.phishtank.com/phish_detail.php?phish_id=3827328

polonus · February 12, 2016, 6:05pm

We should also consider the link and script flagged: http://www.freewebs.com/p.js
flagged here once: https://www.virustotal.com/en/url/b06688412253141addbc554e890c5371b44672dc9722fc6f31f808c9873c8cba/analysis/
but found harmless again on the file analysis: https://www.virustotal.com/en/file/8de255a801ca35c13ceaa3915570e5347e759e6016a41400df1a4e02f50725b3/analysis/1386795656/
So what it is gonna be. Re: https://urlquery.net/report.php?id=1455299770587
Warning in code: "“WARNING! This page is attempting to forward you to another site.”: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.freewebs.com%2Fp.js

landing here: -http://dunsregistered.dnb.com
Number of sources found: 2
Number of sinks found: 2
→ http://toolbar.netcraft.com/site_report?url=http://dunsregistered.dnb.com

polonus (volunteer website security analyst and website error-hunter)

Pondus · February 12, 2016, 8:01pm

Confirmed by F-Secure lab

===============================================================
The file you sent was found to be malicious.

We will be detecting the sample you submitted in the next database update. The URL is rated as phishing.

polonus · February 12, 2016, 8:13pm

Good it has been added to detection is is being blocked.

polonus

malicious link or not?

We will be detecting the sample you submitted in the next database update. The URL is rated as phishing.

Announcements