Hi,
I have multiple detections, examples are bellow. URLs are each time bit different, but from the same domain. How dangerous it is, or it is just scam site which can be safely ignored?
Those detections I get only from one regular website, which trying to load those URLs in background and Avast block it.
Thank you.
hXXps://ricoslpcovu.com/en/hce/on/fubhi?wsv=ldkxeo&cadk=ngs&id=1988007&lvjeiiiiur=158068&gb=978577&eekypd=843257 [L] URL:Scam (0)
hXXps://ricoslpcovu.com/en/hce/on/fubhi?njex=kqu&id=1988007&sukiifbg=762679&yc=635570&uujjwh=hjvl&iiawj=627439&jliiz=267469 [L] URL:Scam (0)
hXXps://ricoslpcovu.com/en/hce/on/fubhi?aoshewws=659246&xhgcviirz=318480&yqd=mymcj&cx=bd&id=1988007&jgfs=kcw&jxzxj=640781&iifbqbw=eejw&srscrgbz=356844&jx=tp [L] URL:Scam (0)
hXXps://ricoslpcovu.com/en/hce/on/fubhi?njex=776273&tnbtear=sfy&kwemjf=8663&vtnr=kx&vfktbetz=972569&gd=33162&id=1988007&pk=lpektt&corxcxw=792536&ww=201826 [L] URL:Scam (0)
Is that a website you regularly visit or is it popping up without your action?
If the latter, try clearing browser cookies and disable browser add-ons/extensions to see if that stops it. Especially if you find an add-on you do not recognise or expect to have.
How dangerous it is, or it is just scam site which can be safely ignored?
You can upload and check suspicious files/urls/IP and more here
VirusTotal https://www.virustotal.com/
MetaDefender https://metadefender.opswat.com/
Sucuri https://sitecheck.sucuri.net/
holpo
July 26, 2024, 9:47pm
4
https://sitereport.netcraft.com/?url=https%3A%2F%2Fricoslpcovu.com (site registered by
Clickadu s.r.o., Praha).
Right now, the website, see: https://www.isitdownrightnow.com/ricoslpcovu.com.html , is unavailable to all users.
Malcode spreading web-addresses may only be online for a short time.
htxps://ricoslpcovu.com/ is the redirect URL.
HTTP Status Code: 404
Content Size 0
Content Type: text/plain; charset=utf-8
IP Address: 172.240.41.64 See: https://www.shodan.io/host/172.240.41.64
Country US
Web Server: nginx
This is also suspicious from this address at the same IP and nginx server: https://www.virustotal.com/gui/url/1148391429c7a87d0bfd35a6962c8254903428535efcfc2d1844cb47b86d17a4
suspicious (meaning there is abuse going on at Servers dot com, Dallas, Texas).
Advice: avoid interaction with this abuse address (but likely the initial abuse website has been taken down on behalf of Servers dot com.
polonus
No I not visit this site. This is loaded in background without any action while browsing on one certain web.