Suspicious URLS | 10-22-2012

Hello,

I would like to report some suspicious URLs that were emailed to me in spam emails.

Here are URL Scanner results that suggest that the URLs are suspicious:

1: http://zulu.zscaler.com/submission/show/5daa86365702c9faf56d966439bf2c32-1350755621

2: http://zulu.zscaler.com/submission/show/f481a38274d60c32dc2294dcd2af7d7d-1350276234

3: http://zulu.zscaler.com/submission/show/d7cdac5540d8afedddd9ce7c4f012fd8-1350276535

4: http://zulu.zscaler.com/submission/show/f5407dc6cd9869d76466342fa9425eb7-1350786923

5: http://zulu.zscaler.com/submission/show/35375ba2fb0511b88eca1b85da211fd4-1350787045

Thank you,
-John Jr

send these suspicious URL’s to virus@avast.com directly via e-mail :wink:

Thank you :slight_smile: , I did, but I am never sure if they got my emails or not since there is no auto-response system or Human response to let you know if they received your email or not usually. :wink:

There are smaller companies than Avast that have automatic and/or Human responses to emails to let you know that they got your emails and/or that gives you the results/findings, it would be nice if Avast would get a response system one day soon, like many other companies; and it would also be nice if Avast would get an URL submission page and/or a manual URL submission program option and/or an automatic URL submission option for unknown & suspicious URLs et cetera. :wink:

Hi goodjohnjr,

Certainly, they have your mails at virus AT avast dot com
Detections you provided are known spam sites.
See for first example: http://sitecheck.sucuri.net/results/ya-trezviy.ru/modules/lig.php
redirecting to: htxp://medical-ed-shop.com/
Hostname: medical-ed-shop dot com see: http://www.avgthreatlabs.com/sitereports/domain/medical-ed-shop.com/
See for IP: http://www.projecthoneypot.org/ip_95.211.169.96
Dutch Leaseweb is renowned and has a reputation for these and similar incidents
nearby 95.211.168.207 also on Leaseweb is a dictionairy attacker
Thank you for your contributions. Normally there is no response from avast, but they are known to soon add new reported issues to their database,

polonus

Thank you :slight_smile: , I do hope that Avast at least adds an automatic response system that will show that your email was received with a copy of that email soon and/or some of my other suggestions, that should be easy enough for them to do. :wink:

To me these steps/things/ideas/et cetera are important in the fight against malware, spam, scams, phishing, exploits, et cetera; especially since online threats are increasing so often. :wink:

Hi goodjohnjr,

Yes it is a vast increasing threat landscape we are finding ourselves in, malvertisers and malcreants are active like never before…
Avast is already giving a JS:ScriptPE-inf[Trj] Web Shield alert for a search like htxp://www.google.nl/search?hl=nl&output=search&sclient=psy-ab&q=http%3A%2F%2Fdoctorten.com%2Fjs%2Fheatmap.js&btnK=
So we have detection there…showing how important reporting to virus AT avast dot com by the avast community is. Together we are participating in building the database and furthering avast detection…

polonus

That is good to hear, thank you Polonus. :slight_smile: