URL: Mal when visiting a webpage, kinda weird..

I was surfing and looking at some random images on Google Image when Avast suddenly warned for URL: Mal. The website that it warned for had 404 error, so nothing was visible. I had NoScript on. My Firefox setting also had redirects only to be done if I allow it set.

Is there anyway I can see if this was a false positive or if I somehow got infected with something? I don’t want to post links here so others go to it. I will happily PM the links if anyone want to help me :). Virustotal and Anubis didn’t show anything. Avast did not warn of anything else. No signs of infection. Running a scan right now while writing this.

Thanks a lot.

check the URL here urlquery.net and here zulu.zscaler.com/

post the link to the result here

I did not do URLQuery because I am not really comfortable with my IP on there… :frowning: It’s a pity.
Zulu said that it’s beign with a score of 16/100. Basically two things gave it that score: 1) Netblock size, 2) Previous history of bad things on that that IP/namespace thingy.

Full scan just finished with no reports of infections.

Personally I think it was a false positive, something in the url triggered Avast. Too bad no information is given in Avast, or avast protected me by just quickly analyzing the page - but can it see scripts etc. even if i have NoScript on?

Wepawet is down at the moment but when it’s up I am going to send the url there too.

By the way, thanks Pondus!

I did not do URLQuery because I am not really comfortable with my IP on there.. It's a pity.
your IP will not be there ....it is the URL that you visited that will show...as you enter that URL in the search box there

Ah, that’s great. Thanks.

I just ran it on URLQuery. All I can say is Avast saved me, but I am really curious how…
That page had FakeAV loading page, botnet trojan loading page and a known malware site.

It also had a lot of malicious JS, and some iframes leading to malware.

Now, would be really glad if people could help me.

  1. How did Avast stop this? Was it because the site was a known malware site? I don’t think Avast could of scanned the content of the webpage because NoScript is activited.
  2. How can I check that I still didn’t get infected in anyway?
  3. Avast blocked the page completely, so I should not have gotten infected by that website now, right? When the page opened it was a “Page could not open” for me and Avast popup at the same time.

I checked up the botnet and tried to find it’s files on my computer, but none found. I am also going to look into the computer myself a bit more later. Any ideas are welcome. I am also curious to how I got redirected, hm…

Thanks Pondus for your help! :slight_smile:

Anyone know if Avast blocked it just because the domain was on blacklist or because it really found something?
I amtrying to figure out if my computer has been infected.

Thanks

difficul to answer unless you give us the url

for a check inside follow this guide and attach logs. http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR

then a specialist will check your inside for infection