Jump to content

Photo

Redirect to malicious website.


  • Please log in to reply
3 replies to this topic

#1
SingABrightSong

SingABrightSong

    Enthusiast

  • Supporter
  • PipPip
  • 201 posts

Hello. I connected to http://nexusmods.com...mspecialedition at approximately 8 AM UTC-6 on October 16 2018 and was maliciously redirected to the following address.

hxxp://microsoft.com-us4-cot2.awards-for-our-lucky-visitors.pw/winip7en_win.html?isp=Cloudflare%20inc.&model=&108.162.246.20&cep=TgFtHL6b-Ovz0zUfsidmac_Ft88OcH6d6rTmuSD21eDk_mDGathm2_Swsb5ccd7w0WaYCVTZxRnCMHSSScm0c7ZnJNWmlue_DwqRULZBDoLDN5a-ojpQC8wGo-vx4SGFttceoj7QXv4GdexFz-NNBCWn48pLXw2mCqLB97aKLyctlidxh21AEtZFxpVdL1rKM7WQgiP8gnYEvr-UbWF3P4FrWtk9TQr0z_nQVZzOxvRe8_5JIgf1jSxfz9alCA0dNheHBrAzVk5qCzCF1f07ZxvI9UJRJo5lf3NuQMROCMc&siteid=pulsepoint_112284&sitedomain=nexusmods.com&page=&source=350&pub=pulsepoint_559903#b

A system scan with Malwarebytes returns clean, and I am located in Edmonton, Alberta, Canada. The website I was redirected to displayed flashing colours, and played audio that claimed I had won an iPhone. This particular advertisement is in common enough rotation that I had been redirected to the same or a similar website earlier, though I cannot recall an exact date. I was unable to obtain a screenshot of the advertisement itself due to the rapidity of the redirect, but if needed I can provide a screenshot of the malicious website.

 

If any more information is needed, I shall see if I can provide it.

 

Thank you.

SingABrightSong



#2
leonardo2

leonardo2

    Reborn Old Timer

  • Members
  • PipPipPipPip
  • 1,165 posts

Have you checked what programs you have installed in Windows?

 

Why I ask is because I suspect you got a ads virus called Advance Elite and I got that 1-2 years ago and that will be installed without the user knows it.



#3
SingABrightSong

SingABrightSong

    Enthusiast

  • Supporter
  • PipPip
  • 201 posts

Have you checked what programs you have installed in Windows?

 

Why I ask is because I suspect you got a ads virus called Advance Elite and I got that 1-2 years ago and that will be installed without the user knows it.

 

Based on the description given by the website there is no indication that such software is installed.



#4
cymun111

cymun111

    Stranger

  • Members
  • Pip
  • 3 posts

Disabling javascript also fixed the issue for me, it nothing more than a band aid util they can fixed the real issue. 






Page loaded in: 0.958 seconds