Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on January 03, 2020, 10:36:47 PM

Title: 8 engines detect IP
Post by: polonus on January 03, 2020, 10:36:47 PM

Re: https://urlhaus.abuse.ch/url/282523/
Re: https://www.shodan.io/host/211.137.225.2
See: https://viz.greynoise.io/ip/211.137.225.2
Consider: https://www.virustotal.com/gui/url/e526b8862ae5ca11d359cb2fdc263d010b6e5cecbce5cd5542751d7177647801/detection
And mozi.m detections here: https://www.virustotal.com/gui/ip-address/211.137.225.2/relations
60% of av detect, so we are being protected: https://www.virustotal.com/file/832fb4090879c1bebe75bea939a9c5724dbf87898febd425f94f7e03ee687d3b/analysis/1577919400/

polonus

Title: Re: 8 engines detect IP
Post by: polonus on January 04, 2020, 12:39:12 PM

Another blacklisted one to be blocked (abuse address/IP)
Re: https://urlhaus.abuse.ch/url/282596/
Re: https://www.virustotal.com/gui/file/15173cec43c72e76a391fa89c20a79e5a8067da8d0c5b741f11fb278a332bfc6/detection
Site blacklisted: https://sitecheck.sucuri.net/results/https/klickus.in
hosting vuln.: https://www.shodan.io/host/209.127.19.34  and  https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fklickus.in
Consider also: https://www.virustotal.com/gui/ip-address/209.127.19.34/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)