Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on January 24, 2014, 11:35:25 PM

Title: Is this IP being blocked? BOGONNETS 2 warning
Post by: polonus on January 24, 2014, 11:35:25 PM

See: http://domain-kb.com/ipv4/185.12.111.245
Hitting with 01/21   01/21   Virut.AX    deny ip host 185.12.111.245 any log
sesligabile dot com,,,Not in namespace,

polonus

Title: Re: Is this IP being blocked? BOGONNETS 2 warning
Post by: polonus on January 24, 2014, 11:48:34 PM

Also consider this scan: https://asafaweb.com/Scan?Url=185.12.111.245
Custom error Fail, Excessive Header info, Clickjacking warning.

pol

Title: Re: Is this IP being blocked? BOGONNETS 2 warning
Post by: polonus on January 25, 2014, 12:14:49 AM

And also what about this Zeus C$C address: htxp://185.24.233.224/app/compress.php?m=login
3 av to detect: https://www.virustotal.com/nl/url/0c23cdc3c30293ff0059c2b59fd00bfee73485a8ce2a5868e0c8da9c341609d7/analysis/
185.24.233.224,185.24.233.224,,IPv4 address,ZeuS
Not detected here: http://urlquery.net/report.php?id=8960293
Zulu Zscaler does a better job: http://zulu.zscaler.com/submission/show/cc3e00c9a82a51997aeb2ac8392a0d57-1390604522
And here we get an error: https://zeustracker.abuse.ch/monitor.php?search=http%3A%2F%2F185.24.233.224%2Fapp%2Fcompress.php%3Fm%3Dlogin
Method Not Implemented

GET to /monitor.php not supported.
And here when we finally succeed, we get an unknown status: https://zeustracker.abuse.ch/monitor.php?search=185.24.233.224
also see: https://zeustracker.abuse.ch/monitor.php?host=185.24.233.224
See: https://malwr.com/analysis/NzFhMjY2OGFhZGJlNGRiNDhjMDI0ODdkODM3NjcwOTk/

pol