Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on February 06, 2019, 12:51:00 AM

Title: Malware Win32 from Word Press website..
Post by: polonus on February 06, 2019, 12:51:00 AM

User enumeration diabled, directorly listing disabled OK.
Flagged here, see tools there: http://vxvault.net/ViriFiche.php?ID=40340
Blacklisted: https://urlquery.net/report/801f1c9c-5b73-472f-9701-a21eeb9e183f

Loaded resources: Loaded Resources
Compromised sites will often be linked to malicious javascript or iframes in an attempt to attack users of your WordPress installation. Look over the listed resources, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.

-http://dreamtravelonthego.com/
OK
    Load:
166ms   Server: 143.95.68.201
nginx/1.14.0   ASN: 36024 United-States
TierPoint, LLC   Reverse DNS:
-dallas140.arvixeshared.com
-http://fonts.googleapis.com/css?family=Megrim
OK
    Load:
17ms   Server: 172.217.8.10
ESF   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s59-in-f10.1e100.net
-http://fonts.googleapis.com/css?family=Quicksand
OK
    Load:
38ms   Server: 172.217.8.10
ESF   ASN: 15169 United-States
Google LLC   Reverse DNS:
-id23s59-in-f10.1e100.net
-http://e-mete.com/js/kdsnow.js
OK
    Load:
93ms   Server: 162.243.101.213
Apache   ASN: 14061 United-States
DigitalOcean, LLC   Reverse DNS:
-koddostu.com
-http://www.e-mete.com/js/kdsnow.js
OK
    Load:
30ms   Server: 162.243.101.213
Apache   ASN: 14061 United-States
DigitalOcean, LLC   Reverse DNS:
koddostu.com
https://www.e-mete.com/js/kdsnow.js
OK
    Load:
50ms   Server: 162.243.101.213
Apache   ASN: 14061 United-States
DigitalOcean, LLC   Reverse DNS:
-koddostu.com
-https://mrcctr.github.io/mrcc.mp3
OK
    Load:
40ms   Server: 185.199.111.153
GitHub.com   ASN: 54113 Netherlands
Fastly   Reverse DNS:
-http://fonts.gstatic.com/s/quicksand/v8/6xKtdSZaM9iE8KbpRA_hK1QL.woff
OK
    Load:
6ms   Server: 172.217.3.35
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s57-in-f3.1e100.net

See: https://www.threatminer.org/domain.php?q=dreamtravelonthego.com

Known infection source: https://www.virustotal.com/fr/domain/dreamtravelonthego.com/information/

polonus