Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on February 11, 2020, 11:54:10 PM
-
Saw this address making connections: -http://ats1.l7.search.vip.ir2.yahoo.com/
Checked here: https://www.virustotal.com/gui/url/1a4fef9f2c56dc8bb13a3321f585414034867dbb3f670c03bf2a8a2e20c81988/details
and for IP relations: https://www.virustotal.com/gui/ip-address/212.82.100.137/relations (2 engines flag)
Suspicious content -> / sc​ript > < /body> < /html> Content after the < /html> tag should be considered suspicious.
2: < !-- -fe149.syc.search.bf1.yahoo.com Tue Feb 11 22:45:35 UTC 2020 --> cannot be resolved.
Also consider: https://www.shodan.io/host/212.82.100.137
Contact refused from -guce.search.yahoo.com/consent?brandType=eu&gcrumb=G2HZby4&done=https://nl.search.yahoo.com
Resolving to secure connection to: -https://nl.search.yahoo.com/?guccounter=1
-> location: -https://guce.search.yahoo.com/consent?brandType=eu&gcrumb=THZQ_4k&done=-https%3A%2F%2Fnl.search.yahoo.com%2F%3Fguccounter%3D1
Note: This line has redirected the request to -https://guce.search.yahoo.com/consent?brandType=eu&gcrumb=THZQ_4k&done=
-https%3A%2F%2Fnl.search.yahoo.com%2F%3Fguccounter%3D1
Re: https://www.shodan.io/host/66.218.84.137
polonus