Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on November 26, 2020, 02:02:32 PM
-
Blocked on android for me by Blokada = see: https://urlscan.io/result/2e30048b-e3bb-48d2-a673-036407074ead/
Google IP from Frankfurt am Main (Germany) - https://www.virustotal.com/gui/ip-address/108.177.111.95/relations
(see all the communicating file detections there).
What is -Googleapis.com Virus? -Googleapis.com Virus is a the name given to a class of adware whose end-goal is to use the legitimate Google Service (-Googleapis.com itself) to display phishing pages, redirect users to various ads, malicious and misleading web-sites. Many PC users consider adware, PUPs, keyloggers, malware as the same thing....
Nothing here on domain: https://www.virustotal.com/gui/url/b147f4564f34f2280690a17b0fa67e8024a06b36d1dd20709db005fa67f7b72a/details
See: https://domain.glass/geller-pa.googleapis.com
Seems to go hand in foot with CloudFlare's -> https://subdomainfinder.c99.nl/scans/2020-09-26/geller-pa.googleapis.com
Likely to be involved in ad-retargeting, consider: https://www.shodan.io/host/108.177.111.95
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Found via Pulsedive here: https://pulsedive.com/explore/?q=JTdCJTIydHlwZSUyMiUzQSU1QiUyMmFsbCUyMiU1RCUyQyUyMnJpc2slMjIlM0ElNUIlMjJhbGwlMjIlNUQlMkMlMjJyZXRpcmVkJTIyJTNBJTIyZmFsc2UlMjIlMkMlMjJsaW1pdCUyMiUzQSUyMmh1bmRyZWQlMjIlMkMlMjJsYXN0c2VlbiUyMiUzQSUyMmFsbCUyMiUyQyUyMnNlYXJjaCUyMiUzQSUyMmluZGljYXRvcnMlMjIlN0Q=#indicators
Vulners galore for IP at shodan.io: https://www.shodan.io/host/31.7.63.146
Palo Alto firewall blocked: https://github.com/clay584/blacklist_builder/blob/master/output-example.txt
Not secure Apache2 Ubuntu Default page: -http://31.7.63.146/
Modified from the Debian original for Ubuntu
Last updated: 2014-03-19
See: https://launchpad.net/bugs/1288690
Quick Source view: HTML
-31.7.63.146/
13,283 bytes, 107 nodes
Javascript 6 (external 0, inline 6)
INLINE: // Catch errors if signal is already set by user agent or other extensi
402 bytes
INLINE: // Catch errors if signal is already set by user agent or other extensi
402 bytes
INLINE: !function(){let e=!1;function n(){if(!e){const n=document.createElement("meta");
613 bytes
INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
38,144 bytes
INLINE: try { Object.defineProperty(screen, "availTop", { value:
4,124 bytes
INLINE: try { Object.defineProperty(screen, "availTop", { value:
4,124 bytes
CSS 2 (external 0, inline 2)
INLINE: * { margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; } body, h
2,866 bytes INJECTED
INLINE: @media print {#ghostery-purple-box {display:none !important}}
61 bytes INJECTED
IP not detected: https://novasense-threats.com/lookup/31.7.63.146
Detected: https://www.virustotal.com/gui/ip-address/31.7.63.146/detection
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)