Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on March 29, 2022, 02:13:31 PM
-
The error that caused all this:
SERVER DETAILS
Web Server:
LiteSpeed
X-Powered-By:
PHP/7.3.33
IP Address:
5.22.249.133
Hosting Provider:
CJ2-AS, NL
Shared Hosting:
500 sites found (use Reverse IP to download list)
Title:
WordPress rsaquo; Error
See: https://urlhaus.abuse.ch/url/2118874/
Where detection and malware was missed completely:
https://quttera.com/detailed_report/www.duchessadimotta.com
Where at least the install error testpage was mentioned, but malware not flagged: https://sitecheck.sucuri.net/results/www.duchessadimotta.com/wp-admin/setup-config.php
More sites out there where this was being abused for PHISHING -> https://maltiverse.com/search;query=404testpage4525d2fdc;page=1;sort=creation_time_desc
polonus (volunteer 3rd party cold reconnaissance website security-analyst and website error-hunter)
-
Here we see another abuse of this site issue (flagged by PHISH-tank):
https://nab-alert.mobi/404testpage4525d2fdc
See as given as PHISHING Other:
https://maltiverse.com/url/e32453928d9b2a87d76d2fe17e4179c461598bac3ec2d37107861382ff0e474b
10 av-vendors flag here: https://www.virustotal.com/gui/url/e32453928d9b2a87d76d2fe17e4179c461598bac3ec2d37107861382ff0e474b
pol
-
More flags and IP-flags:
https://maltiverse.com/url/7968607305fe4aff58118017e6cf9f4ee2e561e742155c4f3b3b4c8c2333b0ea
On IP: https://www.virustotal.com/gui/ip-address/67.199.248.13/relations
from: https://sitereport.netcraft.com/?url=https%3A%2F%2Fnab-alert.mobi%2Fnewpayee
pol
-
Generic malware found up here: https://maltiverse.com/search;query=404testpage4525d2fdc;page=1;sort=creation_time_desc
But not being flagged here: https://www.virustotal.com/gui/url/c835d3011ac9b1c023b3c8442c5f8e62812133d389f0495e349b9d4670337f41/links
polonus