« previous next »
Pages: [1]   Go Down

Author Topic: Where the redirect is going - malware? Suspicious - Scam site!  (Read 1192 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Where the redirect is going - malware? Suspicious - Scam site!
« on: September 16, 2015, 12:14:09 AM »
See: https://www.virustotal.com/nl/url/9b95871546a4aedfaab005ae168c6cd6db114644a1afb001c049173222085908/analysis/1442354492/
Avira to detect. Given as clean here: http://quttera.com/detailed_report/tracking.tapge.com
Unable to properly scan website. Site empty (no content): Content-Length: 0
I get a restricted domain alert and this WOT report: https://www.mywot.com/en/scorecard/tracking.tapge.com
Redirecting here: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Faptrk.com%2Fm%2F%3Fq%3DLGbmBagmBwp1VzSjpS46pzjvB8Z1ZGZmBvWbqUEjpmbiY7SxoJyhYzSjpT0yrUDhL74gY7SjpRkcozfhLKAjrQ4vCGHmZwV0WzH4ZGR6ZQN0WaR4AzIvBQL0MwRgAmMuAl55ATV5YJV7AmZgZQV0MGMvLzZ6L7RlWaA6LzyxCGywLJIvZ7HlL7SuBGZ5MQLmMQVkLJL5AzV7AwD7MwV6VwgmBwR6BvW5pzSwn7yhM64xo76unJ9vB8Z1BGbvLKO5pzfhL74gVwgmBwD1VaI6nJDvB8Z1ZmL1VwqyZTL5AmH9YJV7LmpgZGSyAP6vAwuuYGNjZwH0ZQH9LGWzAvV2sD%253D%253D
Adware App Wall:- http://contact.appfly.mobi/  bad web rep: https://www.mywot.com/en/scorecard/contact.appfly.mobi
Advanced Webtracking - three names come up here markmonitor - Amazon & GoDaddy -> http://toolbar.netcraft.com/site_report?url=http://aptrk.com -> Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   appfly   appfly
2      None

jquery-migrate.min.js?ver=1.2.1 is known to have a sink: https://wordpress.org/support/topic/jquery-migrate-vulnerability-or-false-alarm -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Faptrk.com

On IP: http://cyberwarzone.com/malicious-history-of-184-168-47-225/

Other issues to consider on that domain: http://mxtoolbox.com/domain/tracking.tapge.com/
5 Problems
Category   Host                            Result   
   spf   tapge.com                   No records found    
   dns   tapge.com                   SOA Expire Value out of recommended range    
   smtp   p.nsm.ctmail.com   Reverse DNS does not match SMTP Banner   
   smtp   p.nsm.ctmail.com   Warning - Does not support TLS.   
   smtp   p.nsm.ctmail.com   May be an open relay.    

pol
« Last Edit: September 16, 2015, 12:38:48 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »