Author Topic: Is this IP being blocked? BOGONNETS 2 warning  (Read 1777 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Is this IP being blocked? BOGONNETS 2 warning
« on: January 24, 2014, 11:35:25 PM »
See: http://domain-kb.com/ipv4/185.12.111.245
Hitting with 01/21   01/21   Virut.AX    deny ip host 185.12.111.245 any log
sesligabile dot com,,,Not in namespace,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is this IP being blocked? BOGONNETS 2 warning
« Reply #1 on: January 24, 2014, 11:48:34 PM »
Also consider this scan: https://asafaweb.com/Scan?Url=185.12.111.245
Custom error Fail, Excessive Header info, Clickjacking warning.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Is this IP being blocked? BOGONNETS 2 warning
« Reply #2 on: January 25, 2014, 12:14:49 AM »
And also what about this Zeus C$C address: htxp://185.24.233.224/app/compress.php?m=login
3 av to detect: https://www.virustotal.com/nl/url/0c23cdc3c30293ff0059c2b59fd00bfee73485a8ce2a5868e0c8da9c341609d7/analysis/
185.24.233.224,185.24.233.224,,IPv4 address,ZeuS
Not detected here: http://urlquery.net/report.php?id=8960293
Zulu Zscaler does a better job: http://zulu.zscaler.com/submission/show/cc3e00c9a82a51997aeb2ac8392a0d57-1390604522
And here we get an error: https://zeustracker.abuse.ch/monitor.php?search=http%3A%2F%2F185.24.233.224%2Fapp%2Fcompress.php%3Fm%3Dlogin
Method Not Implemented

GET to /monitor.php not supported.
And here when we finally succeed, we get an unknown status: https://zeustracker.abuse.ch/monitor.php?search=185.24.233.224
also see: https://zeustracker.abuse.ch/monitor.php?host=185.24.233.224
See: https://malwr.com/analysis/NzFhMjY2OGFhZGJlNGRiNDhjMDI0ODdkODM3NjcwOTk/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!