« previous next »
Pages: [1]   Go Down

Author Topic: Known infection source not blocked! Also spam domain!  (Read 1811 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Known infection source not blocked! Also spam domain!
« on: December 06, 2013, 06:42:46 PM »
See: https://www.virustotal.com/nl/url/e1aa88b8bb9ae4e684b78eb0068f3d3c95d6c82e473a1b843b73472c04711d1c/analysis/1386341685/
IDS alerts: http://urlquery.net/report.php?id=8203974   blocked by WOT web rep and listed here: http://investexpo.ru/ is in Dr.Web malicious sites list!
Malware from site now seems dead: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=82.98.86.172
Is this part of Mitglieder hell? -> https://isc.sans.edu/forums/diary/Mitglieder+hell/722  link article author = William Salusky
Bitdefender alerts this parked domain, WOT frowns on it: https://www.mywot.com/en/scorecard/investexpo.ru?utm_source=addon&utm_content=popup-donuts
IP leads to http://sedoparking.com/?path=home Known as a bad webhost: http://www.projecthoneypot.org/ip_82.98.86.172
history: installs.in   ns1.sedoparking dot com => 91.195.240.162
ns2.sedoparking dot com => 217.160.208.235
    (AS12306) PLUSLINE
82.98.86.172   Trojan Zbot drop zone    2010-06-29
gradon dot info   ns1.dnsexit dot com => 69.57.160.118
ns2.dnsexit dot com => 64.182.102.188
    (AS12306) PLUSLINE
82.98.86.172   Trojan TDSS / Rogue Antivirus downloader    2010-04-26

Known spam source: http://knujon.com/ips/82.98.86.172.html

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »