Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site not blocked!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Site not blocked! (Read 1849 times)
0 Members and 1 Guest are viewing this topic.
Michael (alan1998)
Massive Poster
Posts: 2768
Volunteer
Site not blocked!
«
on:
April 27, 2014, 08:41:18 PM »
02718(dot)ru/
Related to the RBN.
http://urlquery.net/report.php?id=1398623538858
Sites on same IP:
http://urlquery.net/report.php?id=1398623621267
http://urlquery.net/report.php?id=1398623697356
http://urlquery.net/report.php?id=1398623846062
http://urlquery.net/report.php?id=1398623286405
http://urlquery.net/report.php?id=1398623441695
Blacklisted by Dr. Web
http://www.urlvoid.com/scan/02718.ru/
VT Report: Dr. Web only source blocking...
https://www.virustotal.com/en/url/e205f3473592cc869171751b38192715d3cee44d898fc16043073e1373258b6e/analysis/1398623941/
Sucuri Missed it totally:
http://sitecheck.sucuri.net/results/02718.ru/
Zulu: 32/100 Malicious...
http://zulu.zscaler.com/submission/show/6e88b4c561a47ba85b14be7dce35c923-1398623948
All of the (Current) ASN is considered to be apart of RBN Network IP 375
«
Last Edit: April 27, 2014, 08:43:57 PM by Michael (alan1998)
»
Logged
VOLUNTEER
Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.
Security is a mindset, not an application. Think BEFORE you click.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Site not blocked!
«
Reply #1 on:
April 28, 2014, 01:05:55 AM »
IP badness history:
https://www.virustotal.com/nl/ip-address/91.202.63.44/information/
AS has various infesction of JS.Loadpays.2
Kraken's Virus Tracker comes with the following domain classification: 02718 dot ru,91.202.63.44,ns1.vivapays dot com,Criminals,
meaning there is live and up malware there.
Contradictory WOT results:
https://www.mywot.com/en/scorecard/02718.ru
Microsoft Pocket Internet Explorer (PIE) is vulnerable to a denial of service attack, caused by improper handling of JavaScript in Web pages!
Site has htxp://02718.ru/design/js/PIE.js
Excessive header information:
http://fetch.scritch.org/%2Bfetch/?url=02718.ru&useragent=Fetch+useragent&accept_encoding=
Google Browser diff: Not identical
Google: 34535 bytes Firefox: 34724 bytes
Diff: 189 bytes
First difference:
ð°ñ�ð¾ð½ ð½ðµð¾ð±ñ�ð¾ð´ð¸ð¼ð¾ ð¾ñ�ð¿ñ�ð°ð²ð¸ñ�ñ� ñ�ð¼ñ�-ñ�ð¾ð¾ð±ñ�ðµð½ð¸ðµ ñ� ñ�ðµðºñ�ñ�ð¾ð¼ ð¡ð¢ð�ð� 2974 ð½ð° ð½ð¾ð¼ðµñ� 5051 (ð±ðµñ�ð¿ð»ð°ñ�ð½ð¾).<br> </div> </div> <...
Evidence site has been compromised: htxp://02718.ru/test404page.js -> htxp://02718.ru/notfound/
Malware for AS:
http://www.malwareurl.com/ns_listing.php?ns=ns2.vivapays.com
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Michael (alan1998)
Massive Poster
Posts: 2768
Volunteer
Re: Site not blocked!
«
Reply #2 on:
April 28, 2014, 02:05:31 AM »
So definently needs to be blocked ASAP...
Logged
VOLUNTEER
Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.
Security is a mindset, not an application. Think BEFORE you click.
HonzaZ
Avast team
Advanced Poster
Posts: 1038
Re: Site not blocked!
«
Reply #3 on:
April 28, 2014, 10:21:03 AM »
I did not find any malicious activity myself, but I blocked it:-).
Logged
Michael (alan1998)
Massive Poster
Posts: 2768
Volunteer
Re: Site not blocked!
«
Reply #4 on:
April 28, 2014, 11:18:17 AM »
Hi Hondaz, If you look at URLQuery Report, Under the IP reports, Every site there is tied to the RBN, which should be cause for a IP blacklist.
Logged
VOLUNTEER
Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.
Security is a mindset, not an application. Think BEFORE you click.
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site not blocked!