Author Topic: Zeus tracker detected?  (Read 5142 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Zeus tracker detected?
« on: December 11, 2014, 05:17:04 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
« Last Edit: December 11, 2014, 05:23:34 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: Zeus tracker detected?
« Reply #2 on: December 11, 2014, 05:25:44 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33986
  • malware fighter
Re: Zeus tracker detected?
« Reply #3 on: December 11, 2014, 07:15:49 PM »
Hi Pondus,

Very attentive. So we as website scanners should always distinct between full and naked domain scans.
Check between www dot scandomain dot com and scandomain com.
Also check whether a domain is been hosted as a Multiple IP Domain, meaning some share 4 different IP on hoster.

As an example see this domain scan: http://urlquery.net/report.php?id=1418314297236
Nada: https://www.virustotal.com/nl/url/4f2aa8c268aa4c073fc106b39a337fc4f211325b8997e0d4b28d4b2e7e910c28/analysis/
and another nada: http://quttera.com/detailed_report/www.scamwarners.com
Surprise, surprise Multiple IP domain (4) Which IP numbers does wXw.scamwarners.com use?

WXW.SCAMWARNERS.COM uses the four IP numbers 2400:CB00:2048:1::C629:CEE5, 2400:CB00:2048:1::C629:CFE5, 198.41.206.229 and 198.41.207.229 together -> https://www.robtex.com/en/advisory/dns/com/scamwarners/www/
Resolution failed: http://hosts-file.net/default.asp?s=www.scamwarners.com

Brightcloud flags with 1 infection in the past: Webroot Content Classification and Web Reputation
Category   Reputation Index   Status
Society
Request a new URL category     
40
Request URL Reputation change       
      Suspicious
   Learn more   
Web Reputation Analysis
Factor   Value   Impact
Infections (past 12 months)   1   
Popularity   High
Age   46 months (Established)

Here all seems all-right: http://www.dnsinspect.com/scamwarners.com/1418320376
and here (for what that seal is is worth_ http://scamwarners.com.trustcheck.net/ )

Fatal code error: ////cdn-cgi/nexp/dok2v=1613a3a185/ in CDN plug-in: https://wordpress.org/support/topic/an-unexpected-error-occured-13

asynchronous adsense code: adsbygoogle = window.adsbygoogle || []).push(  and static.getclicky.com DNS issues ...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!