Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Zeus tracker detected?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Zeus tracker detected? (Read 4996 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33808
malware fighter
Zeus tracker detected?
«
on:
December 11, 2014, 05:17:04 PM »
See:
https://www.virustotal.com/nl/url/526b0b41195d703f4521e057503431f20b88ab3d6d0f2ba422a60adb4c5bd8ef/analysis/1418313990/
Sure blacklisted:
http://quttera.com/detailed_report/ipkill.org
8 externnal links flagged and blacklisted
Potentially harmful:
http://sitecheck.sucuri.net/results/ipkill.org
IDS alert:
http://urlquery.net/report.php?id=1417814332345
for ET CNC Zeus Tracker Reported CnC Server group 14
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33808
malware fighter
Re: Zeus tracker detected?
«
Reply #1 on:
December 11, 2014, 05:21:37 PM »
Closed down:
https://zeustracker.abuse.ch/monitor.php?ipaddress=213.186.33.17
But still enough malcode on that IP:
https://www.virustotal.com/nl/ip-address/213.186.33.17/information/
pol
«
Last Edit: December 11, 2014, 05:23:34 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37331
Not a avast user
Re: Zeus tracker detected?
«
Reply #2 on:
December 11, 2014, 05:25:44 PM »
full URL give scan error ... but shorted works see pic
http://urlquery.net/report.php?id=1418314833866
full url give not VT detection, but short does
https://www.virustotal.com/en/file/466d33db84f27f2a53353e3dacd6c029a826cf7a2951c9e0b2786cf14f9f6cef/analysis/1418314937/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33808
malware fighter
Re: Zeus tracker detected?
«
Reply #3 on:
December 11, 2014, 07:15:49 PM »
Hi Pondus,
Very attentive. So we as website scanners should always distinct between full and naked domain scans.
Check between www dot scandomain dot com and scandomain com.
Also check whether a domain is been hosted as a Multiple IP Domain, meaning some share 4 different IP on hoster.
As an example see this domain scan:
http://urlquery.net/report.php?id=1418314297236
Nada:
https://www.virustotal.com/nl/url/4f2aa8c268aa4c073fc106b39a337fc4f211325b8997e0d4b28d4b2e7e910c28/analysis/
and another nada:
http://quttera.com/detailed_report/www.scamwarners.com
Surprise, surprise Multiple IP domain (4) Which IP numbers does wXw.scamwarners.com use?
WXW.SCAMWARNERS.COM uses the four IP numbers 2400:CB00:2048:1::C629:CEE5, 2400:CB00:2048:1::C629:CFE5, 198.41.206.229 and 198.41.207.229 together ->
https://www.robtex.com/en/advisory/dns/com/scamwarners/www/
Resolution failed:
http://hosts-file.net/default.asp?s=www.scamwarners.com
Brightcloud flags with 1 infection in the past: Webroot Content Classification and Web Reputation
Category Reputation Index Status
Society
Request a new URL category
40
Request URL Reputation change
Suspicious
Learn more
Web Reputation Analysis
Factor Value Impact
Infections (past 12 months) 1
Popularity High
Age 46 months (Established)
Here all seems all-right:
http://www.dnsinspect.com/scamwarners.com/1418320376
and here (for what that seal is is worth_
http://scamwarners.com.trustcheck.net/
)
Fatal code error: ////cdn-cgi/nexp/dok2v=1613a3a185/ in CDN plug-in:
https://wordpress.org/support/topic/an-unexpected-error-occured-13
asynchronous adsense code: adsbygoogle = window.adsbygoogle || []).push( and static.getclicky.com DNS issues ...
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Zeus tracker detected?
