Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Is this image hosting site used to spread malware?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Is this image hosting site used to spread malware? (Read 8674 times)
0 Members and 1 Guest are viewing this topic.
REDACTED
Guest
Is this image hosting site used to spread malware?
«
on:
March 23, 2016, 03:39:04 PM »
I've seen few images on the web hosted by "postimg.org", which seems to be a subdomain for "postimage.org".
When checking these links on virustotal, they show up clean (no blacklists I mean), but scans for postimg.org IP shows up quite a few blacklists for different image links.
https://www.virustotal.com/en-gb/ip-address/108.162.204.60/information/
«
Last Edit: March 23, 2016, 03:42:56 PM by Pernaman
»
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33904
malware fighter
Re: Is this image hosting site used to spread malware?
«
Reply #1 on:
March 23, 2016, 06:30:09 PM »
Certainly there are issues there. See:
https://securityheaders.io/?q=postimg.org
Consider this analysis:
https://malwr.com/analysis/NTdjYmYwMzA5ZGRlNDRiMmExMWVmYzNiMzRkYzZmYTA/
Known PHISH:
http://comments.gmane.org/gmane.comp.security.phishings/72956
This confirms the issues:
http://proxyunblocker.org/unblock/postimg.org/
On IP:
http://urlquery.net/report.php?id=1458753527209
A list of redirects like: -http://postimg.org/ redirects to -http://postimg.org/auth.php?logout=1&back=Lw==
-http://postimg.org/auth.php?logout=1&back=Lw== redirects to -http://postimage.org/auth.php?logout=1&back=Lw==
-http://postimage.org/auth.php?logout=1&back=Lw== redirects to -http://postimage.org/
-http://postimage.org/ redirects to -https://beta.postimage.org/
Re:
http://toolbar.netcraft.com/site_report?url=https://beta.postimage.org
Even worse:
https://securityheaders.io/?q=https%3A%2F%2Fbeta.postimage.org
and
http://dnssec-debugger.verisignlabs.com/beta.postimage.org
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Is this image hosting site used to spread malware?