Author Topic: Is this image hosting site used to spread malware? (Read 8674 times)

REDACTED · « **on:** March 23, 2016, 03:39:04 PM »

I've seen few images on the web hosted by "postimg.org", which seems to be a subdomain for "postimage.org".

When checking these links on virustotal, they show up clean (no blacklists I mean), but scans for postimg.org IP shows up quite a few blacklists for different image links.

https://www.virustotal.com/en-gb/ip-address/108.162.204.60/information/

polonus · « **Reply #1 on:** March 23, 2016, 06:30:09 PM »

Certainly there are issues there. See: https://securityheaders.io/?q=postimg.org
Consider this analysis: https://malwr.com/analysis/NTdjYmYwMzA5ZGRlNDRiMmExMWVmYzNiMzRkYzZmYTA/
Known PHISH: http://comments.gmane.org/gmane.comp.security.phishings/72956
This confirms the issues: http://proxyunblocker.org/unblock/postimg.org/
On IP: http://urlquery.net/report.php?id=1458753527209
A list of redirects like: -http://postimg.org/ redirects to -http://postimg.org/auth.php?logout=1&back=Lw==

-http://postimg.org/auth.php?logout=1&back=Lw== redirects to -http://postimage.org/auth.php?logout=1&back=Lw==

-http://postimage.org/auth.php?logout=1&back=Lw== redirects to -http://postimage.org/

-http://postimage.org/ redirects to -https://beta.postimage.org/

Re: http://toolbar.netcraft.com/site_report?url=https://beta.postimage.org

Even worse: https://securityheaders.io/?q=https%3A%2F%2Fbeta.postimage.org
and
http://dnssec-debugger.verisignlabs.com/beta.postimage.org

polonus

Author Topic: Is this image hosting site used to spread malware? (Read 8674 times)

REDACTED

Is this image hosting site used to spread malware?

polonus

Re: Is this image hosting site used to spread malware?