SN: Outbound TCP traffic to suspect network (AS49981

Other > Viruses and worms

SN: Outbound TCP traffic to suspect network (AS49981 - NL) alert!

(1/1)

polonus:
See: https://urlquery.net/report/13d8b7f1-0eb3-4d96-b5d9-85b0f7d9c5b9
see: https://urlquery.net/report/07fe45f1-b4f5-415a-9858-b492f8c2d3f8
Re: http://toolbar.netcraft.com/site_report?url=http://109.236.94.163

AS abuse 316 blacklisted URLs: http://sitevet.com/db/asn/AS49981 -> https://identipy.com/109.236.94

Background read: https://blogs.manageengine.com/network/netflowanalyzer/2011/03/24/detecting-suspicious-flows-using-netflow-analyzer.html IP OpenSSH 6.0p1 Debian 4+deb7u3 (protocol 2.0) tcp open http nginx
|_http-title: Did not follow redirect to hxtps://streamwood.ru/ Cert.chain Let's Encrypt Authority X3 & api.streamwood.ru

Consider also: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=darknet.winsite.com&ref_sel=GSP2&ua_sel=ff&fs=1
2 vuln. libraries detected: http://retire.insecurity.today/#!/scan/7c22b44c84943702b6354095ca2dea9a5726149de286ba38bc6a783ddbc37f98

F-Grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=darknet.winsite.com
7 problems flagged: https://mxtoolbox.com/domain/darknet.winsite.com/

polonus

polonus:
A likewise alert for a Dutch AS: "ETPRO POLICY External IP Address/Location Disclosure - geoplugin dot net"
is found here: https://urlquery.net/report/a4d43e02-497f-4f31-9138-40529ec3b3b5
Re: https://www.abuseipdb.com/check/178.237.36.10
Domain for launching trojans: https://www.threatcrowd.org/ip.php?ip=178.237.36.10
Not given as blacklisted here: http://www.ip-tracker.org/blacklist-check.php?ip=178.237.36.10
Flagged again here: https://otx.alienvault.com/indicator/ip/178.237.36.10/

For given domain consider: http://toolbar.netcraft.com/site_report?url=hxtp://r4d.co
Website is insecure by default
80% of the trackers on this site could be protecting you from NSA snooping. Tell r-4d.co to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

Twitter guest_id
-113=rwdhgk9ob7x_3l5zlkcad_daibwzggfytytl650ur9f_inouudcufaoecqzjaoc3i-ik_ojqkpn2yp6izqdqrvoxyc6buxh56ymvldvvt_xwlykkgcce7hosbsb_nx8z apis.google.com nid
Legend
Tracking IDs could be sent safely if this site was secure.
Tracking IDs do not support secure transmission.

polonus (volunteer website security analyst and website error-hunter)

polonus:
The link with Zeus AS still obvious: https://zeustracker.abuse.ch/monitor.php?as=49981
a recent example detetcion: https://urlquery.net/report/37dc89b5-2cf7-495c-aeb5-2de29b204320

User security breach via viewstategenerator?

polonus

Navigation

[0] Message Index

Go to full version