Author Topic: Hacking from -185.37.151.134 -themansart.com/Invoice-29165?  (Read 1299 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Hacking from -185.37.151.134 -themansart.com/Invoice-29165?
« on: December 09, 2017, 12:19:53 AM »
We are being protected against this Other:Malware-gen [Trj] (avast)

Inserting malware from this Tel-Aviv~Holon address through malware with links as
-https://fonts.googleapis.com/earlyaccess/opensanshebrew.css
-https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
-https://www.upress.io/themes/upress/assets/img/logo.png

Abuse at -134.128/26.151.37.185.in-addr.arpa.s-vps-il-96.upress.io

Quote
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

%ERROR:201: access denied for this server.
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
% http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-201-access-denied

% This query was served by the RIPE Database Query Service version 1.90 (BLAARKOP)


4 detect the malware: https://www.virustotal.com/#/url/a13e7f3cc4671bedb608004fa38f612dac4b3a4ce1435527ed93dabdf18ab306/detection

Avast detects:  ;)  https://www.virustotal.com/#/file/555d2787d706e2d5ec4342356e9204d3b6f5fd646c63ee078f4e93e07902a1b3/detection

polonus
« Last Edit: December 09, 2017, 12:24:03 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!