« previous next »
Pages: [1]   Go Down

Author Topic: Malware site and related sites...  (Read 942 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Malware site and related sites...
« on: June 17, 2019, 06:44:45 PM »
Re: https://urlhaus.abuse.ch/url/209660/
Results from scanning URL: -http://79.137.123.208/bins/ppc
Number of sources found: 0
Number of sinks found: 0

Results from scanning URL: -https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.4/bootstrap.min.js
Number of sources found: 13
Number of sinks found: 2

Results from scanning URL: -https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.4/bootstrap.min.js
Number of sources found: 44
Number of sinks found: 2
/*!

Results from scanning URL: -https://i1.social.s-msft.com/Profile/Resources/Script/jquery.flot.min.js?cver=2018.11.26.1%0d%0a
Number of sources found: 0
Number of sinks found: 3

Results from scanning URL: -https://i2-msdn.sec.s-msft.com/Combined.js?resources=0:NewFooterSock,1:Footer;/Areas/Epx/Themes/Base/Content:0,/Areas/Centers/Themes/StandardDevCenter/Content:1&hashKey=EB5B0152122C286919648AB36220C327&v=B3C9588E497D8C1E7EBCEBE66E55A8CB
Number of sources found: 9
Number of sinks found: 8

10 engines detect: https://www.virustotal.com/gui/file/e6b61381d9e516615457e4cafbae7084ec98aeeb187260297454f5cc4cbef936/detection
ELF executale.

On IP: " nekos are cute" also found at https://malshare.com/index.php ->https://urlhaus.abuse.ch/url/209662/
See: https://malshare.com/search.php?query=http%3A%2F%2F79.137.123.208%2F 
with various YARA-hits. -> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=NzkuMTM3LjEyMy4yMDhgYltuc2BwcF4%3D~enc
and
https://urlscan.io/result/06ddd2ba-958d-4ab0-bcfd-671dd6b2d56a
= https://www.virustotal.com/gui/file/e6b61381d9e516615457e4cafbae7084ec98aeeb187260297454f5cc4cbef936/details
vuln.: https://www.shodan.io/host/79.137.123.208
also see: https://censys.io/ipv4?q=http%3A%2F%2F79.137.123.208%2Fbins%2Fppc
also
Quote
443.https.get.body: , PPC
 176.223.66.133 (-core1.spatiul.ro)
 SPACE-AS (50939)  Romania
 110/pop3, 143/imap, 21/ftp, 443/https, 465/smtp, 53/dns, 587/smtp, 80/http, 993/imaps, 995/pop3s
 Bloo Ink Publishing Limited – We publish your dream ! Bloo Ink Book Publisher in London  -ppc-concept.co.uk, -cpanel.ppc-concept.co.uk, -ipv6.ppc-concept.co.uk
 443.-https.get.body: ://ppc

Does avast detect this malcode?

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »