@ Michael (alan1998),
Thanks for supporting that idea, the hive.html file has been removed.
So, does that mean without this file is that site more secure now?
Client Pull, CGI , Perl & Gzip trechnology, see
https://toolbar.netcraft.com/site_report?url=-s81.fastserver.club1 red out of 10 netcraft risk rate.
Ransomware IP address: -51.89.7.30
ransomwaretracker.abuse.ch
Associated Ransomware Infrastructure. The table below shows all Ransomware infrastructure that is associated with the IP address -51.89.7.30.
-fapplepie - AbuseIPDB User Profile
www.abuseipdb.com-51.89.7.30, 24 Sep 2019. 51.89.7.30 - - - [24/Sep/2019:08:25:19 +0000] "GET /wp -login.php HTTP/1.1" 404 162 "-" "Mozilla/5.0 ... show more51.89.7.30 ...
-drharrymorganssdsolution.com (Black Money Scam) - Stop 419 ...
-www.stop419scams.com
Sep 19, 2019 ... wXw.drharrymorganssdsolution.com. Scam Domain - Read Scam Websites 51.89.7.30. Domain Name: -DRHARRYMORGANSSDSOLUTION.
-puritygem.xyz - URLhaus
-urlhaus.abuse.ch
Aug 15, 2019 ... Firstseen (UTC), IP address, Hostname, SBL, ASN, Country, Active? 2019-08-15 21:44:04, 51.89.7.30,
-s81.fastserver.club, Not listed, AS16276 ...
-unboamefinancebk.com (Fake Bank Fraud Scam) - Stop 419 Scams ...
Quite some malware launched from that IP address:
https://www.virustotal.com/gui/ip-address/51.89.7.30/relationsjson
{
"asn": "AS16276",
"city": "",
"country": "Germany",
"country_code": "DE",
"hostname": "s81.fastserver.club",
"ip": "51.89.7.30",
"latitude": 51.2993,
"longitude": 9.491,
"organization": "OVH SAS"
}
On that webserver Apache - Linux - unknown owner (PrivacyGuardian dot org shielded off):
OpenSSH 7.4 (protocol 2.0) fingerprint-strings: | FourOhFourRequest, HTTPOptions: Server: imunify360-webshield/1.7
protection, that can be closed through this malware, read: https://otx.alienvault.com/indicator/ip/94.73.151.100
Closed on Linux server:
443 header: HTTP/1.1 200 OK Date: Wed 10 Jul 2019 07:26:16 GMT Content Type: text/html Connection: close Server: imunify360 webshield/1.7 Expires: Wed 10 Jul 2019 07:26:15 GMT Cache Control: no cache
Interesting general details, isn't it?
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)