« previous next »
Pages: [1]   Go Down

Author Topic: Been taken down because of malware?  (Read 1927 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Been taken down because of malware?
« on: April 01, 2017, 04:25:57 PM »
See: http://zulu.zscaler.com/submission/show/9b8be5249ffacea1aee970edb9edafff-1491054742
Re: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Ffourthgate.org%2FYryzvt
Blacklisted and 100% malicious...GoDaddy abuse: http://whois.domaintools.com/fourthgate.org

On the nameserver certifcate: Warnings
RC4
Your server's encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure.
SSLv3
Your server's encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure.
TLS1.2
This server is vulnerable to a TLS renegotiation attack.
This server is vulnerable to:
SSL/TLS Compression
This server is vulnerable to a CRIME attack.
Poodle (SSLv3 protocol)
This server is vulnerable to a Poodle (SSLv3) attack. -> https://mxtoolbox.com/domain/dnsexit.com/

Various issues: http://www.dnsinspect.com/dnsexit.com/10066058

Launched from a private address on QuadraNet, Inc - Delaware
on Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30) *
and  Did  not follow redirect to http://duckduckgo.com

* exploitable: https://nfsec.pl/security/5730  Groovy exploitable: https://www.vuxml.org/freebsd/vuln.xml

On malware domain list: 2017/03/20_10:13   -fourthgate.org/Yryzvt   104.200.67.194   -   -Ransom, Fake.PCN, Malspam   Charlie Dillon / -godaddy@638united.com   8100

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Been taken down because of malware?
« Reply #1 on: October 06, 2019, 10:05:52 PM »
Update, gone from the malware radar: but see Netcraft risk 7 red out of 10 Netcraft risk grade:
https://toolbar.netcraft.com/site_report?url=ih1750068.vds.myihor.ru
Domain watch: https://domainwat.ch/site/myihor.ru
No longer given in database: https://www.abuseipdb.com/check/194.67.194.249
No engines detect IP and IP relations: https://www.virustotal.com/gui/url/de35e3c63bd8e34545ae02643ec86bd7b7781241e5ec142ebb50bd77b6e60143/details

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: Been taken down because of malware?
« Reply #2 on: October 06, 2019, 11:33:35 PM »
Quote
No engines detect IP and IP relations: https://www.virustotal.com/gui/url/de35e3c63bd8e34545ae02643ec86bd7b7781241e5ec142ebb50bd77b6e60143/details
Are you sure? .... that scan is 7 months old


Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Been taken down because of malware?
« Reply #3 on: October 06, 2019, 11:54:25 PM »
Hi Pondus,

Reanalyzed and indeed 1 is detecting: https://www.virustotal.com/gui/url/de35e3c63bd8e34545ae02643ec86bd7b7781241e5ec142ebb50bd77b6e60143/detection
But just one deteting could also spell out a FP. So still out in limbo with these most recent results.

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: Been taken down because of malware?
« Reply #4 on: October 06, 2019, 11:57:24 PM »
Just a reminder to have fresh scan results .... i keep nagging   ;)


Logged
Pages: [1]   Go Up
« previous next »