Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
This beta bot domain detected?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: This beta bot domain detected? (Read 1066 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33892
malware fighter
This beta bot domain detected?
«
on:
May 02, 2020, 07:03:29 PM »
Re: url = -ozz.su/encode/login.php
IP: -45.10.88.69 See:
https://www.virustotal.com/latest-scan/http://ozz.su/encode/login.php
where 4 detect. -http://ozz.su/encode/login.php is in Dr.Web malicious sites list!
See also:
https://domainwat.ch/site/ozz.su
IP relation recent detections:
https://www.virustotal.com/gui/ip-address/45.10.88.69/relations
On IP hoster:
https://www.shodan.io/host/45.10.88.69
nginx services:
| http-ls: Volume /
| maxfiles limit reached (10)
| SIZE TIME FILENAME
| - 2020-05-01 20:55 __MACOSX/
| - 2020-04-18 15:32 __MACOSX/guadox/
| - 2020-04-18 15:43 __MACOSX/h1n1/
| - 2013-12-29 08:27 beta017.1/
| - 2020-02-24 19:01 blackbot/
| - 2015-03-12 03:46 encode/
| - 2020-04-18 15:35 guadox/
| 1.3K 2015-12-16 04:12 guadox/captcha.php
| - 2020-04-13 21:37 guadox/css/
| - 2020-04-13 21:37 guadox/fonts/
|_
Retirable jQuery libraries:
https://retire.insecurity.today/#!/scan/b88d43afa01af43f8cff0c9eda2969f654f05c03bd53620003ad68ae22b5d3a8
Links to widget_manager found: -https://jlinkjuice.blogspot.com/
polonus (volunteer 3rd party cold recon website security and website error-hunter)
«
Last Edit: May 02, 2020, 07:09:55 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33892
malware fighter
Re: This beta bot domain detected?
«
Reply #1 on:
May 05, 2020, 01:43:30 PM »
A Betabot analysis:
https://www.hybrid-analysis.com/sample/26bf53dce1387952603dd95556827be14791fb879396f26a1b366e1b24f8246f?environmentId=100
On that IP:
https://www.shodan.io/host/173.249.6.41
On relations of that IP detected:
https://www.virustotal.com/gui/ip-address/173.249.6.41/relations
Domain only detected by Bitdefender's TrafficLight:
https://www.virustotal.com/gui/url/e0df2287a963ec26b74c590e805320e0270c7dbf7e03bdb2ca65565908acebfb/detection
Now given as clean, because kicking up an error: HTTP ERROR 503
Error: Access is denied to chrome:// and Chrome Store pages
Has migrated here:
https://www.shodan.io/host/195.20.54.15
Proxy Error
The proxy server received an invalid response from an upstream server. (-http://domain.dot.tk/p/?d=SKYDA.ML&i=85.149.115.163&c=31&ro=0&ref=unknown&_=1588678550114)
The proxy server could not handle the request GET /p/.
Reason: Error reading from remote server
Vulnerable: Bootstrap, script - 3.3.7
Site marked as untrustworthy by Avast Web Security.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
This beta bot domain detected?