Author Topic: Blocked for me but not by avast's...  (Read 374 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32892
  • malware fighter
Blocked for me but not by avast's...
« on: November 26, 2020, 02:02:32 PM »
Blocked on android for me by Blokada = see: https://urlscan.io/result/2e30048b-e3bb-48d2-a673-036407074ead/
Google IP from Frankfurt am Main (Germany) - https://www.virustotal.com/gui/ip-address/108.177.111.95/relations
(see all the communicating file detections there).

What is -Googleapis.com Virus? -Googleapis.com Virus is a the name given to a class of adware whose end-goal is to use the legitimate Google Service (-Googleapis.com itself) to display phishing pages, redirect users to various ads, malicious and misleading web-sites. Many PC users consider adware, PUPs, keyloggers, malware as the same thing....
Nothing here on domain: https://www.virustotal.com/gui/url/b147f4564f34f2280690a17b0fa67e8024a06b36d1dd20709db005fa67f7b72a/details

See: https://domain.glass/geller-pa.googleapis.com

Seems to go hand in foot with CloudFlare's -> https://subdomainfinder.c99.nl/scans/2020-09-26/geller-pa.googleapis.com
Likely to be involved in ad-retargeting, consider: https://www.shodan.io/host/108.177.111.95

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32892
  • malware fighter
Re: Blocked for me but not by avast's...
« Reply #1 on: November 27, 2020, 02:28:07 PM »
Found via Pulsedive here: https://pulsedive.com/explore/?q=JTdCJTIydHlwZSUyMiUzQSU1QiUyMmFsbCUyMiU1RCUyQyUyMnJpc2slMjIlM0ElNUIlMjJhbGwlMjIlNUQlMkMlMjJyZXRpcmVkJTIyJTNBJTIyZmFsc2UlMjIlMkMlMjJsaW1pdCUyMiUzQSUyMmh1bmRyZWQlMjIlMkMlMjJsYXN0c2VlbiUyMiUzQSUyMmFsbCUyMiUyQyUyMnNlYXJjaCUyMiUzQSUyMmluZGljYXRvcnMlMjIlN0Q=#indicators
Vulners galore for IP at shodan.io: https://www.shodan.io/host/31.7.63.146
Palo Alto firewall blocked: https://github.com/clay584/blacklist_builder/blob/master/output-example.txt
Not secure Apache2 Ubuntu Default page: -http://31.7.63.146/
Quote
Modified from the Debian original for Ubuntu
Last updated: 2014-03-19
See: https://launchpad.net/bugs/1288690
Quick Source view:
Quote
HTML
-31.7.63.146/
13,283 bytes, 107 nodes

Javascript 6   (external 0, inline 6)
INLINE: // Catch errors if signal is already set by user agent or other extensi
402 bytes

INLINE: // Catch errors if signal is already set by user agent or other extensi
402 bytes

INLINE: !function(){let e=!1;function n(){if(!e){const n=document.createElement("meta");
613 bytes

INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
38,144 bytes

INLINE: try { Object.defineProperty(screen, "availTop", { value:
4,124 bytes

INLINE: try { Object.defineProperty(screen, "availTop", { value:
4,124 bytes

CSS 2   (external 0, inline 2)
INLINE: * { margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; } body, h
2,866 bytes INJECTED

INLINE: @media print {#ghostery-purple-box {display:none !important}}
61 bytes INJECTED
IP not detected: https://novasense-threats.com/lookup/31.7.63.146
Detected: https://www.virustotal.com/gui/ip-address/31.7.63.146/detection

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: November 27, 2020, 07:56:11 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!