Author Topic: Is this British Glype Proxy malicious?  (Read 957 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Is this British Glype Proxy malicious?
« on: November 19, 2023, 06:49:51 PM »
See: https://www.virustotal.com/gui/url/13ddd1207c4c4f93529972aab0d9c9419027fed4069da1b16046d20c851409fd?nocache=1

Two vendors flag as malicious.  Avast does not block it. (see remark * by me, polonus)
Also 3 detect here on IP: https://www.virustotal.com/gui/ip-address/93.189.6.34/details (status; Not Recommended Site)

No risk found here: https://sitereport.netcraft.com/?url=https://www.docoja.com
For server consider: https://www.shodan.io/search?query=zoneedit.com

Ten malicious files detected: https://quttera.com/detailed_report/www.docoja.com
Various instances of Trojan.PHP.Link.gen.276  but that should not be much of a problem working a good ad-blocker *
to block -pagead2.googlesyndication.com/pagead/js/adsbygoogle.js (uBlock blocks this script-redirect).

As this is not being flagged by VT: htxps://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&origin=hxtp%3A%2F%2FwXw.docoja.com&url=http%3A%2F%2FwXw.docoja.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.AOzoyjtjrhQ.O%2Fd%3D1%2Frs%3DAHpOoo9-fA1P7IZFa1fdRj158NoDqrnbYA%2Fm%3D__features__  -> https://www.virustotal.com/gui/url/2222ebbc4826973807e59e46799490ff2c6f29112d6654878ec2dd71358c0dbb?nocache=1

polonus
« Last Edit: November 19, 2023, 07:01:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Is this British Glype Proxy malicious?
« Reply #1 on: November 20, 2023, 10:51:17 AM »
Be cautious using Glype Webproxies.
For instance Proxiyum dot com is launching Mirai & Mozi malware bot.
See: https://www.virustotal.com/gui/url/eec8fbb230500427140a38795a6529a4c2569255b9e5e8ab2cd697dc86cb4eef

Insecure connection exist for proxium dot com (misspelling).
Or you get an error code 522 Connection timed out on Cloudflare.

Glype proxies are configured in a very insecure way. They can be abused for targeted (MitM)-attacks
or to test servers remotely, data exfiltration attacks, cross-frame scripting and phishing.

So never use such a proxy (nor any other proxy) for exchanging critical information.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Is this British Glype Proxy malicious?
« Reply #2 on: November 20, 2023, 10:54:41 PM »
Another webproxy with malicious files: https://quttera.com/detailed_report/www.fastp.org
Re: Detected reference to malicious blacklisted domain wXw.listaproxy dot org
Threat name: M.BL.Domain.gen
2 vendors to detect: https://www.virustotal.com/gui/url/dfd1675a63d6a9747306bc511fd3e4c177cc4808852e3c18817f6c8a2e220131
See outgoing links
-http://www.thegreatdirectory.org/
-http://www.livepopular.com/
-http://www.EasyHits4U.com
-http://www.topsiteswebdirectory.com/
-http://www.gatherproxy.com
-https://www.proxynova.com/ *-
> see 3 to detect this proxy * as malicious: https://www.virustotal.com/gui/url/16ac2c23f8035f1aa430ee18170b26f3913ea3ac110fceea88da14307764c2b2

-http://www.proxysites.com
-http://www.pxaa.com/
-http://www.proxyia.com/
-https://www.top-proxies.co.uk

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!