Been taken down because of malware?

See: http://zulu.zscaler.com/submission/show/9b8be5249ffacea1aee970edb9edafff-1491054742
Re: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Ffourthgate.org%2FYryzvt
Blacklisted and 100% malicious…GoDaddy abuse: http://whois.domaintools.com/fourthgate.org

On the nameserver certifcate: Warnings
RC4
Your server’s encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure.
SSLv3
Your server’s encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure.
TLS1.2
This server is vulnerable to a TLS renegotiation attack.
This server is vulnerable to:
SSL/TLS Compression
This server is vulnerable to a CRIME attack.
Poodle (SSLv3 protocol)
This server is vulnerable to a Poodle (SSLv3) attack. → https://mxtoolbox.com/domain/dnsexit.com/

Various issues: http://www.dnsinspect.com/dnsexit.com/10066058

Launched from a private address on QuadraNet, Inc - Delaware
on Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30) *
and Did not follow redirect to http://duckduckgo.com

On malware domain list: 2017/03/20_10:13 -fourthgate.org/Yryzvt 104.200.67.194 - -Ransom, Fake.PCN, Malspam Charlie Dillon / -godaddy@638united.com 8100

polonus (volunteer website security analyst and website error-hunter)

Update, gone from the malware radar: but see Netcraft risk 7 red out of 10 Netcraft risk grade:
https://toolbar.netcraft.com/site_report?url=ih1750068.vds.myihor.ru
Domain watch: https://domainwat.ch/site/myihor.ru
No longer given in database: https://www.abuseipdb.com/check/194.67.194.249
No engines detect IP and IP relations: https://www.virustotal.com/gui/url/de35e3c63bd8e34545ae02643ec86bd7b7781241e5ec142ebb50bd77b6e60143/details

polonus

No engines detect IP and IP relations: https://www.virustotal.com/gui/url/de35e3c63bd8e34545ae02643ec86bd7b7781241e5ec142ebb50bd77b6e60143/details
Are you sure? .... that scan is 7 months old

Hi Pondus,

Reanalyzed and indeed 1 is detecting: https://www.virustotal.com/gui/url/de35e3c63bd8e34545ae02643ec86bd7b7781241e5ec142ebb50bd77b6e60143/detection
But just one deteting could also spell out a FP. So still out in limbo with these most recent results.

pol

Just a reminder to have fresh scan results … i keep nagging :wink: