Blacklisted Domain [grupoecointerpreis.com]

system · 2017-05-13T18:22:21.000Z

Hello,

Our client has recently been blacklisted for containing malicious content on their site, grupoecointerpreis.com. They have
completely terminated the account and recreated the account. Our team has scanned the site and confirmed there does
not appear to be any malicious content on this site at this time.

Please assist in removing this blacklisting from our site.

Regards,

Asyn · 2017-05-13T18:24:04.000Z

→ https://sitecheck.sucuri.net/results/grupoecointerpreis.com

Asyn · 2017-05-13T18:35:55.000Z

→ http://zulu.zscaler.com/submission/show/1b903138d5587207693fbe7923c14651-1494699938

Eddy · 2017-05-13T18:40:22.000Z

Blacklisted :
https://www.websicherheit.at/website-malware-viren-scanner/?url=grupoecointerpreis.com
https://sitecheck.sucuri.net/results/grupoecointerpreis.com
https://www.virustotal.com/en/url/7eee25ed69c9177edf6c1c892365262303d23ca785d7f280c411015b82e826a2/analysis/1494700155/

http://urlquery.net/report.php?id=1494697973679
https://www.virustotal.com/en/ip-address/98.142.105.18/information/

Vulnerable library detected :
http://retire.insecurity.today/#!/scan/db7399526baa6e987ee1c075e23895269315f2ee34798b355455c1ecaed2030b

Malicious :
http://zulu.zscaler.com/submission/show/1b903138d5587207693fbe7923c14651-1494700137

Suspicious :
https://quttera.com/detailed_report/grupoecointerpreis.com

polonus · 2017-05-13T22:08:10.000Z

The code flagged by Quttera’s as suspicious does not enhance privacy on all interpreters…
see the insecure code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fgrupoecointerpreis.com%2Fjs%2Fjbgallery-2.0.js
and the possible overflow to pr0n content…-> -http://www.ip0rn.com/templates/frontend/dark-blue/js/jquery.video-0.2.js
normally blocked through threatcenters, so do not go there…
Dimenoc abuse: https://urlscan.io/result/b8ed98b6-858a-4169-824c-3a8c08874b9d#summary

polonus

HonzaZ · 2017-05-16T07:09:41.000Z

abuseteam post:1:

…Our client has recently been blacklisted…

Yup, as recent as 6 months ago, 25. 10. 2016, 15:15, when it was spreading Locky ransomware at grupoecointerpreis[.]com/076wc 8)
Glad to hear you removed the malicious content, I am unblocking the domain now!

Announcements