Checking on address in Neo-Monitor

Viruses and worms
1

Detected -level3-cdn-192-67-191-253.de.kpn-eurorings.net
Re: https://www.abuseipdb.com/check/192.67.191.253
Re: http://www.iplocationfinder.com/192.67.191.253
Re: https://urlscan.io/ip/192.67.191.253
Consider also: https://report.any.run/8b20a286d643d8cbe1374458cfbcf759230df5505a47034c1184d11d8ff9b8d4/afaef73f-c4c2-4c1d-b383-a2e52f3d99b0
and https://www.maltiverse.com/sample/88d4588840cebd23cd887d07d9bad8a7467ca93b43bd7bf891252aad27510561

Can anyone debug?

polonus

2

This is what I get back from https://urlscan.io/result/ in json terms through avast"s secure browser:

{ "transactions": [ { "request": { "requestId": "A98FD3C5B9093DDF1F43EB832D466196", "loaderId": "A98FD3C5B9093DDF1F43EB832D466196", "documentURL": "http://level3-cdn-192-67-191-253.de.kpn-eurorings.net/", "request": { "url": "http://level3-cdn-192-67-191-253.de.kpn-eurorings.net/", "method": "GET", "headers": { "Upgrade-Insecure-Requests": "1", "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" }, "mixedContentType": "none", "initialPriority": "VeryHigh", "referrerPolicy": "no-referrer-when-downgrade" }, "timestamp": 25475037.252187, "wallTime": 1541173262.050658, "initiator": { "type": "other" }, "type": "Document", "frameId": "67C97651A1230A15103F13F6902152C1", "hasUserGesture": false }, "response": { "encodedDataLength": 0, "dataLength": 0, "failed": { "requestId": "A98FD3C5B9093DDF1F43EB832D466196", "timestamp": 25475037.309668, "type": "Document", "errorText": "net::ERR_NAME_NOT_RESOLVED", "canceled": false } } }, { "request": {}, "requests": [], "response": { "encodedDataLength": 0, "dataLength": 0 } } ] }
See: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Flevel3-cdn-192-67-191-253.de.kpn-eurorings.net%2F#last_reboot With DNS I get a Name Error SOA: Admin: netmaster.de.kpn-eurorings.net, Primary Server: nszm01.de.kpn-eurorings.net, Default TTL: 3600, Expire: 2419200, Refresh: 28800, Retry: 7200, Serial: 2018092803 and checked with asimov-win.settings.data.microsoft.com.akadns.net geo.settings.data.microsoft.com.akadns.net db5.settings.data.microsoft.com.akadns.net db5-ap.settings.data.microsoft.com.akadns.net

polonus