Pondus
2
[b]See failed scan here:[/b] https://sitecheck.sucuri.net/results/majan.neomeric.us
And the first thing to check when you see that is? ........ is it taken down?
Yes it is https://downforeveryoneorjustme.com/majan.neomeric.us
also shown under VT detail button … no details to show
Emotet doesn’t normally show up in websites. Typical delivery platform is email, so this is odd.
IP Detection by IBM for malware: https://exchange.xforce.ibmcloud.com/ip/68.66.224.30
@Pondus - Often times, malicious websites don’t remain online for long.
polonus
4
Hi Michael (alan1998),
Lately it is showing up and mainly in Word Press & gstore websites:
https://urlhaus.abuse.ch/url/288576/ & https://urlhaus.abuse.ch/url/288575/ & https://urlhaus.abuse.ch/url/288572/ etc.
infested with emotet, heodo, epoch2.
Compare searches with → https://maltiverse.com/sample/c6f6ca23761292552e6ea5f12496dc9c73374be0c5f9d0b2142ca3ae0bb8fe14
etc.
Remember with the latest plug-in flaw 320.000 Word Press sites are still unpatched and vulnerable ???
polonus