Emotet/Epoch1 being flagged on this website?

Re: https://urlhaus.abuse.ch/url/287230/
See failed scan here: https://sitecheck.sucuri.net/results/majan.neomeric.us
On the hoster IP with various Exif/PHP vulnerabilties endangering the Word Press CMS website…
see: https://www.shodan.io/host/68.66.224.30

No detections here: https://www.virustotal.com/gui/url/2b335958f91f5438205172175c92b6bade316aeaef954bd6a64d44bb7bd191e0/detection

Re: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fmajan.neomericus.us%2F (down now)…

polonus

[b]See failed scan here:[/b] https://sitecheck.sucuri.net/results/majan.neomeric.us
And the first thing to check when you see that is? ........ is it taken down?

Yes it is https://downforeveryoneorjustme.com/majan.neomeric.us

also shown under VT detail button … no details to show

Emotet doesn’t normally show up in websites. Typical delivery platform is email, so this is odd.

IP Detection by IBM for malware: https://exchange.xforce.ibmcloud.com/ip/68.66.224.30

@Pondus - Often times, malicious websites don’t remain online for long.

Hi Michael (alan1998),

Lately it is showing up and mainly in Word Press & gstore websites:
https://urlhaus.abuse.ch/url/288576/ & https://urlhaus.abuse.ch/url/288575/ & https://urlhaus.abuse.ch/url/288572/ etc.
infested with emotet, heodo, epoch2.

Compare searches with → https://maltiverse.com/sample/c6f6ca23761292552e6ea5f12496dc9c73374be0c5f9d0b2142ca3ae0bb8fe14
etc.

Remember with the latest plug-in flaw 320.000 Word Press sites are still unpatched and vulnerable ???

polonus