Re: https://urlquery.net/report/4b4a278a-5cc0-446e-ab2d-e85560168c31
alerts for ET POLICY HTTP Request to a *.tk domain & ET INFO DNS Query for Suspicious .ga Domain on internal IP
See: https://www.virustotal.com/gui/url/1540254d73547671ab2baabe1f64b983dcc1eddb90115cb729f5cc47612a0614/details
and https://www.maltiverse.com/hostname/webdisk.azz-dff.ga
or https://dnstable.com/ip/195.20.51.86 & https://www.shodan.io/host/195.20.51.108
nothing more than |_http-server-header: nginx |http-title: 51.108
Redirecting to -http://domain.dot.tk/p/?d=SACRAMENTOZZ.GA&i=198.71.230.24&c=1&ro=0&ref=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D3%26cad%3Drja%26uact%3D8%26ved%3DqUJdSXJgQ%26url%3Dhttp%253A%252F%252Fsacramentozz.ga%26ei%3DklDWqNRPh3R1VT2dsFJ%26usg%3DhpaIbRWGBEKyGAOTqCN&=1561576395162
DOM-XSS issues:
Results from scanning URL: -http://domain.dot.tk/js/searchr.js
Number of sources found: 42
Number of sinks found: 2
Results from scanning URL: -http://domain.dot.tk/js/dos.js
Number of sources found: 42
Number of sinks found: 2
Results from scanning URL: -https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Number of sources found: 115
Number of sinks found: 86
Autoshun detects: https://www.virustotal.com/gui/url/a0e9fd0bf7c304535b093a37ced5af7b9438ba7164ca5bc3ed06e9c06e5ee021/detection
Taloha redirects: https://www.virustotal.com/gui/domain/domain.dot.tk/relations
Detected in PUP mode as PUP High Confidence? See:
https://www.virustotal.com/gui/file/b4f1a6f96ce9a6f72f0e45eb4dad19517c47067ca296c8c25ab90e6aecf949ba/detection
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)