What also be blocked is redirects to http://error.hostinger.eu/403.php from -wittenose.pe.hu/
Netcraft website risk status 7 red out of 10: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwittenose.pe.hu%2F
https://www.virustotal.com/nl/url/d62fdc2599de151b0061a9949d4f2f20e176f628685d6c2187073354bae76339/analysis/
A good adblocker does -uMatrix has prevented the following page from loading:
http://error.hostinger.eu/403.php? → http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Ferror.hostinger.eu%2F403.php%3F
See: http://www.cvedetails.com/vulnerability-list/vendor_id-10048/product_id-17956/version_id-178329/year-2014/Nginx-Nginx-1.6.0.html - 1,441 other sites hosted on this server. ‘error.hostinger.eu’ is a bad zone →
mail and web issues: http://www.dnsinspect.com/hostinger.eu/1442938665
WARNING: Found missing name servers:
raid3.main-hosting.com.
Name Servers Versions
WARNING: Name servers software versions are exposed:
208.43.173.207: “9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.3”
31.170.164.253: “9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.
Connect to Mail Servers
FAIL: Connection to all mail servers failed.
pipe.hostinger.eu.: dial tcp 31.170.164.250:25: getsockopt: connection refused
To receive emails, mail servers should allow TCP connections on port 25.
Listed as a PHISH: https://www.phishtank.com/phish_search.php?page=1...y
Domain goes to OK. Domain hostinger.eu. resolves to:
– 127.0.0.1
The whole domain is worth being blocked: https://www.virustotal.com/nl/domain/mtblev2014.pe.hu/information/
polonus
Confirmed by F-Secure
The submitted website has been verified to be malicious and the appropriate rating is now updated. The update will take effect on the next product update cycle.
https://www.virustotal.com/en/url/405e29db5e81c326ddeff8c16750b5d0c1f43597a963e49d1cc3998db27d8ad3/analysis/1442970098/ :-
https://www.virustotal.com/en/url/1c8c0904d0a8c578e92c13c148ea5a65061af29405b965f10213c8222fcfdb29/analysis/1442970325/
More to be detected here: https://www.virustotal.com/nl/domain/cmso-guide.com/information/
PHISH detected here: https://urlquery.net/report.php?id=1442991884371
Probably not flagged because of a HTTP/1.0 404 Not Found
Fortinet’s URL Query Alert being blacklisted.
See this scan: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcmso-guide.com
This comes blocked: uMatrix has prevented the following page from loading:
-http://col.eum-appdynamics.com/
Seems all of that IP is involved in PHISHing: https://www.virustotal.com/nl/ip-address/160.153.16.32/information/
where DrWeb and Sophos flags PHISH.
polonus
hxxp://www.nic.at.vu/us/start/ is now detected by Avast as “URL:Mal”.
Reported by Be Secure and recently added by PhishTank (Sept. 24th) and blacklisted as such by Bitdefender:
https://www.virustotal.com/en/url/50c852ebd688126f14a52ae74da8b823eb50d750735606ab2d4d5943bc4bd7f3/analysis/1443075807/#additional-info
Quttera missed all of it and Sucuri gives site as likely compromised and blacklisted by Bitdefender, making this little circle round again. Here it is also not being alerted: https://urlquery.net/report.php?id=1443093530691
Avast does not flag website as a PHISH! Part of a PHISHing attempt.
used PHP version has several vulnerabilities reported.
Also: http://www.domxssscanner.com/scan?url=http%3A%2F%2Finterti.net%2Freadmore.php%3Fid%3D26
Name server issues/errors: http://dnscheck.sidn.nl/?time=1443094195&id=1829914&view=basic&test=standard
No Reverse Address detected, Does not do the DNSSEC extra, No SOA record.
WOT rating: https://www.mywot.com/en/scorecard/interti.net?utm_source=addon&utm_content=rw-viewsc
polonus
Reported by Be Secure and recently added by PhishTank (Sept. 24th) and blacklisted as such by Bitdefender:-http://www.interti.net/ is not at PhishTank "[b]Nothing known about[/b] -http://www.interti.net/"
Message from F-Secure
The submitted website has been verified to be clean and the appropriate rating is now updated.
Hi,
both onlinebanking-natwest-services-personal-com.krishnacookwares.com and cmso-guide.com are blocked now, thanks for reporting ;-)!