polonus
December 13, 2014, 3:38pm
1
polonus
December 13, 2014, 4:00pm
2
This link htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406 is going to local host like
RESPONSE BODY
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:%5bno%20address%20given%5d" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
body { color: #000000; background-color: #FFFFFF; }
a:link { color: #0000CC; }
p, address {margin-left: 3em;}
span {font-size: smaller;}
/*]]>*/--></style>
</head>
<body>
<h1>Access forbidden!</h1>
<p>
pol
Apparently CRAN link broken: http://r.789695.n4.nabble.com/CRAN-link-broken-td4246941.html
Update - the infection continues: http://killmalware.com/barnsteiner.net/
The website has nott been cleansed since, so 15 days and counting.
index.html
Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Malicious obfuscated JavaScript threat
Offset: 846
Threat dump:
[[]]
Threat dump MD5: 75E8A847369CE7A9558E7D308AB145EB
File size[byte]: 986
File type: ASCII
Page/File MD5: 7B235BB67B5C88C69F0F16538F202324
Scan duration[sec]: 0.002000
Who is coming here to check the third party cold reconnaissance scanning I perform?
polonus
Pondus
March 23, 2015, 4:56pm
4
Hi Pondus,
It is time for your medal then. ;D ;D ;D
You receive this medal for constantly back-checking on all sort of results I posted.
See it attached.
polonus
Update: See: http://killmalware.com/barnsteiner.net/# and https://www.virustotal.com/nl/url/7edcd99d96bb1ba660b1288fb51daedce5a964099fddcffa22f0b98fdcc98cd7/analysis/#additional-info
ndex.html
Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Malicious obfuscated JavaScript threat
Website blacklisted; http://www.yandex.com/infected?url=barnsteiner.net&l10n=en
Suspicious javascript check: Suspicious
ner.net <!–/a03ada-
Included script check: Suspect - please check list for unknown includes
htxp://box.traditionnutte.de/4gmrbbjy.php?id=89406
Read: http://javascript.crockford.com/script.html
See this report: https://rateip.com/ipv4/78.47.15.68
Consider: http://www.das-labor.org/svn/microcontroller-2/arm-crypto-lib/testvectors/rsa-pkcs-1v2-1-vec/pss-vect.txt
polonus
Pondus
March 31, 2015, 9:24pm
7