Threat Name: W32.Ramnit!html
Location: -http://shangyasheji25.dns4.007vps.com/

Threat Name: W32.Ramnit!html
Location: -http://shangyasheji25.dns4.007vps.com/help.html
Re: http://urlquery.net/report.php?id=1440935392068
and http://frag.co.uk/tools/?page=source&host=http://arxxin.1.007vps.com/member.php?mod=logging
and
https://www.virustotal.com/nl/url/3316137fa6b5e81fabecf2cb6f6e4a6ca8bbe04d112599866b9f9ff6fda5eb10/analysis/1440935317/
and
http://www.domxssscanner.com/scan?url=http%3A%2F%2Farxxin.1.007vps.com%2Fmember.php%3Fmod%3Dlogging
Detection: http://safeweb.norton.com/report/show?url=arxxin.1.007vps.com
Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fdiscuz.gtimg.cn%2Fcloud%2Fscripts%2Fdiscuz_tips.js%3Fv%3D1

提示信息 - Arxxin好心人热心助人 - Powered by Discuz! padlock icon
-arxxin.1.007vps.com
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://arxxin.1.007vps.com/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

polonus (volunteer website security analyst and website error-hunter)

Hey Sherlock are you still chasing Professor James Moriarty across the web looking for threats ;D

Hi SpeedyPC,

Yes, swinging from the one bridge (scanner) to the other, like in the film on that subject ;D
But jokes aside, while doing so I have stumbled upon many an interesting resource to take the “James Moriarty” websites apart,
like this one: http://frag.co.uk/tools/?page=source&host=www2.eu to do some DNS stuff.
What about this playground where we can observe “James Moriarty” at play?: http://caja.appspot.com/
So sometimes I can come back here and report many an interesting issue, that may help others chase and catch the baddies.
Well the Avast mission I mean!

Anyway nice you follow my voluntary activities here.
Also have to admit that I get quite some help from Pondus,
whose alwaysis cross-examining after me.

Have a nice Sunday, SpeedyPC, my good friend,

Damian