In this thread we present an insecure website, What unknown malware resides there?
Read on.
polonus
Found on MX VirusWatch archives: Up(nil): unknown_html RIPE GB abuse at compila.com 195.238.172.60 to 195.238.172.60 eroyton dot co dot uk htxp://www.eroyton.co.uk/ site: Ghosted
1 flag: https://www.virustotal.com/nl/url/27c7ba744b1dba720f84c9e9cd66c1db10085316b8c35b7092b3103941643739/analysis/1409851193/
Clean: http://quttera.com/detailed_report/www.eroyton.co.uk
Issue detected Outdated cPanel Found cPanel Security cPanel 11.34.2.8
open FTPd vuln. Red Hat Enterprise Linux service.
SOA and DNSSEC errors found: http://dnscheck.pingdom.com/?domain=www.eroyton.co.uk×tamp=1409852150&view=1
IP info 40 sites on one and the same IP, badbess history: https://www.virustotal.com/nl/ip-address/195.238.172.60/information/
- output has been filtered: http://fetch.scritch.org/%2Bfetch/?url=www.eroyton.co.uk&useragent=Fetch+useragent&accept_encoding=
Not flagged: -htxp://www.eroyton.co.uk/forum/viewtopic.php?id=343
polonus
The following site probably has been compromised and has been blacklisted: http://www.siteadvisor.com/sites/aparataje.com
see: https://www.virustotal.com/nl/url/024cf7bb622cb5b8bdbbec8c547a100fcf9904c6238ecf637bc67e9afb2e3c3e/analysis/1409858263/
backported: Wordpress Version 3.9.x based on: http://aparataje.com//wp-admin/js/common.js
WordPress theme: http://aparataje.com/wp-content/themes/jarida/
IP badness history: https://www.virustotal.com/nl/ip-address/104.28.17.60/information/
Verdict: unknown_html_RFI_shell malware found.
SOA issues detected here: http://dnscheck.pingdom.com/?domain=AparataJe.com×tamp=1409858971&view=1
polonus
Another candidate: Up(nil): unknown_html RIPE VG noc dot akrino at gmail dot com 91.202.63.42 to 91.202.63.42 myfileload dot net htxp://myfileload.net/
htxp://myfileload.net/ is present in the Dr.Web database of unwanted sites!
3 times Bingo: https://www.virustotal.com/nl/url/0132e1bf138b3e1e032793d171a9934ec9a1f549a3b57bb6a79686431a5d6680/analysis/1409911945/
See: https://manage.centralnic.com/support/domain_doctor/myfileload.net (no IP6 support)
Hacked site. Blacklisted by SieAdvisor. System Details:
Running on: nginx/1.2.3
Powered by: PHP/5.4.6
Outdated Web Server Nginx Found: nginx/1.2.3
See IP badness history: https://www.virustotal.com/nl/ip-address/91.202.63.42/information/
Bad Web Rep: https://www.mywot.com/en/scorecard/91.202.63.42?utm_source=addon&utm_content=popup
We are being protected URL is blocked by avast! Webshield as URL:Mal detection.
pol
Pol,
there are tons of such file upload sites.
wxw.rghost.com…search for illegal or mature content and you will find many of bad boys.
Something else altogether now - compromised site being part of Citadel cybercrime bortnet:
https://www.virustotal.com/nl/url/4d7f5c9bf505ff9263acaad16c654ac61de3348c9f619b560b4565c96cd16867/analysis/ and
https://www.virustotal.com/nl/file/af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d/analysis/1400079806/
Blacklisred and compromised: http://sitecheck.sucuri.net/results/www.richplanet.net
Vulnerable to remote root 0-day exploit through ambiguities.
http://www.cvedetails.com/vulnerability-list/vendor_id-2152/Pureftpd.html
See: https://www.virustotal.com/nl/ip-address/83.223.103.26/information/
polonus