martes, 19 de marzo de 2019

Online -= Malicious activity =- Webpages 0day 19-03-2019


NEW SECTION CALLED
**************
Online Phising Webpages 0day
**************
In this new Section Wjet News goin to show 0day Websites ONline whit --=Malicious activity=--- for all want to test online this sites and learn more about this tiny malware´s

Wjet News
**************
Will also analyze these sites and give a detailed report of each of them.



SECURITY NOTICE
 ***********************

This sites are online and have Malicious activity, BECAREFUL


WEBSITE:
---------------
http://dipziit.pw

TYPE
---------
Phising
HTTP REQUEST
------------------
 19
4072     iexplore.exe     GET     302     146.66.69.135:80     http://dipziit.pw/     US    

3396     iexplore.exe     GET     200     204.79.197.200:80     http://www.bing.com/favicon.ico        

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/login.php?cmd=login_submit&id=6295f48d612c1da6e4fd35f40d905e5f6295f48d612c1da6e4fd35f40d905e5f&session=6295f48d612c1da6e4fd35f40d905e5f6295f48d612c1da6e4fd35f40d905e5f

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/b1.png
   
4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/al.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/b4.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/of.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/b3.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/oth.png         

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/offc.php

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f2.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f3.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f4.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f1.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f8.png    

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f6.png    

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f5.png    

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f7.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/login.pn

CONNECTIONS
------------------
9
072     iexplore.exe     146.66.69.135:80         US     suspicious
3396     iexplore.exe     204.79.197.200:80     Microsoft Corporation     US     whitelisted
3396     iexplore.exe     146.66.69.135:80    

DNS REQUEST
------------------
3

dipziit.pw     146.66.69.135     
www.bing.com     204.79.197.200
 
13.107.21.200
In this case, in the analyzed threats and the processes that are activated when login are found, they were 25 and they are Potentially Bad Traffic .- ET DNS Query to a *.pw domain - Likely Hostile
THREATS
------------
25
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     A Network Trojan was detected     MALWARE [PTsecurity] Google Drive Phishing
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     A Network Trojan was detected     ET INFO Suspicious HTML Decimal Obfuscated Title 4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Generic Protocol Command Decode      STREAM excessive retransmissions
4072     iexplore.exe     Generic Protocol Command Decode      STREAM excessive retransmissions
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     A Network Trojan was detected     ET INFO Suspicious HTML Decimal Obfuscated 
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain 
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
3396     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain


SECURITY NOTICE
 ***********************

This sites are online and have Malicious activity, BECAREFUL  :p
en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)

Crowdstrike -> Solución de errores de actualización de CrowdStrike con BitLocker habilitado

En este pequeño articulo ver como componer el problema de CROWDSTRIKE cuando esta habilitado el BITLOCKER, cabe resaltar que puede ser una e...