[clamav-users] request of support for flagging fraud domain

[Dennis Peterson]

If you have no reason for accepting mail from the .su top level domain then just 
block that and be done with it. Sometimes it's reasonable to take a broad brush 
response to these problematic domains.

dp

On 10/21/18 6:09 AM, Darius Baumann wrote:
> I want to submit the following fraud domain for flagging in ClamAV - 
> "servicemarket.su":
>
> General Abuse details:
>
> This domain is a fraud phishing pharmacy store and gets forwarded over spam 
> and domains advertised over spam.
>
> Evidence why malicious - That domain is flagged phishing/spam/malicious on the 
> following resources:
> 1) 
> hybrid-analysis.com/sample/d53b1767676e2397598d66ad868101674fa00947ff53b611004333d7567f22fa/5bcc38b67ca3e1682c7d469d
>
> Flagged Spamhaus, Quttera, Bitdefender
> 2) 
> virustotal.com/#/url/6f4b1668d3e06b174b3d1ec50d254380a6299701d8b87cd1077d5fa9f451e210/detection
>
> Gets forwarded to by the following network of urls - collected with the 
> following online tracing url:
> urlscan.io/result/82a515d3-c468-42b5-91cc-e1a4172b546d#transactions
> -----------------------------------------------------------
> 1) gruzvn . ru/repartitionv.html
>
> 2) dietlines4health .world/all/myww/cpc?bhu=CWpYzpXJ6ChgL7PL2g1c3bVeLd5Wu6aVRx2Wk
>
> Which is also rated malicious:
> hybrid-analysis.com/sample/f686717f7eaadcd9b9189c69c358eecae931186c2242f32f100a188e23c113b9/5bcba1707ca3e1789b753573
>
> 3) servicemarket . su - the complaint url
>
> Thanks, Darius Baumann
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181021/5231882c/attachment.htm>