If you have no reason for accepting mail from the .su top level domain then just
block that and be done with it. Sometimes it's reasonable to take a broad brush
response to these problematic domains.
dp
On 10/21/18 6:09 AM, Darius Baumann wrote:
I want to submit the following fraud domain for flagging in ClamAV -
"servicemarket.su":
General Abuse details:
This domain is a fraud phishing pharmacy store and gets forwarded over spam
and domains advertised over spam.
Evidence why malicious - That domain is flagged phishing/spam/malicious on the
following resources:
1)
hybrid-analysis.com/sample/d53b1767676e2397598d66ad868101674fa00947ff53b611004333d7567f22fa/5bcc38b67ca3e1682c7d469d
Flagged Spamhaus, Quttera, Bitdefender
2)
virustotal.com/#/url/6f4b1668d3e06b174b3d1ec50d254380a6299701d8b87cd1077d5fa9f451e210/detection
Gets forwarded to by the following network of urls - collected with the
following online tracing url:
urlscan.io/result/82a515d3-c468-42b5-91cc-e1a4172b546d#transactions
-----------------------------------------------------------
1) gruzvn . ru/repartitionv.html
2) dietlines4health
.world/all/myww/cpc?bhu=CWpYzpXJ6ChgL7PL2g1c3bVeLd5Wu6aVRx2Wk
Which is also rated malicious:
hybrid-analysis.com/sample/f686717f7eaadcd9b9189c69c358eecae931186c2242f32f100a188e23c113b9/5bcba1707ca3e1789b753573
3) servicemarket . su - the complaint url
Thanks, Darius Baumann
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
