Open classicPintus opened 4 years ago
I found this https://www.hybrid-analysis.com/sample/27ce7f870c0e73621e6530f7cfcb72b8948f018fcb8c1dcf54ea7b1b7484a58e
Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
Paste the full Domain name / Referrer String here
api.gxout.com
Paste the full Referrer String here (paste in between the
markers)
api.gxout.com
Is this for Addition / Removal?
223.150.46.86 - - [07/Mar/2020:20:59:01 +0100] "GET http://api.gxout.com/proxy/check.aspx HTTP/1.1" 301 178 "http://api.gxout.com/proxy/check.aspx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Additional information
From my nginx access logs I've the request pasted above. I listen the smell of some bad domain, but I don't have enough knowledge to say that. What do you think guys?