search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.83k stars 472 forks source link

[Referrer-Domain] api.gxout.com is a bad domain? #362

Open classicPintus opened 4 years ago

classicPintus commented 4 years ago

Paste the full Domain name / Referrer String here

api.gxout.com

Paste the full Referrer String here (paste in between the markers)

api.gxout.com

Is this for Addition / Removal?

223.150.46.86 - - [07/Mar/2020:20:59:01 +0100] "GET http://api.gxout.com/proxy/check.aspx HTTP/1.1" 301 178 "http://api.gxout.com/proxy/check.aspx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Additional information

From my nginx access logs I've the request pasted above. I listen the smell of some bad domain, but I don't have enough knowledge to say that. What do you think guys?

mitchellkrogza commented 4 years ago

I found this https://www.hybrid-analysis.com/sample/27ce7f870c0e73621e6530f7cfcb72b8948f018fcb8c1dcf54ea7b1b7484a58e

2020-03-09_14-40

Free Automated Malware Analysis Service - powered by Falcon Sandbox
Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.