malware??

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

malware??

L2 Linker

Dumb question perhaps, but why is www.googletagservices.com/tag/js/gpt.js being flagged as a malicious URL?  It doesn't come up that way in PA's URL filtering site.

It's created a considerable jump in my botnet list.

Thanks in advance...

//moe

19 REPLIES 19

What output you are getting for this new URL from ">test url " command ..?

Thanks

For us its comp&Internet.

admin@85-PA-VM-300> test url-info-cloud g.symcd.com

BM:

symcd.com,9,5,computer-and-internet-info

Please provide us output for

test url-info-cloud g.symcd.com

show system info

Regards,

Hardik Shah

@PA-5020-P(active)> test url g.symcd.com

g.symcd.com computer-and-internet-info (Base db) expires in 0 seconds

g.symcd.com computer-and-internet-info (Cloud db)

I see where you are going w/this….  So…

Am I to verify each entry on my botnet report prior to taking action?

Am I getting URL updates soon enough, an if not, where do I adjust?

Am I placing too much ‘faith’ in the botnet report?

From the botnet report:


confidence    Virtual System    description

4    vsys1    Repeatedly visited (42) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (441) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (65) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (59) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCK7KMAoI08AAGfwI84AAACi

4    vsys1    Repeatedly visited (40) the same malicious URL acuityplatform.com/Adserver/exds?xuid=8f02281c60d856473aab5158f5ac729c

4    vsys1    Repeatedly visited (123) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (190) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (63) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLtJMAoI0gAAHjWIP0AAABR

4    vsys1    Repeatedly visited (68) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (65) the same malicious URL acuityplatform.com/Adserver/exds?xuid=ef8c5c814844f7f359896d10d97045dd

4    vsys1    Repeatedly visited (100) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36931

4    vsys1    Repeatedly visited (51) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLVhsAoI0YAACmlXH8AAACE

4    vsys1    Repeatedly visited (198) the same malicious URL g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp2

4    vsys1    Repeatedly visited (39) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLTtsAoIz0AAAZPA.MAAACV

4    vsys1    Repeatedly visited (45) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36931

4    vsys1    Repeatedly visited (73) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID

4    vsys1    Repeatedly visited (157) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID

4    vsys1    Repeatedly visited (47) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLeicAoI0YAAD4Vd2cAAAAD

4    vsys1    Repeatedly visited (121) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCMOwMAoI0oAAEKePowAAADV

4    vsys1    Repeatedly visited (45) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID

4    vsys1    Repeatedly visited (36) the same malicious URL assets.tumblr.com/fonts/gibson/stylesheet.css?v=3

4    vsys1    Repeatedly visited (575) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (43) the same malicious URL acuityplatform.com/Adserver/exds?xuid=41ed950b4ac8a2da0effdb75f6b13fe2

4    vsys1    Repeatedly visited (45) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36953

4    vsys1    Repeatedly visited (127) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLQicAoIzcAAIBXHTwAAAD7

4    vsys1    Repeatedly visited (133) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (107) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36939

4    vsys1    Repeatedly visited (38) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLi5cAoI0oAAJ2eaAIAAAAD

4    vsys1    Repeatedly visited (150) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (38) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLwVMAoIzsAABrw-C0AAAE8

4    vsys1    Repeatedly visited (42) the same malicious URL cdn.mxpnl.com/libs/mixpanel-2.2.min.js

4    vsys1    Repeatedly visited (187) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (58) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCL9o8AoIzMAABBzJg0AAABO

4    vsys1    Repeatedly visited (51) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (85) the same malicious URL g.symcd.com/

4    vsys1    Repeatedly visited (54) the same malicious URL g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp2

4    vsys1    Repeatedly visited (163) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID

4    vsys1    Repeatedly visited (70) the same malicious URL ortc-ws6-useast1-s0003.realtime.co/

4    vsys1    Repeatedly visited (555) the same malicious URL g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp2

I'm seeing the same behaviour in our botnet report. Mulitiple users repeatedly visiting supposedly malicious URLs. All URLs seem to be related to advertisement or cnd. Running pan-db 2014.09.25.451.

We have a open case with TAC  regarding this. Will let you know how it goes.

Hi VSU,

I just resolved one similar issue. follow bellow steps.

1. Download latest PAN-DB

2. Clear ur-cache googletagservices.com/tag/js/gpt.js

3. Now access, it will work.

regards,

HArdik Shah

  • 5989 Views
  • 19 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!