09-23-2014 07:58 AM
Dumb question perhaps, but why is www.googletagservices.com/tag/js/gpt.js being flagged as a malicious URL? It doesn't come up that way in PA's URL filtering site.
It's created a considerable jump in my botnet list.
Thanks in advance...
//moe
09-25-2014 08:33 AM
What output you are getting for this new URL from ">test url " command ..?
Thanks
09-25-2014 10:20 AM
For us its comp&Internet.
admin@85-PA-VM-300> test url-info-cloud g.symcd.com
BM:
symcd.com,9,5,computer-and-internet-info
Please provide us output for
test url-info-cloud g.symcd.com
show system info
Regards,
Hardik Shah
09-25-2014 02:38 PM
@PA-5020-P(active)> test url g.symcd.com
g.symcd.com computer-and-internet-info (Base db) expires in 0 seconds
g.symcd.com computer-and-internet-info (Cloud db)
I see where you are going w/this…. So…
Am I to verify each entry on my botnet report prior to taking action?
Am I getting URL updates soon enough, an if not, where do I adjust?
Am I placing too much ‘faith’ in the botnet report?
From the botnet report:
confidence Virtual System description
4 vsys1 Repeatedly visited (42) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (441) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (65) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (59) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCK7KMAoI08AAGfwI84AAACi
4 vsys1 Repeatedly visited (40) the same malicious URL acuityplatform.com/Adserver/exds?xuid=8f02281c60d856473aab5158f5ac729c
4 vsys1 Repeatedly visited (123) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (190) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (63) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLtJMAoI0gAAHjWIP0AAABR
4 vsys1 Repeatedly visited (68) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (65) the same malicious URL acuityplatform.com/Adserver/exds?xuid=ef8c5c814844f7f359896d10d97045dd
4 vsys1 Repeatedly visited (100) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36931
4 vsys1 Repeatedly visited (51) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLVhsAoI0YAACmlXH8AAACE
4 vsys1 Repeatedly visited (198) the same malicious URL g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp2
4 vsys1 Repeatedly visited (39) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLTtsAoIz0AAAZPA.MAAACV
4 vsys1 Repeatedly visited (45) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36931
4 vsys1 Repeatedly visited (73) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID
4 vsys1 Repeatedly visited (157) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID
4 vsys1 Repeatedly visited (47) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLeicAoI0YAAD4Vd2cAAAAD
4 vsys1 Repeatedly visited (121) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCMOwMAoI0oAAEKePowAAADV
4 vsys1 Repeatedly visited (45) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID
4 vsys1 Repeatedly visited (36) the same malicious URL assets.tumblr.com/fonts/gibson/stylesheet.css?v=3
4 vsys1 Repeatedly visited (575) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (43) the same malicious URL acuityplatform.com/Adserver/exds?xuid=41ed950b4ac8a2da0effdb75f6b13fe2
4 vsys1 Repeatedly visited (45) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36953
4 vsys1 Repeatedly visited (127) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLQicAoIzcAAIBXHTwAAAD7
4 vsys1 Repeatedly visited (133) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (107) the same malicious URL cache.dtmpub.com/js/ncg6/0/optinrt_0.js?cgver=36939
4 vsys1 Repeatedly visited (38) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLi5cAoI0oAAJ2eaAIAAAAD
4 vsys1 Repeatedly visited (150) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (38) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCLwVMAoIzsAABrw-C0AAAE8
4 vsys1 Repeatedly visited (42) the same malicious URL cdn.mxpnl.com/libs/mixpanel-2.2.min.js
4 vsys1 Repeatedly visited (187) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (58) the same malicious URL acuityplatform.com/Adserver/cmds?cm_dsp_id=10&cm_callback_url=http:/dsum.casalemedia.com/rum&cm_user_id=VCL9o8AoIzMAABBzJg0AAABO
4 vsys1 Repeatedly visited (51) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (85) the same malicious URL g.symcd.com/
4 vsys1 Repeatedly visited (54) the same malicious URL g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp2
4 vsys1 Repeatedly visited (163) the same malicious URL acuityplatform.com/Adserver/atds?getuserid=http://ums.adtechus.com/mapuser?providerid=1027;userid=$UID
4 vsys1 Repeatedly visited (70) the same malicious URL ortc-ws6-useast1-s0003.realtime.co/
4 vsys1 Repeatedly visited (555) the same malicious URL g.symcd.com/MEkwR6ADAgEAMEAwPjA8MAkGBSsOAwIaBQAEFLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp2
09-26-2014 01:05 AM
I'm seeing the same behaviour in our botnet report. Mulitiple users repeatedly visiting supposedly malicious URLs. All URLs seem to be related to advertisement or cnd. Running pan-db 2014.09.25.451.
We have a open case with TAC regarding this. Will let you know how it goes.
09-26-2014 10:48 AM
Hi VSU,
I just resolved one similar issue. follow bellow steps.
1. Download latest PAN-DB
2. Clear ur-cache googletagservices.com/tag/js/gpt.js
3. Now access, it will work.
regards,
HArdik Shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
