Saturday, August 19, 2017

Status of api.ipify.org - is it malicious or non malicious?

This site is found in many malware communication. So we are writing this post to clear the mist that it is not malicious. Please refer the below status from the security researcher community and look at the conclusion section for our comments.

Comments from security researchers: 
api.ipify.org is being used by malware C&C. As of the date of this post, the site itself is not currently malicious, instead it is being abused by malicious software.

To find related malware which at some point makes use of this API, use virustotal's search feture and enter these into it. Do not visit these sites with your browser!!!

77.79.81.251
77.79.81.241


https://virustotal.com/en/url/a5a3a9650cc71966caa70cd24d9e2c2cd75f2fc0e855f752680a65c1ac5a07c1/analysis/ 

https://virustotal.com/en/url/f0932fab71509884e4295ccfdffdf0f0b06ccd1f8b6d4a1164cd3a0a1c4cb444/analysis/ 
https://virustotal.com/en/file/cde02ef53df63d7181f4067475f141c0e1bcc96722d9a07ef1de53a705698d4b/analysis/1488298585/ 
https://sitecheck.sucuri.net/results/astechfitnes.com
https://virustotal.com/en/url/a5a3a9650cc71966caa70cd24d9e2c2cd75f2fc0e855f752680a65c1ac5a07c1/analysis/1490807692/ 
https://virustotal.com/en/file/63733fe624b6e2ca7941a30e33f2e664a973d91c5a28abe6204aab4a0062d917/analysis/ 
https://virustotal.com/en/url/a406838ee2d4ac737f26aadbf7e2d88563959f2c1f703b5f3d90e364505f3217/analysis/ 
https://virustotal.com/en/url/f0932fab71509884e4295ccfdffdf0f0b06ccd1f8b6d4a1164cd3a0a1c4cb444/analysis/ 
63733fe624b6e2ca7941a30e33f2e664a973d91c5a28abe6204aab4a0062d917
api.ipify.org
hedhesarbi.com
hedhesarbi.com/ls5/forum.php
mytahowre.ru/ls5/forum.php
ronyratres.ru/ls5/forum.php
thechmgroup.com
prowebhelper.net



Conclusion:
Many ransomware families used this public API to collect or gather the IP address of the infected machines aka victim machine details. But in many real world applications using this public API for legitimate purpose. So it can't be blocked. But keep an eye on this API and check for what it is used in your network.


Post made by
newWorld

9 comments:

Rakesh said...

Fabulous post admin, it was too good and helpful. Waiting for more updates.
Tally course in Chennai
Tally Training in Chennai
Tally institute in Chennai
AngularJS course in Chennai
ccna Training in Chennai
PHP course in Chennai
Salesforce course in Chennai
Tally Course in Velachery
Tally Course in Anna Nagar
Tally Course in T Nagar

interiorworld said...

I really like reading technology through a post that can make people think. Also, many thanks for permitting me to comment!

subha said...

thanks for sharing this motivational page..it help others also...hardwork never fails...true line..
AngularJS training in chennai | AngularJS training in anna nagar | AngularJS training in omr | AngularJS training in porur | AngularJS training in tambaram | AngularJS training in velachery

sudhan said...

Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post.



Robotic Process Automation (RPA) Training in Chennai | Robotic Process Automation (RPA) Training in anna nagar | Robotic Process Automation (RPA) Training in omr | Robotic Process Automation (RPA) Training in porur | Robotic Process Automation (RPA) Training in tambaram | Robotic Process Automation (RPA) Training in velachery

neebaltechnologiesblog said...

Your blog is awfully appealing. I am contented with your post. I regularly read your blog and its very helpful. If you are looking for the best Api Integration, then visit Neebal. Thanks! I enjoyed this blog post.

Moulichandra said...

It’s really amazing to get this blog and information in this blog may give the right information…!!
Tally Training in Chennai
CCNA Training Institute in Chennai
SEO Training Institute in Chennai
Big Data Course in Chennai
Cloud Training in Chennai
Blue Prism Training Institute in Chennai

jackr76 said...

Finally I’m glad to check this blog because it’s a nice and informative blog.
CCNA Training Institute in Chennai
Tally Training in Chennai

SEO Training Institute in Chennai
Blue Prism Training Institute in Chennai

Big Data Course in Chennai
Cloud Training in Chennai

Moulichandra said...

Wonderful blog..!! Reference links are similar to the topic that I’m looking for.
AngularJS Training in Chennai
RPA Training in Chennai

Rosy S said...

NICE POST AND THANKS FOR SHARING!!
Angularjs Training in Hyderabad
Angularjs Training in Gurgaon
Angularjs Training in Delhi

Four New Assassin's Creed Game

  Assassin's creed Mirage protagonist Basim AKA LOKI Game happening in Baghdad 20 years before Assassin's creed Valhalla basically g...