Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on October 13, 2017, 12:24:11 PM

Title: What malware on site? Certificate issues on domain and hoster's nameserver!
Post by: polonus on October 13, 2017, 12:24:11 PM

https://urlquery.net/report/16cccd44-b3dd-4b31-9b94-228e472d1ea3
Consider: -https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.carusoarredo.eu&ref_sel=GSP2&ua_sel=ff&fs=1
3 vulnerable libraries: http://retire.insecurity.today/#!/scan/9c813fbffdaf35723546b835cc3e24a9c93fe95b8bfe852ee01f5079d6868e58
error:

Quote

undefined variable e & undefined variable n 

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=www.carusoarredo.eu
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
HTTP Public Key Pinning (HPKP) header cannot be set, as site contains an invalid certificate chain.
Root installed on the server.
For best practices, remove the self-signed root from the server. Certificate Chain from nocertificate.found

Quote

80/tcp  open  http     Apache httpd
|_http-server-header: Apache
|_http-title: 404 Not Found
443/tcp open  ssl/http nginx 1.6.2
|_http-server-header: nginx/1.6.2
|_http-title: SSL Error
| ssl-cert: Subject: commonName=nocertificate.found/organizationName=Dada SpA/stateOrProvinceName=Italy/countryName=IT
-> http://toolbar.netcraft.com/site_report?url=http://www.carusoarredo.eu

Register.it also has no properly chained certificate - missing COMODO SSL wildcard DV certificate.
Server version info proliferation - vuln. http://www.securityfocus.com/bid/99534 Remote Integer Overflow Vulnerability

polonus (volunteer website security analyst and website error-hunter)

Title: Re: What malware on site? Certificate issues on domain and hoster's nameserver!
Post by: Sirmer on October 14, 2017, 08:42:10 AM

this site is not hosting any malware