Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Subdomain hack and defacement incorrect installed certificate on main domain!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Subdomain hack and defacement incorrect installed certificate on main domain! (Read 948 times)
0 Members and 2 Guests are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Subdomain hack and defacement incorrect installed certificate on main domain!
«
on:
January 30, 2018, 12:19:32 AM »
Google Cloud Abuse:
https://toolbar.netcraft.com/site_report?url=110.153.201.35.bc.googleusercontent.com
Main domain: Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
AddTrust Comodo - host name -110.153.201.35.bc.googleusercontent.com
Name mismatch - common name:
www.matrixc.com
What subdomain hacked? ->
http://overflowzone.com/mirror/39115/
IP PHISH:
https://checkphish.ai/ip/192.254.233.173
On main domain:
https://urlscan.io/domain/gappsmy.com
Insecure: -https://110.153.201.35.bc.googleusercontent.com/
polonus (volunteer website security analyst and website error-hunter)
«
Last Edit: January 30, 2018, 12:21:26 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Subdomain hack and defacement incorrect installed certificate on main domain!
«
Reply #1 on:
January 30, 2018, 01:03:07 AM »
Another such site defacement -
http://urlquery.net/report/cb9ae47e-aa02-4d75-a706-93a295e89507
Nothing flagged:
https://www.virustotal.com/#/url/19241f66e6d37aed8be4dcb03abab63321352a604c7f5dc8d79fa31fdcfe2293/detection
Source:
http://urlquery.net/report/cb9ae47e-aa02-4d75-a706-93a295e89507
Warnings 2:
https://asafaweb.com/Scan?Url=hff.co.za%2Findex.html
Related to hack:
https://asafaweb.com/Scan?Url=i.hizliresim.com
(without title)
Reporter - Archive Attack Reporter: TurkHacks.Com (The Netherlands)
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Subdomain hack and defacement incorrect installed certificate on main domain!