Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Further vulnerabilities on infested abused website...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Further vulnerabilities on infested abused website... (Read 1150 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Further vulnerabilities on infested abused website...
«
on:
October 27, 2019, 12:52:04 AM »
See:
https://urlhaus.abuse.ch/url/248846/
website Phoenix infested...
Dropper detected ->
https://www.virustotal.com/gui/file/6df263204ae5a0fa24825d78a280cabbc7c3f5288281b6ac770465807f22946f/detection
1 vulnerable jQuery library detected:
https://retire.insecurity.today/#!/scan/c4e606be0d5b86e2c01f82c05e4b4bec5cf608c6bcc3c1f22ad9a3043372cfaa
Website opening up to: DOM-XSS scanned: Results from scanning URL: -http://zzb.bz/application/files/js/checker.js
Number of sources found: 43
Number of sinks found: 19
G-Data detects PHISHING here:
https://www.virustotal.com/gui/url/8130cc49f03f84ff594b769e344c94336d86ad83fe48e8d47266646755c5c0b1/detection
with another vulnerable jQuery script library:
https://retire.insecurity.today/#!/scan/9bce1247de468b4d6b3966330d51d83848b3da9d32bc43d13cb021e5b66cd8d3
See the risks of a short URL Service here and that it is open to be abused, see various abuse on Linode IP:
https://www.virustotal.com/gui/ip-address/172.105.206.132/relations
polonus (3rd party cold recon website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Further vulnerabilities on infested abused website...
«
Reply #1 on:
October 27, 2019, 05:14:45 PM »
A site that launches various malware:
https://urlhaus.abuse.ch/url/248949/
See 10 red out of 10 risk grade:
https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fnstarserver17km.club
List of malware:
https://www.virustotal.com/gui/ip-address/213.252.247.213/relations
and a minus-6 on the security grade scale:
https://webcookies.org/cookies/nstarserver17km.club/28576291?481267
Excessive server info proliferation and server vulnerabilties:
https://www.shodan.io/host/213.252.247.213
see:
https://www.cvedetails.com/vulnerability-list/vendor_id-97/product_id-585/version_id-228285/Openbsd-Openssh-7.4.html
&
https://www.alibabacloud.com/help/faq-detail/48573.htm
polonus
«
Last Edit: October 27, 2019, 06:28:29 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Further vulnerabilities on infested abused website...