Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Should this IP be blocked - SURICATA TLS invalid handshake message
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Should this IP be blocked - SURICATA TLS invalid handshake message (Read 4053 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34059
malware fighter
Should this IP be blocked - SURICATA TLS invalid handshake message
«
on:
November 09, 2014, 01:04:38 AM »
See:
http://urlquery.net/report.php?id=1415490512063
*
Security headers missing Framing X-Frame-Options Use 'sameorigin'
missing Transport Strict-Transport-Security Use 'max-age=31536000; includeSubDomains'
missing Caching Pragma Use 'no-cache'
missing Access Control X-Permitted-Cross-Domain-Policies Use 'master-only'
Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src 'self', avoid 'unsafe-inline' and 'unsafe-eval'
Malware acast flags launched from link from that IP:
https://www.virustotal.com/nl/file/c1d018574cda1829c1b4ba9494eeec8b2dcfa5d8f5505f7a255e94431f657dc7/analysis/
Another domain flagged there:
http://urlquery.net/report.php?id=1415490250317
htxp://ieslazafra.blogspot.com/ redirects to htxp://ieslazafra.blogspot.ru/ *
Here scorecard research adware resides:
http://botcrawl.com/how-to-remove-the-scorecardresearch-virus-pop-up-survey-and-b-scorecardresearch-com-malware-trojan/
* domains mentioned may have adult content, not suitable to be visited by minors!
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34059
malware fighter
Re: Should this IP be blocked - SURICATA TLS invalid handshake message
«
Reply #1 on:
November 09, 2014, 01:17:40 AM »
Oh that last site also has this in one of the script codes: htxps://www.blogger.com/navbar.g?targetBlogID flagged as malware here:
https://www.virustotal.com/nl/url/cfc15103e9f97273f18ddebcb9c30b14ac7439d28ae16dc5116e83dea1d950cb/analysis/
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Should this IP be blocked - SURICATA TLS invalid handshake message