« previous next »
Pages: [1]   Go Down

Author Topic: Suspicous domain & server connotations */su domain / Jino.ru/mod_pizza server  (Read 2499 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Suspicous domain & server connotations */su domain / Jino.ru/mod_pizza server
« on: November 08, 2018, 06:49:22 PM »
See: https://urlquery.net/report/3959ebc6-a795-45e3-81fc-b0569098eacb
and https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=YmxdXmteaHxbbm57d3Muc3U%3D~enc
1 vuln. library detected: https://retire.insecurity.today/#!/scan/ed99a330780fb735679b5f9b54e6afcf5073e4ef2fc2a742f78e7eef2f8ae166
125 security recommendations: https://webhint.io/scanner/156143f4-58d4-4140-b60e-0a0f8ed804f9#Security
F-grade scan results here: https://observatory.mozilla.org/analyze/http://blockchainnews.su
D-status here: https://webcookies.org/scan/20104799
Suspicious pattern detected: https://www.virustotal.com/#/url/0aed4d4e6d0824e5a0d15d569332da12f35fefc29b8c567df1398ad58c6b4040/detection

Suspicious pattern found: Session_replay Type: User tracking/fingerprinting
(User session may be recorded and sent to third parties for behavioral analysis)

For es5-shims mind:
Quote
Function.prototype.bind
warning Caveat: the bound function has a prototype property.
warning Caveat: bound functions do not try too hard to keep you from manipulating their arguments and caller properties.
warning Caveat: bound functions don't have checks in call and apply to avoid executing as a constructor.

Word Press config error: Warning  User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   None   juchara
2   None   spectrum_admin
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Su domain often related to malicious domains - re: https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=186629073

Name server version is vulnerable to an exploit with a DNS bug and a label decompression bug, newer versions are available.

Running on that IP: _http-server-header: Jino.ru/mod_pizza, with potentialy risky TRACE
Vulnerable to so-called  pizza-thief exploit!

NFS may be out of sync. for links that may stay out of sight out of mind...(phishers, carders, could be state actors and the like).

Moreover OpenSSH 5.3, which is also vulnerable.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: November 08, 2018, 07:15:57 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »