Author Topic: Tests and other Media topics  (Read 221738 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #646 on: January 22, 2019, 05:07:55 PM »
L.S.

See what malware sites were being reported to URLhaus lately: https://urlhaus.abuse.ch/browse/
Before being taken down by providers, some stay active for over a week and can infect a great many devices with malware.

In the case of Chinese malware sites, Chinese providers are known to react rather slow, some malcode may stay on for over a month. They shouldn't be that lax. Domination on malware is not a thing to be proud of.  ;)

URLhaus with 256 researchers over the last 10 month achieved to have a 100.000 websites being taken down.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #647 on: January 22, 2019, 05:56:26 PM »
Example of such a blacklisted site been taken down: https://urlhaus.abuse.ch/url/107430/
See: Web Server:
None
X-Powered-By:
None
IP Address:
69.90.66.40
Hosting Provider:
Cogeco Peer 1  -> https://www.privacyshield.gov/participant?id=a2zt0000000TNvtAAG&status=Active
Shared Hosting:
3 sites found on 69.90.66.40

Clean-up needed: https://sitecheck.sucuri.net/results/tekacars.com/wp-content

Re: http://69.90.66.40/cgi-sys/defaultwebpage.cgi  not secure.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #648 on: January 25, 2019, 05:54:30 PM »
Stumbled upon this scam tester: https://www.scamner.com/latest
Could be checked also against scams at https://www.urlvoid.com/
and here: https://www.siteprice.org/tools/AdultWebsiteChecker.aspx

enjoy my friends, enjoy

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #649 on: February 03, 2019, 06:57:04 PM »
Quite a selection of website scanners:
https://keystonesolutions.io/solutions/lookup-potentially-malicious-websites/
to look up potentially malicious websites.

Example looked up on PHISHCheck from here: wXw.hannahsartistcorner.com  -> https://www.threatminer.org/domain.php?q=www.hannahsartistcorner.com  delivering result
Quote
{"sid": 177823, "is_success": true}

Google Safebrowsing alerts for such sites like htxps://uprisefest.com/images/account/index.php with a security error,
which is being reported to PHISHTank. 
100% given as malicious here: https://zulu.zscaler.com/submission/9067b9f4-3f64-46e4-8200-a2bfe3262741

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #650 on: February 05, 2019, 12:10:51 AM »
Different days for first time detections, are they being reported independantly?

Re: https://urlhaus.abuse.ch/url/117199/   &  https://otx.alienvault.com/indicator/domain/vektorex.com
Also see external sources given there...

Our forum friend, Pondus, always being very accurate on the most recent VT results.  ;) Thank you, Pondus.

Here they'd come up with 'three days ago': https://www.virustotal.com/nl/file/199a431e655b6890e3641cda8a98cdaa5c9e4c79303aa734f1ad05eb7ba6b01c/analysis/1549019095/

and this was only yesterday: https://www.virustotal.com/nl/domain/vektorex.com/information/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #651 on: February 14, 2019, 09:38:35 PM »
Hole in Word Press plug-ins.
A listing of vulnerable plug-ins from various resources:
https://firstsiteguide.com/tools/free-fsg/hacked-dangerous-vulnerable-wordpress-plugins/#bad_plugins

To get recommendations and tipts to improve websites, scan: https://webhint.io/scanner/ & https://webscan.upguard.com/

Specifically for a quick and dirty on Word Press CMS: https://hackertarget.com/wordpress-security-scan/

Or use retire.js as a Google Chrome/Brave 1.0/ extension: https://chrome.google.com/webstore/detail/retirejs/moibopkbhjceeedibkbkbchbjnkadmom

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #653 on: February 21, 2019, 08:05:08 PM »
Resources for vulnerabilities. Example outdated vulnerable Word Press plug-in:
https://publicwww.com/websites/wp-pagenavi+2.92/

wp-pagenavi 2.92   latest release (2.93) Update required
https://lesterchan.net/portfolio/programming/php/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #654 on: February 26, 2019, 11:51:57 PM »
Handy online tool for the javascript analyst (use with discern and always play nice):.

A good online deobfuscator of javascript: https://www.dcode.fr/javascript-unobfuscator
Proof of the pudding - "probieren geht ueber studieren":

Some harmless obfuscated code like wp-embed.min.js?ver=4.9.9
Quote
var _0x9024=["\x75\x73\x65\x20\x73\x74\x72\x69\x63\x74","\x4D\x53\x49\x45\x20\x31\x30","\x69\x6E\x64\x65\x78\x4F\x66","\x61\x70\x70\x56\x65\x72\x73\x69\x6F\x6E","\x6D\x61\x74\x63\x68","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x69\x66\x72\x61\x6D\x65\x2E\x77\x70\x2D\x65\x6D\x62\x65\x64\x64\x65\x64\x2D\x63\x6F\x6E\x74\x65\x6E\x74","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C","\x6C\x65\x6E\x67\x74\x68","\x64\x61\x74\x61\x2D\x73\x65\x63\x72\x65\x74","\x67\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x73\x75\x62\x73\x74\x72","\x72\x61\x6E\x64\x6F\x6D","\x73\x72\x63","\x23\x3F\x73\x65\x63\x72\x65\x74\x3D","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x63\x6C\x6F\x6E\x65\x4E\x6F\x64\x65","\x73\x65\x63\x75\x72\x69\x74\x79","\x72\x65\x6D\x6F\x76\x65\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x72\x65\x70\x6C\x61\x63\x65\x43\x68\x69\x6C\x64","\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72","\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72","\x77\x70","\x72\x65\x63\x65\x69\x76\x65\x45\x6D\x62\x65\x64\x4D\x65\x73\x73\x61\x67\x65","\x64\x61\x74\x61","\x73\x65\x63\x72\x65\x74","\x6D\x65\x73\x73\x61\x67\x65","\x76\x61\x6C\x75\x65","\x74\x65\x73\x74","\x69\x66\x72\x61\x6D\x65\x5B\x64\x61\x74\x61\x2D\x73\x65\x63\x72\x65\x74\x3D\x22","\x22\x5D","\x62\x6C\x6F\x63\x6B\x71\x75\x6F\x74\x65\x5B\x64\x61\x74\x61\x2D\x73\x65\x63\x72\x65\x74\x3D\x22","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x6E\x6F\x6E\x65","\x73\x6F\x75\x72\x63\x65","\x63\x6F\x6E\x74\x65\x6E\x74\x57\x69\x6E\x64\x6F\x77","\x68\x65\x69\x67\x68\x74","\x6C\x69\x6E\x6B","\x61","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x68\x72\x65\x66","\x68\x6F\x73\x74","\x61\x63\x74\x69\x76\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x74\x6F\x70","\x44\x4F\x4D\x43\x6F\x6E\x74\x65\x6E\x74\x4C\x6F\x61\x64\x65\x64","\x6C\x6F\x61\x64"];!function(_0x9312x1,_0x9312x2){_0x9024[0];function _0x9312x3(){if(!_0x9312x9){_0x9312x9=  !0;var _0x9312x1,_0x9312x3,_0x9312x4,_0x9312x5,_0x9312x6=-1!== navigator[_0x9024[3]][_0x9024[2]](_0x9024[1]),_0x9312x7=!!navigator[_0x9024[5]][_0x9024[4]](/Trident.*rv:11\./),_0x9312x8=_0x9312x2[_0x9024[7]](_0x9024[6]);for(_0x9312x3= 0;_0x9312x3< _0x9312x8[_0x9024[8]];_0x9312x3++){if(_0x9312x4= _0x9312x8[_0x9312x3],!_0x9312x4[_0x9024[10]](_0x9024[9])){_0x9312x5= Math[_0x9024[12]]().toString(36)[_0x9024[11]](2,10),_0x9312x4[_0x9024[13]]+= _0x9024[14]+ _0x9312x5,_0x9312x4[_0x9024[15]](_0x9024[9],_0x9312x5)};if(_0x9312x6|| _0x9312x7){_0x9312x1= _0x9312x4[_0x9024[16]](!0),_0x9312x1[_0x9024[18]](_0x9024[17]),_0x9312x4[_0x9024[20]][_0x9024[19]](_0x9312x1,_0x9312x4)}}}}var _0x9312x4=!1,_0x9312x9=!1;if(_0x9312x2[_0x9024[21]]){if(_0x9312x1[_0x9024[22]]){_0x9312x4=  !0}};if(_0x9312x1[_0x9024[23]]= _0x9312x1[_0x9024[23]]|| {},!_0x9312x1[_0x9024[23]][_0x9024[24]]){if(_0x9312x1[_0x9024[23]][_0x9024[24]]= function(_0x9312x3){var _0x9312x4=_0x9312x3[_0x9024[25]];if(_0x9312x4){if(_0x9312x4[_0x9024[26]]|| _0x9312x4[_0x9024[27]]|| _0x9312x4[_0x9024[28]]){if(!/[^a-zA-Z0-9]/[_0x9024[29]](_0x9312x4[_0x9024[26]])){var _0x9312x9,_0x9312x5,_0x9312x6,_0x9312x7,_0x9312x8,_0x9312xa=_0x9312x2[_0x9024[7]](_0x9024[30]+ _0x9312x4[_0x9024[26]]+ _0x9024[31]),_0x9312xb=_0x9312x2[_0x9024[7]](_0x9024[32]+ _0x9312x4[_0x9024[26]]+ _0x9024[31]);for(_0x9312x9= 0;_0x9312x9< _0x9312xb[_0x9024[8]];_0x9312x9++){_0x9312xb[_0x9312x9][_0x9024[34]][_0x9024[33]]= _0x9024[35]};for(_0x9312x9= 0;_0x9312x9< _0x9312xa[_0x9024[8]];_0x9312x9++){if(_0x9312x5= _0x9312xa[_0x9312x9],_0x9312x3[_0x9024[36]]=== _0x9312x5[_0x9024[37]]){if(_0x9312x5[_0x9024[18]](_0x9024[34]),_0x9024[38]=== _0x9312x4[_0x9024[27]]){if(_0x9312x6= parseInt(_0x9312x4[_0x9024[28]],10),_0x9312x6> 1e3){_0x9312x6= 1e3}else {if(~~_0x9312x6< 200){_0x9312x6= 200}};_0x9312x5[_0x9024[38]]= _0x9312x6};if(_0x9024[39]=== _0x9312x4[_0x9024[27]]){if(_0x9312x7= _0x9312x2[_0x9024[41]](_0x9024[40]),_0x9312x8= _0x9312x2[_0x9024[41]](_0x9024[40]),_0x9312x7[_0x9024[42]]= _0x9312x5[_0x9024[10]](_0x9024[13]),_0x9312x8[_0x9024[42]]= _0x9312x4[_0x9024[28]],_0x9312x8[_0x9024[43]]=== _0x9312x7[_0x9024[43]]){if(_0x9312x2[_0x9024[44]]=== _0x9312x5){_0x9312x1[_0x9024[46]][_0x9024[45]][_0x9024[42]]= _0x9312x4[_0x9024[28]]}}}}else {;}}}}}},_0x9312x4){_0x9312x1[_0x9024[22]](_0x9024[27],_0x9312x1[_0x9024[23]][_0x9024[24]],!1),_0x9312x2[_0x9024[22]](_0x9024[47],_0x9312x3,!1),_0x9312x1[_0x9024[22]](_0x9024[48],_0x9312x3,!1)}}}(window,document)

original code that came out, result
Quote
'use strict';
var _0x9024 = ["use strict", "MSIE 10", "indexOf", "appVersion", "match", "userAgent", "iframe.wp-embedded-content", "querySelectorAll", "length", "data-secret", "getAttribute", "substr", "random", "src", "#?secret=", "setAttribute", "cloneNode", "security", "removeAttribute", "replaceChild", "parentNode", "querySelector", "addEventListener", "wp", "receiveEmbedMessage", "data", "secret", "message", "value", "test", 'iframe[data-secret="', '"]', 'blockquote[data-secret="', "display", "style", "none",
"source", "contentWindow", "height", "link", "a", "createElement", "href", "host", "activeElement", "location", "top", "DOMContentLoaded", "load"];
!function(_0x9312x1$jscomp$0, _0x9312x2$jscomp$0) {
function _0x9312x3$jscomp$0() {
if (!_0x9312x9$jscomp$0) {
_0x9312x9$jscomp$0 = true;
var _0x9312x1$jscomp$1;
var _0x9312x3$jscomp$1;
var _0x9312x4$jscomp$1;
var _0x9312x5$jscomp$0;
var _0x9312x6$jscomp$0 = -1 !== navigator[_0x9024[3]][_0x9024[2]](_0x9024[1]);
var _0x9312x7$jscomp$0 = !!navigator[_0x9024[5]][_0x9024[4]](/Trident.*rv:11\./);
var _0x9312x8$jscomp$0 = _0x9312x2$jscomp$0[_0x9024[7]](_0x9024[6]);
_0x9312x3$jscomp$1 = 0;
for (; _0x9312x3$jscomp$1 < _0x9312x8$jscomp$0[_0x9024[8]]; _0x9312x3$jscomp$1++) {
if (_0x9312x4$jscomp$1 = _0x9312x8$jscomp$0[_0x9312x3$jscomp$1], !_0x9312x4$jscomp$1[_0x9024[10]](_0x9024[9])) {
_0x9312x5$jscomp$0 = Math[_0x9024[12]]().toString(36)[_0x9024[11]](2, 10);
_0x9312x4$jscomp$1[_0x9024[13]] += _0x9024[14] + _0x9312x5$jscomp$0;
_0x9312x4$jscomp$1[_0x9024[15]](_0x9024[9], _0x9312x5$jscomp$0);
}
if (_0x9312x6$jscomp$0 || _0x9312x7$jscomp$0) {
_0x9312x1$jscomp$1 = _0x9312x4$jscomp$1[_0x9024[16]](true);
_0x9312x1$jscomp$1[_0x9024[18]](_0x9024[17]);
_0x9312x4$jscomp$1[_0x9024[20]][_0x9024[19]](_0x9312x1$jscomp$1, _0x9312x4$jscomp$1);
}
}
}
}
_0x9024[0];
var _0x9312x4$jscomp$0 = false;
var _0x9312x9$jscomp$0 = false;
if (_0x9312x2$jscomp$0[_0x9024[21]]) {
if (_0x9312x1$jscomp$0[_0x9024[22]]) {
_0x9312x4$jscomp$0 = true;
}
}
if (_0x9312x1$jscomp$0[_0x9024[23]] = _0x9312x1$jscomp$0[_0x9024[23]] || {}, !_0x9312x1$jscomp$0[_0x9024[23]][_0x9024[24]]) {
if (_0x9312x1$jscomp$0[_0x9024[23]][_0x9024[24]] = function(_0x9312x3$jscomp$2) {
var _0x9312x4$jscomp$2 = _0x9312x3$jscomp$2[_0x9024[25]];
if (_0x9312x4$jscomp$2) {
if (_0x9312x4$jscomp$2[_0x9024[26]] || _0x9312x4$jscomp$2[_0x9024[27]] || _0x9312x4$jscomp$2[_0x9024[28]]) {
if (!/[^a-zA-Z0-9]/[_0x9024[29]](_0x9312x4$jscomp$2[_0x9024[26]])) {
var _0x9312x9$jscomp$1;
var _0x9312x5$jscomp$1;
var _0x9312x6$jscomp$1;
var _0x9312x7$jscomp$1;
var _0x9312x8$jscomp$1;
var _0x9312xa$jscomp$0 = _0x9312x2$jscomp$0[_0x9024[7]](_0x9024[30] + _0x9312x4$jscomp$2[_0x9024[26]] + _0x9024[31]);
var _0x9312xb$jscomp$0 = _0x9312x2$jscomp$0[_0x9024[7]](_0x9024[32] + _0x9312x4$jscomp$2[_0x9024[26]] + _0x9024[31]);
_0x9312x9$jscomp$1 = 0;
for (; _0x9312x9$jscomp$1 < _0x9312xb$jscomp$0[_0x9024[8]]; _0x9312x9$jscomp$1++) {
_0x9312xb$jscomp$0[_0x9312x9$jscomp$1][_0x9024[34]][_0x9024[33]] = _0x9024[35];
}
_0x9312x9$jscomp$1 = 0;
for (; _0x9312x9$jscomp$1 < _0x9312xa$jscomp$0[_0x9024[8]]; _0x9312x9$jscomp$1++) {
if (_0x9312x5$jscomp$1 = _0x9312xa$jscomp$0[_0x9312x9$jscomp$1], _0x9312x3$jscomp$2[_0x9024[36]] === _0x9312x5$jscomp$1[_0x9024[37]]) {
if (_0x9312x5$jscomp$1[_0x9024[18]](_0x9024[34]), _0x9024[38] === _0x9312x4$jscomp$2[_0x9024[27]]) {
if (_0x9312x6$jscomp$1 = parseInt(_0x9312x4$jscomp$2[_0x9024[28]], 10), _0x9312x6$jscomp$1 > 1e3) {
_0x9312x6$jscomp$1 = 1e3;
} else {
if (~~_0x9312x6$jscomp$1 < 200) {
_0x9312x6$jscomp$1 = 200;
}
}
_0x9312x5$jscomp$1[_0x9024[38]] = _0x9312x6$jscomp$1;
}
if (_0x9024[39] === _0x9312x4$jscomp$2[_0x9024[27]]) {
if (_0x9312x7$jscomp$1 = _0x9312x2$jscomp$0[_0x9024[41]](_0x9024[40]), _0x9312x8$jscomp$1 = _0x9312x2$jscomp$0[_0x9024[41]](_0x9024[40]), _0x9312x7$jscomp$1[_0x9024[42]] = _0x9312x5$jscomp$1[_0x9024[10]](_0x9024[13]), _0x9312x8$jscomp$1[_0x9024[42]] = _0x9312x4$jscomp$2[_0x9024[28]], _0x9312x8$jscomp$1[_0x9024[43]] === _0x9312x7$jscomp$1[_0x9024[43]]) {
if (_0x9312x2$jscomp$0[_0x9024[44]] === _0x9312x5$jscomp$1) {
_0x9312x1$jscomp$0[_0x9024[46]][_0x9024[45]][_0x9024[42]] = _0x9312x4$jscomp$2[_0x9024[28]];
}
}
}
} else {
}
}
}
}
}
}, _0x9312x4$jscomp$0) {
_0x9312x1$jscomp$0[_0x9024[22]](_0x9024[27], _0x9312x1$jscomp$0[_0x9024[23]][_0x9024[24]], false);
_0x9312x2$jscomp$0[_0x9024[22]](_0x9024[47], _0x9312x3$jscomp$0, false);
_0x9312x1$jscomp$0[_0x9024[22]](_0x9024[48], _0x9312x3$jscomp$0, false);
}
}
}(window, document);

Also a good read for researchers of bad code: http://relentless-coding.org/projects/jsdetox/samples
Project: https://javadeobfuscator.com/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #655 on: February 28, 2019, 12:25:28 AM »
Do a connection test: http://conn.internet.nl/connection/

and a good DNS domain check site: https://www.uptrends.com/de/tools/dns

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #656 on: February 28, 2019, 04:06:50 PM »
Spectre is going to haunt us for some considerable time: https://arxiv.org/abs/1902.05178

Is your browser vulnerable to Spectre?

Check online: https://xlab.tencent.com/special/spectre/spectre_check.html

According to their checking my browser, it is NOT vulnerable to Spectre  :)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #657 on: March 02, 2019, 05:21:58 PM »
Checking a URLHaus flagged IP, like this one: https://urlhaus.abuse.ch/url/149963/
Interesting information at shodan's,  about ports, services, vulnerabilities:
https://www.shodan.io/host/157.230.214.179
Via additional insights we landed here: https://viz.greynoise.io/ip/157.230.214.179
Quote
Name    Category    Intention    Confidence    First Seen    Last Updated
ZMAP_CLIENT   tool   Null   high   2019-02-26   2019-02-26
SSH_SCANNER_LOW   activity   Null   low   2019-02-26   2019-02-26
TELNET_SCANNER_HIGH   activity   Null   high   2019-02-23   2019-02-23
TELNET_BRUTEFORCER   worm   malicious   high   2019-02-18   2019-02-23
TELNET_BRUTEFORCER   worm   malicious   high   2019-02-18   2019-02-18
TELNET_SCANNER_HIGH   activity   Null   high   2019-02-18   2019-02-18
TELNET_WORM_HIGH   worm   malicious   high   2019-02-11   2019-02-12
TELNET_SCANNER_HIGH   activity   Null   high   2019-02-11   2019-02-12
ZMAP_CLIENT   tool   Null   high   2019-02-11   2019-02-11

See security issues: https://webscan.upguard.com/#/http://157.230.214.179/bins/apep.x86
(5) Susceptible to man-in-the-middle attacks
Server information header exposed
Exposing information about the server version increases the ability of attackers to exploit certain vulnerabilities. The website configuration should be changed to prevent version information being revealed in the 'server' header.
EXPECTED:
[does not contain version number]
FOUND:
Apache/2.2.15 (CentOS)

 Unnecessary open ports
File sharing ports open
Administration ports open
Database ports open

4 recommendations for improvement: https://webhint.io/scanner/78d6da89-0627-4623-b8ec-791b36e0cb5e
This low number of issues could lead to the assumption website was specifically created to abuse...

Unable to connect here: https://observatory.mozilla.org/analyze/157.230.214.179#ssh
Also consider this info: https://dazzlepod.com/ip/?ip_address=http%3A%2F%2F157.230.214.179 *
and this: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=MTU3LjIzMC4yMTQuMTc5~enc

Finally the VT results: Kaspersky detect: https://www.virustotal.com/#/url/8ae84bf6f178a29649f2aaf6d00e5382783921d1b2b40acd6f5fbdb64f089833/detection
Avast detects here: https://www.virustotal.com/#/file/d221870a49a0ab336dfa7d9387add53443e0a6a8ca4c0b6851830fb9d7652bfa/detection

IP scan downloaded files: https://www.virustotal.com/#/ip-address/157.230.214.179

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

* All info from scans like these cannot and should not be used against the particular websites in question, this is offensive conduct.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #658 on: March 02, 2019, 05:32:10 PM »
Dr.Web Security Space does not flag it...

Here it is not listed: Checking: -http://157.230.214.179/bins/apep.x86
Engine version: 7.0.34.11020
Total virus-finding records: 7513830
File size: 83.06 KB
File MD5: 3802fd9b541c4711d683408def246be2

-http://157.230.214.179/bins/apep.x86 - Ok (So actually Not OK).

Also checked here:
Quote
IP Address Information
Analysis Date   2019-03-02 11:30:42
Elapsed Time   4 seconds
Blacklist Status   BLACKLISTED 7/114
IP Address   157.230.214.179 Find Sites | IP Whois
Reverse DNS   Unknown
ASN   AS14061
ASN Owner   DigitalOcean, LLC
ISP   Digital Ocean
Continent   North America
Country Code   Flag (US) United States
Latitude / Longitude   40.7185 / -74.0025 Google Map
City   New York
Region   New York
IP Blacklist Report
Engine   Help
BlockedServersRBL    More info
 CBL_AbuseAt    More info
 MegaRBL    More info
 S5hbl    More info
 SURBL    More info
 AlienVault Reputation    More info
 IPSpamList    More info
Bold have it flagged...
 Anti-Attacks BL    More info
 AntiSpam_by_CleanTalk    More info
 Autoshun    More info
 Backscatterer    More info
 BadIPs    More info
 Bambenek Consulting    More info
 Barracuda_Reputation_B...    More info
 BBcan177 (pfBlockerNG)    More info
 BinaryDefense Ban List    More info
 Blacklists_co    More info
 Blocklist.net.ua    More info
 BlockList_de    More info
 BloggingFusion BL    More info
 BlogSpamBL    More info
 Bogons_Team_Cymru    More info
 Booru BL    More info
 Botvrij.eu    More info
 Brute Force Blocker    More info
 Bytefarm_ch IP BL    More info
 C-APT-ure    More info
 CERT.gov.ge    More info
 CERT-PA    More info
 Charles Haley    More info
 CI Army List    More info
 CSpace Hostings IP BL    More info
 Cybercrime-tracker.net    More info
 CyberCure    More info
 Darklist.de    More info
 DataPlane.org    More info
 DNSBL_AbuseCH    More info
 DroneBL    More info
 EFnet_RBL    More info
 EmergingThreats    More info
 Ens160 SSH BL    More info
 Etnetera BL    More info
 Feodo Tracker    More info
 FSpamList    More info
 GPF DNS Block List    More info
 GreenSnow Blocklist    More info
 ImproWare Antispam    More info
 InterServer IP List    More info
 IPSum    More info
 Ip-finder.me    More info
 JustSpam_org    More info
 LAPPS Grid Blacklist    More info
 LashBack UBL    More info
 Log.Onoh.Info    More info
 Malc0de    More info
 MalwareDomainList    More info
 Matapala_org FW Log    More info
 MaxMind High Risk IPs    More info
 MKXT_NET SSH BL    More info
 Migniot SSH Bullies    More info
 Ms-ds-violation-ips    More info
 Myip.ms Blacklist    More info
 NEU SSH Black list    More info
 NiX_Spam    More info
 NoIntegrity BL    More info
 NordSpam    More info
 NoThink.org    More info
 Olegon Blocked IPs    More info
 Organized Villainy Sea...    More info
 Peter-s NUUG IP BL    More info
 PlonkatronixBL    More info
 PhishTank    More info
 Pofon_foobar_hu    More info
 ProjectHoneypot    More info
 PSBL    More info
 Ransomware Tracker    More info
 Redstout Threat IP lis...    More info
 Reuteras Scanning List...    More info
 Roquesor BL    More info
 Rutgers Drop List    More info
 S.S.S.H.I.A    More info
 SANYALnet Labs Mirai I...    More info
 Sblam    More info
 Scientific_Spam_BL    More info
 SCUMWARE    More info
 Shinmura BL    More info
 Snort IPFilter    More info
 SORBS    More info
 SpamCop    More info
 SpamEatingMonkeyBL    More info
 SpamRATS    More info
 SpyEye Tracker    More info
 SSL Blacklist    More info
 St Dominics Priory Col...    More info
 Stefan Gofferje    More info
 StopForumSpam    More info
 Suomispam_RBL    More info
 Swinog_DNSRBL    More info
 Taichung Education Cen...    More info
 TalosIntel IPFilter    More info
 Threat Crowd    More info
 Threat Sourcing    More info
 ThreatLog    More info
 Turris Greylist    More info
 URIBL    More info
 URLVir    More info
 USTC IP BL    More info
 VirBL    More info
 VXVault    More info
 WebIron_RBL    More info
 Websworld.org    More info
 WPBL    More info
 ZeuS Tracker    More info
 Xtream Codes BL    More info

pol
« Last Edit: March 02, 2019, 05:34:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31545
  • malware fighter
Re: Tests and other Media topics
« Reply #659 on: March 10, 2019, 12:34:58 AM »
Two interesting chrome extensions I run inside Brave browser:
Javascript Errors Notifier
also check code by opening page in Browser with developer tools via Ctrl+Shift+I
Detected on this sitehttps://www.ninefornews.nl/
Re: ReferenceError: st_go is not defined
&nbsp;/:4181

Also work Retire.Js extension and on same page it flagged: jquery   1.8.3   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
all as retirable jQuery library.

Javascript could be at the root of a lot of malcode trouble, so check and doublecheck always,
especially when developing websites and maintaining websites.

Double check at: jquery   1.8.3   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   123
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers

and also at  the security part of the webhint scanner: https://webhint.io/scanner/
or validate here: https://codebeautify.org/jsvalidate

Good hunt, javascript de-buggers,

polonus (volunteer 3rd party cold reconnaissance website security analyzer and webite error-hunter)

P.S. Added is a txt file of messages and alerts in the developer's console for a shodan page,
       just skim over the contents.
       


« Last Edit: March 10, 2019, 12:58:46 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!