Tests and other Media topics

[polonus]

IP scans: https://opentip.kaspersky.com/103.140.194.75/?tab=lookup
Re: https://maltiverse.com/ip/103.140.194.120
and https://www.abuseipdb.com/check/103.140.194.75

polonus

[polonus]

Checking on a brute-forcer's IP: https://viz.greynoise.io/ip/79.110.62.5
and https://www.abuseipdb.com/check/79.110.62.5

Vendors that flag this as malicious/suspicious: https://www.virustotal.com/gui/url/1bd1ec82ad59580b640ac85a2609ff4aa29660ccf9194c0d0076e06947db41cf

Not recommended site as by Dr. Web's. ( https://ipinfo.io/AS215766/79.110.62.0/24)
See: https://sitereport.netcraft.com/?url=https://79.110.62.5

polonus

[polonus]

Another additional scanner with a range of scan results.

Cloudflare Radar -> random example. -> https://radar.cloudflare.com/ip/36.74.75.199
Compare with: https://www.abuseipdb.com/check/36.74.75.199
and: https://www.shodan.io/search?query=%09telkom.co.id
Re: https://radar.cloudflare.com/scan/c91c18cb-89cd-47f5-bb6a-1e7ce44edeca/summary

polonus

[polonus]

To be combined with other scanners for more reliable results (e.g. with PHISHING scams):

https://vulnscanner.ai/   can be combined with https://hackertarget.com/wordpress-security-scan/

https://checksite.ai/  can be combined with VT scan.

enjoy my friends,

polonus

[polonus]

Want to find out how your Android app is tracking you?

Go here: https://reports.exodus-privacy.eu.org/en/     for a survey of trackers and permissions.

Example: https://reports.exodus-privacy.eu.org/en/reports/com.avast.android.mobilesecurity/latest/

polonus

[polonus]

When checking on an IP reported here: https://www.abuseipdb.com/

We could also look for vulnerabilities here: https://www.shodan.io/

polonus

[polonus]

Based on the information provided by GreyNoise Visualizer, the IP address 193.32.162.15 is categorized as malicious hosting, being associated with the organization Unmanaged Ltd. The activity observed from this IP address indicates scanning of ports and protocols, along with requested paths. Additionally, there are fingerprints of SSH and TLS negotiation between this IP and the GreyNoise sensor.

The timeline feature on GreyNoise Visualizer would provide a chronological view of the observed activity associated with the IP address 193.32.162.15. This timeline may include details of when the scanning activities occurred, which ports and protocols were targeted, the paths that were requested, and any interactions involving SSH and TLS. This timeline can be valuable in understanding the pattern of malicious behavior exhibited by the IP address, allowing for better threat analysis and response. It is important to monitor this timeline closely and take appropriate security measures to protect systems and networks from potential attacks originating from this IP address.

Only 1 vendor to flag as malicious: https://www.virustotal.com/gui/url/14516652f0be7305c124c3980fbd799285de9f74195dcef74b697677ea761d86/community

polonus

[mchain]

Posting your findings does help.

Now up to 6 vendors.

[polonus]

See all the vulnerabilities here: https://www.shodan.io/host/92.118.149.230

Where IP was reported: https://www.abuseipdb.com/check/92.118.149.230

There is only one vendor to flag here: https://www.virustotal.com/gui/url/59e4d089e75784e31456958c3adb672fa0a0a989a0f02f52c71e03b5f6d9f86e?nocache=1

polonus

[polonus]

The server at 92.118.1499.230 may be vulnerable to the following security issues:

CVE-2023-51767: Row hammer attacks on OpenSSH through 9.6, which could allow authentication bypass if the attacker has user privileges and is co-located with the victim.
CVE-2023-51385: OS command injection in OpenSSH before 9.6, which could occur if a user name or host name has shell metacharacters and is referenced by an expansion token.
CVE-2023-51384: Incomplete application of destination constraints in ssh-agent in OpenSSH before 9.6, which could allow certain private keys to be added to the agent without proper constraints.
CVE-2023-48795: Terrapin attack in SSH transport protocol, which allows remote attackers to bypass integrity checks and downgrade or disable security features.
CVE-2023-38408: Remote code execution in ssh-agent in OpenSSH before 9.3p2 due to an insufficiently trustworthy search path.
CVE-2021-41617: Privilege escalation in OpenSSH 6.2 through 8.x due to insufficient initialization of supplemental groups.
CVE-2021-36368: Potential authentication bypass in OpenSSH before 8.9 due to lack of logging and verification of FIDO authentication.
CVE-2016-20012: User enumeration in OpenSSH through 8.7, which allows remote attackers to test whether a certain combination of username and public key is known to an SSH server.
CVE-2008-3844: Trojan horse modification in certain Red Hat Enterprise Linux packages for OpenSSH, which could have an unknown impact.
CVE-2007-2768: User account enumeration in OpenSSH when using OPIE for PAM, which allows remote attackers to determine the existence of certain user accounts.
It is important to note that not all of these vulnerabilities may be applicable to your specific server configuration, and that some may have been addressed in newer versions of OpenSSH. It is recommended to update your OpenSSH version to the latest available and to apply any necessary patches or workarounds to mitigate these vulnerabilities.

info source deepai: from shodan.io data provided to it,

polonus