Author Topic: Internal server error after site had SE redirect on DROWn vuln. nameserver....  (Read 1552 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Here apparently some things went wrong: http://killmalware.com/zawari.ru/# 
I get: Error occurred: 500 - internal server error

Apache Server at: s1102998-69335.hostingspace.pro -> http://toolbar.netcraft.com/site_report?url=http://s1102998-69335.hostingspace.pro
and https://test.drownattack.com/?site=ns1.pa.infobox.ru

Threat events for that IP: https://cymon.io/109.120.162.19
Reporting sources: quttera.com, vxvault, dnsbl-3.uceprotect.net, dnsbl.ahbl.org, tor.ahbl.org, virustotal.com, alienvault reputation, urlquery.net, phishtank, cleanmx-phishing

Re: https://www.threatcrowd.org/ip.php?ip=109.120.162.19  - https://www.threatminer.org/host.php?q=109.120.162.19

Re: https://www.scumware.org/report/109.120.162.19.html  -  https://www.urlquery.net/report.php?id=1453517073338

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
There is a discussion on the Russian Adguard adblocker forum, mentioning malware existing on IP.
 
Going to the IP I get
Quote
Domain Default page
If you see this page it means that Apache Domain Service for this domain is locked, or there's no such Apache Domain Service registered in Operations Automation.
For more information please contact your service provider.
-> ProFTPD 1.3.3g Plesk issue? Operations Automation Default Page Service Info: OS: Unix
Vulnerable to Clickjacking. INFOBOX-AS Infobox.ru Autonomous System, RU - Blacklisted URLs: 54 re: http://sitevet.com/db/asn/AS30968

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!