« previous next »
Pages: [1]   Go Down

Author Topic: Could this webpage have a sedo parking hijacker?  (Read 1002 times)

0 Members and 2 Guests are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34057
  • malware fighter
Could this webpage have a sedo parking hijacker?
« on: April 04, 2017, 01:14:46 PM »
I went here: -http://www.cs.put.poznan.pl/ddwornikowski/sieci/sieci2/dns.html
Then visited a specially code page written with a special DNS-code - xn–w-uga1v8h.pl.
Re: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fxn--w-uga1v8h.pl%2F
Global Sign Certificated but wrongly installed: xn--w-uga1v8h.pl

You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
SSLv3
Your server's encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure.
TLS1.2
This server is vulnerable to a TLS renegotiation attack.
This server is vulnerable to:
SSL/TLS Compression
This server is vulnerable to a CRIME attack.
Poodle (SSLv3 protocol)
This server is vulnerable to a Poodle (SSLv3) attack.

Re: http://whois.domaintools.com/xn--w-uga1v8h.pl  See code with adblockkey: -https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=xn--w-uga1v8h.pl&ref_sel=GSP2&ua_sel=ff&fs=1

So we check whether it pays to be whitelisted through ABP?   No match for that domain or premium.pl

Do not forget either the IP is flagged for locky ransomeware: https://ransomwaretracker.abuse.ch/ip/72.52.4.120/

Akamai abuse: https://otx.alienvault.com/indicator/ip/72.52.4.120/
Previously malicious IP: http://cyberwarzone.com/malicious-history-of-72-52-4-120/
Re: https://www.virustotal.com/en/url/b3dd258492c1452fca124371ad8572ccedb59550bcdf2ff3754a5992b13ed4d6/analysis/1491304435/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »