Author Topic: Comcast domain with malware and a PHISH alerted by Google Safebrowsing!  (Read 1784 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
See: http://urlquery.net/report.php?id=1492728181079
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=executivebillard.com&ref_sel=GSP2&ua_sel=ff&fs=1
6 flag: https://www.virustotal.com/pl/url/9bbcb8495bb024804bef95525b7c2d8ee6b339fe217927b3b8d332f20179856a/analysis/1492771689/
6 blacklisted links: https://quttera.com/detailed_report/executivebillard.com
PHISH: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=executivebillard.com
Index page missing. Directory and file listing permitted.
<h1>Index of /</h1> F-status and recommended change: https://observatory.mozilla.org/analyze.html?host=executivebillard.com
Errors in Comodo RSA Cert.: You have 2 errors
The certificate has expired.
The certificate has expired. This server is not secure.
Certificates installed in the wrong order.
Some certificates in the chain are installed in the wrong order. See details below. Reinstall the certificates in the proper order.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Here it is not showing: http://96-67-21-129-static.hfc.comcastbusiness.net/cgi-sys/defaultwebpage.cgi
Not present: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2F96.67.21.129%2Fcgi-sys%2Fdefaultwebpage.cgi
Google Safebrowser warning for that domain (insecure connection): http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fexecutivebillard.com%2F
Consider: https://urlscan.io/result/8a6fe31a-137f-401c-85cb-a6d79044d452#summary
and https://urlscan.io/api/v1/result/8a6fe31a-137f-401c-85cb-a6d79044d452/

! It looks like your domain/URL is currently flagged by Google under the Social Engineering (Phishing and Deceptive Sites) category:
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=executivebillard.com&ref_sel=GSP2&ua_sel=ff&fs=1

Found the error: resource-exhausted
Quote
By default the project based quota for google analytics is 50000 requests. If you have a large number of users all making requests you can quickly run out of quota. Once you hit this quota there is nothing that can be done the application is locked out until the quota is reset at midnight west cost USA time.

What can be done to avoid it. First off the author of the plugin needs to request an additional quota so that they can service their users better they should also be checking this periodically so that there users never see it. Its probably going to take them a month to get approved for additional quota. As a user you can help by only making requests that you need to make there by not using to much of the daily quota up.
Quote info credit goes to StackOverflow's DalmTo.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Another one at Comcast in the category phishing: http://urlquery.net/report.php?id=1491529473061
Confirmed threats here: http://sitevet.com/db/asn/AS7922  (current events ongoing and spam activity on this AS).
WordPress Version
4.4.9
Version does not appear to be latest 4.7.3 - update now.

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

w3-total-cache 0.9.4.1   latest release (0.9.5.2) Update required
https://www.w3-edge.com/wordpress-plugins/w3-total-cache/
contact-form-7 4.3.1   latest release (4.7) Update required
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Retirable code library: http://retire.insecurity.today/#!/scan/9a131b64dede30cc7f6d14ebc46c1b7b8521d422cc149b04c0d630d8d6c58247

F-I-D-X-status: https://observatory.mozilla.org/analyze.html?host=www.divishadende.com

See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.divishadende.com&ref_sel=GSP2&ua_sel=ff&fs=1

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: April 21, 2017, 07:16:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 113
URL detections created.