« previous next »
Pages: [1]   Go Down

Author Topic: Placeholder PHISHING site being flagged?  (Read 900 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33927
  • malware fighter
Placeholder PHISHING site being flagged?
« on: August 25, 2017, 11:52:59 AM »
See: http://toolbar.netcraft.com/site_report?url=http://0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu
See: https://urlquery.net/report/748e16f2-9eb3-49da-8795-6c2014afabff
Self-signed certificate is installed with a local host root certificate for -d230.1eurohosting.nl for -b-smarthosting.net.
Placeholder for sub-domain: -https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Hostname: -d263.webcreators.nl on a Let's Encrypt certificate.
IP with low trusting sites, scam...Scam Advider falls for the scam here: https://www.scamadviser.com/check-website/0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu
56% chance the compromittal was performed from either Norway or Sweden.
See report: https://threatintelligenceplatform.com/report/0182gc0o1280hg1fc279g2d71c9gf79cg791ogocg71gc738713192icgq2ug9i.vanstrij.nu/DquEWge2QW  Configuration leak: MySQL (3306)   3306   Port open. Server response: GÿjHost '64.140.160.2' is not allowed to connect to this MariaDB server, where MaraDB on CentOS 6/RHEL6 would still be exploitable to Remote Root Code Execution Vulnerability CVE-2016-6662!?!

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: August 25, 2017, 11:59:49 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »