Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Only Fortinet's to flag? Misused or abused server on IP?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Only Fortinet's to flag? Misused or abused server on IP? (Read 1636 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33898
malware fighter
Only Fortinet's to flag? Misused or abused server on IP?
«
on:
September 16, 2017, 07:06:41 PM »
Consider the following scan reults - 16 instances of malware here:
https://urlquery.net/report/1fc750b2-22ef-435a-b1ad-ac62db98a60a
Re:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fthe-rocket.ru%2F
Re:
http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.the-rocket.ru%2F&useragent=Fetch+useragent&accept_encoding=
Just only Fortinet's to flag:
https://www.virustotal.com/en/url/0cc74908348e09d062f7e68dd108eec052d651b5598cc4c4547d3a1f2ba98712/analysis/#additional-info
Quttera does not have it:
https://quttera.com/detailed_report/www.the-rocket.ru
nor has Sucuri's:
https://sitecheck.sucuri.net/results/www.the-rocket.ru#blacklist-status
2 vulnerable retirable libraries:
http://retire.insecurity.today/#!/scan/39e01c6d4c95884adbe7dfe3c7def58d0cd6d65b0711ab12e13f3f741734be20
F-Grade status and recommendation:
https://observatory.mozilla.org/analyze.html?host=www.the-rocket.ru
Set-Cookie The 'httpOnly' flag is not set on this cookie.
Abuse reported for IP:
https://www.abuseipdb.com/check/62.213.75.4
Javascript api issue on: assets/5bc9acfa/jquery.yiiactiveform.js
When one runs the code, it works correctly, in that changing the drop-down causes the form to be loaded, but client validation is not happening in the form, and jquery.yiiactiveform.js is not loaded. (report credits go to Paul T.)
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33898
malware fighter
Re: Only Fortinet's to flag? Misused or abused server on IP?
«
Reply #1 on:
September 16, 2017, 07:26:09 PM »
This restricted by McAfee's browser extension:
http://www.siteadvisor.com/restricted.html?domain=http:%2F%2Fwww.the-rocket.ru%2Fassets%2F5bc9acfa%2Fjquery.yiiactiveform.js&originalURL=-1434340421&pip=false&premium=false&client_uid=1241509284&client_ver=4.0.6.161&client_type=IEPlugin&suite=false&aff_id=662-187&locale=nl_nl&ui=1&os_ver=6.3.0.0
With a 28% score this site does not run latest technology neither has best policies:
https://en.internet.nl/domain/www.the-rocket.ru/95431/
unlike reported SSL certificate wS not found. The trust chain of your website certificate is not complete and/or not signed by a trusted root certificate authority. see security rating for the plesk default server page for that ip:
http://toolbar.netcraft.com/site_report?url=http://62.213.75.4
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33898
malware fighter
Re: Only Fortinet's to flag? Misused or abused server on IP?
«
Reply #2 on:
September 28, 2017, 10:54:10 PM »
Update on IP
:
https://urlquery.net/report/e18b0c24-4169-4eff-8f14-5df6637ab74a
found 52% to be suspicious:
https://zulu.zscaler.com/report/5ce283b9-abc3-4372-ac39-63290d4592a1
More on IP:
https://www.abuseipdb.com/check/62.213.75.4
Re:
https://www.virustotal.com/#/url/66aecd0b825e585b4cdaee6ee08405f7b6588bc9e20c8291860682a438fd11ad/detection
line:8: Bootstrap's JavaScript requires jQuery
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33898
malware fighter
Re: Only Fortinet's to flag? Misused or abused server on IP?
«
Reply #3 on:
October 07, 2017, 08:01:50 PM »
update:
https://urlquery.net/report/fd89c6ec-7c7d-47fc-b877-ff3f69c3efbe
also:
https://zulu.zscaler.com/report/5ce283b9-abc3-4372-ac39-63290d4592a1
on domain default page report ->
http://toolbar.netcraft.com/site_report?url=http://62.213.75.4
= htxp://node-62-213-75-4.it-virtualization.ru/
MySQL (3306) 3306 Port open. Server response: R 5.5.56-MariaDBn )=7
http://as-rank.caida.org/?mode0=as-info&mode1=as-table&as=205952&data-selected-id=30
Sitevet has no data on AS 205952
on certificate on the nameserver - You have 2 errors
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
The certificate has expired.
The certificate has expired. This server is not secure.
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Plesk root certificate on root for -node-62-213-75-4.it-virtualization.ru
Background read:
http://blog.passivetotal.org/know-your-foe-all-the-networks-subnets-and-as/
polonus
«
Last Edit: October 07, 2017, 08:23:59 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33898
malware fighter
Re: Only Fortinet's to flag? Misused or abused server on IP?
«
Reply #4 on:
October 10, 2017, 05:44:41 PM »
Update:
https://urlquery.net/report/f89cac57-94a8-4810-b785-c14b2684a70a
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Only Fortinet's to flag? Misused or abused server on IP?