Author Topic: Certification abuse on Webzilla domain?  (Read 183 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 29953
  • malware fighter
Certification abuse on Webzilla domain?
« on: October 12, 2017, 10:54:22 PM »
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=CPMOFFERCONVERT.COM&ref_sel=GSP2&ua_sel=ff&fs=1
Error: Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Root installed on the server.
For best practices, remove the self-signed root from the server.
Quote
Certificate information
Common name:
 WRONG.hostname
SAN:
 
Valid from:
 2016-Dec-05 15:44:49 GMT
Valid to:
 2026-Dec-03 15:44:49 GMT
Certificate status:
 Unknown
Revocation check method:
 Not available
Organization:
 Something went wrong
Organizational unit:
 
City/locality:
 
State/province:
 Neverhood
Country:
 --
Certificate Transparency:
 Not embedded in certificate
Serial number:
 00df02d3f89f010cc0
Algorithm type:
 SHA256withRSA
Key size:
 4096
ssl-cert: Subject: commonName=WRONG.hostname/organizationName=Something went wrong/stateOrProvinceName=Neverhood/countryName=--

6 problems: https://mxtoolbox.com/domain/cpmofferconvert.com/

ttp://CPMOFFERCONVERT.COM -> 199.80.54.51 urlquery -> 188.164.255.19
See: http://toolbar.netcraft.com/site_report?url=http://199.80.54.51
See: http://toolbar.netcraft.com/site_report?url=199.80.54.51 WZ Communications Inc. abuse...

F-grade status: https://observatory.mozilla.org/analyze.html?host=cpmofferconvert.com

Alerts: https://urlquery.net/report/c31fddae-15e2-4270-a118-6405fb0b332f

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 29953
  • malware fighter
Re: Certification abuse on Webzilla domain?
« Reply #1 on: October 12, 2017, 11:32:13 PM »
Good to keep an eye here: https://sslbl.abuse.ch/blacklist/   

Use of the SSL Blacklist is free for both commercial and non-commercial usage without any limitation
if you are a commercial vendor of security software/services and you want to integrate data from the SSL Blacklist into your products / services, you will have to ask for permission first by contacting me using the email address provided as https://abuse.ch/#contact


pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!