« previous next »
Pages: [1]   Go Down

Author Topic: Issues on a PHISHING domain and with hosting...  (Read 987 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Issues on a PHISHING domain and with hosting...
« on: January 11, 2018, 03:31:35 PM »
Checking on domain configuration and certificate installed...

For this PHISHING domain: -guru.cr

Re: https://toolbar.netcraft.com/site_report?url=guru.cr
Re: https://cryptoreport.websecurity.symantec.com/checker/
Results:
Quote
Certificate is installed correctly
Common name:
 guru.cr
SAN:
 guru.cr, cpanel.guru.cr, gurucr.com, mail.guru.cr, mail.gurucr.com, webdisk.guru.cr, webmail.guru.cr, whm.guru.cr, www.guru.cr, www.gurucr.com
Valid from:
 2017-Dec-29 00:00:00 GMT
Valid to:
 2018-Mar-29 23:59:59 GMT
Certificate status:
 Valid
Revocation check method:
 OCSP
Organization:
 
Organizational unit:
 
City/locality:
 
State/province:
 
Country:
 
Certificate Transparency:
 Not embedded in certificate
Serial number:
 f549d40077ef9ca14b21b7a669b991f1
Algorithm type:
 SHA256withRSA
Key size:
 2048
Certificate chainShow details
COMODO RSA Certification AuthorityIntermediate certificate
cPanel, Inc. Certification AuthorityIntermediate certificate
guru.crTested certificate
Server configuration
Host name:
 198.23.60.248
Server type:
 Apache
IP address:
 198.23.60.248
Port number:
 443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
 Enabled
Downgrade attack prevention:
 Enabled
Next Protocol Negotiation:
 Not Enabled
Session resumption (caching):
 Enabled
Session resumption (tickets):
 Enabled
Strict Transport Security (HSTS):
 Not Enabled
SSL/TLS compression:
 Not Enabled
Heartbeat (extension):
 Enabled
RC4:
 Not Enabled
OCSP stapling:
 Not Enabled

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Cipher suites enabled:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xC012)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030)

11 issues here: https://mxtoolbox.com/domain/guru.cr/

F-grade status and recommendation and further scans: https://observatory.mozilla.org/analyze.html?host=guru.cr

Flagged: http://urlquery.net/report/80affa33-f2af-40e6-b824-6888dd8fb762

Also consider: https://urlscan.io/domain/guru.cr  -> -> https://urlscan.io/result/32d9da5e-c460-4f4e-8857-0f10341263f2/#summary

On the hosting https://privacyscore.org/site/36943/  (website does not offer https and other issues)

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »