Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Another website amidst a real tsunami wave of PHISHING...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Another website amidst a real tsunami wave of PHISHING... (Read 1629 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Another website amidst a real tsunami wave of PHISHING...
«
on:
January 12, 2019, 11:11:04 PM »
See blacklisted for that reason:
https://urlquery.net/report/1c5d4ff4-3f4c-4897-b45e-453e73fdf138
What is bootstrap.js doing here? ->
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bXtudF19Zn17W2dodC5eXS56fGA%3D~enc
263 hints for improvement of that site:
https://webhint.io/scanner/82d5060c-bb8f-41bd-abae-bd98a864a297
Main threats reported here:
https://webscan.upguard.com/#/http://mentorfreight.co.za
Vulnerable with bootstrap v.3.3.4 - Scan results of URL: htxp://localtimes.info/world_clock2.html?&cp1_Hex=000000&cp2_Hex=FFFFFF&cp3_Hex=000000&fwdt=110&ham=0&hbg=1&hfg=0&sid=0&mon=0&wek=0&wkf=0&sep=0&widget_number=11000&lcid=UKXX0085,CHXX0008,FRXX0076,USCA0638,USNY0996,INXX0087,ASXX0112
Number of sources found: 46 ; number of sinks found: 33 Just like we assumed,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Another website amidst a real tsunami wave of PHISHING...
«
Reply #1 on:
January 13, 2019, 06:05:22 PM »
On the XSS in data-target attribute for bootstrap.js:
Bootstrap.js is vulnerable here because of
Quote
return $(target)
in the code.
Read:
https://github.com/twbs/bootstrap/issues/20184
See:
https://retire.insecurity.today/#!/scan/9727271311f3e7c1d9a71eac683bb7705dd1518e842ced17c5001162e16d6db0
Bootstrap v3.3.4 is no longer developed or supported. All work has moved onto next major release, v4. (info credits go to mdo&team)
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Another website amidst a real tsunami wave of PHISHING...
«
Reply #2 on:
January 14, 2019, 05:51:56 PM »
Another PHISH according to some confirming scan sites:
https://urlquery.net/report/5eee54e7-badd-4899-93bb-5a79d44b3f06
and via phishcheck {"sid": 167824, "is_success": true}
On AS:
https://radar.qrator.net/as31624
and
https://www.malwareurl.com/ns_listing.php?as=AS31624
and
https://checkphish.ai/asn/AS31624
on IP:
https://otx.alienvault.com/indicator/ip/195.20.47.121
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Another website amidst a real tsunami wave of PHISHING...