« previous next »
Pages: [1]   Go Down

Author Topic: Should this site be blocked?  (Read 1441 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Should this site be blocked?
« on: March 30, 2019, 06:06:06 PM »
Re: https://www.shodan.io/search?query=termabania.pl
Moved permanently: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dHt9bXxifG5bfC5wbA%3D%3D~enc
Given as OK: https://www.virustotal.com/nl/url/86ad000a403e5636f7bb0b4083bfb3c4fcc8570f61e98ef46a693ac6fc845bba/analysis/1553963942/
Given as suspicious here: https://quttera.com/detailed_report/bilety2017.termabania.pl  *
Failed Scan and TLS cert expired: https://sitecheck.sucuri.net/results/bilety2017.termabania.pl  exp. date = 15 jan. 2019

* Suspicious scripts and cryptominer script detected: 48 instances.

Vuln. jQuery libraries - 4 to be retired: https://retire.insecurity.today/#!/scan/04e2d135472573925417635fab1b0b7d7f0277205da2ac96895f9868138d6156

DOM-XSS scan results: Results from scanning URL: -http://termabania.pl
Number of sources found: 4 ; number of sinks found: 178
&
Results from scanning URL: //js.profitroom.pl/langstart/dist/lang-start.js
Number of sources found: 539 ; number of sinks found: 108

polonus (volunteer 3rd party cold reconniassance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Should this site be blocked?
« Reply #1 on: March 31, 2019, 02:18:53 PM »
Quote
Your connection is not secure

The owner of -bilety2017.termabania.pl has configured their website improperly. To protect your information from being stolen,
Cliqz has not connected to this website.

Websites prove their identity via certificates, which are issued by certificate authorities. Most browsers no longer trust certificates issued by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign. bilety2017.termabania.pl uses a certificate from one of these authorities and so the website’s identity cannot be proven.

You may notify the website’s administrator about this problem.
  Or not go there in the first place - 26 private points to avoid, and 6 ads to be blocked.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Should this site be blocked?
« Reply #2 on: March 31, 2019, 10:10:34 PM »
Another PHISHING site to be blocked: https://urlquery.net/report/b6e51aa3-d50e-46ed-9280-88e1af6c9bac
Blacklisted: https://sitecheck.sucuri.net/results/mautic.mvm.si
Pop-up code found: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bXx1dFteLm12bS5zW2BzYGxdZ1tu~enc
Retire.js detected:
bootstrap   3.1.1   Found in -https://mautic.mvm.si/media/js/libraries.js?va4bdbc4f - Vulnerability info:
high   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
jquery   2.1.1   Found in -https://mautic.mvm.si/media/js/libraries.js?va4bdbc4f - Vulnerability info:
medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »