Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
502 bad gateway alert for Word Press site under maintanance
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: 502 bad gateway alert for Word Press site under maintanance (Read 1306 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
502 bad gateway alert for Word Press site under maintanance
«
on:
April 25, 2019, 01:34:17 PM »
Re:
https://urlquery.net/report/07f2e134-a78b-4207-b3af-40c0b36e234e
Security risk and vulnerable PHP version:
https://sitecheck.sucuri.net/results/alternativefakta.no
35 hints:
https://webhint.io/scanner/47fac548-f358-45cf-b2ce-f5d79c60aaf6
502 Bad Gateway
nginx/1.14.0 (Ubuntu) 530 Login incorrect ->
https://www.shodan.io/search?query=83.143.83.230%2F
and correctly:
https://www.shodan.io/host/83.143.83.230
with various vulnerabilities and Prototype issues,
lying at the base of later developments like node.js:
https://www.cvedetails.com/vulnerability-list/vendor_id-6541/Prototypejs.html
ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) alerted.. -https://byr949.stwserver.net
insecure connection -> NET::ERR_CERT_COMMON_NAME_INVALID, hence QED.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Re: 502 bad gateway alert for Word Press site under maintanance
«
Reply #1 on:
April 25, 2019, 02:56:00 PM »
Example of cPanel abuse:
https://www.shodan.io/search?
query=https%3A%2F%2Fn3plcpnl0241.prod.ams3.secureserver.net%3A2083%2F
Detected as Win32.Trojan.Raasj.Auto
Found because of
https://urlquery.net/report/0014f23f-b9ed-40f4-b9d0-ae2202c6a29d
*
See:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bXxzczAzLnh5eg%3D%3D~enc
and consider:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bjNwbF5wbmwwMjQxLnB9XSMufG1zMy5ze151fXtze312e30ubnt0OjIwODNg~enc
GoDaddy abuse at -https://n3plcpnl0241.prod.ams3.secureserver.net:2083/
7 red out of 10:
https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fn3plcpnl0241.prod.ams3.secureserver.net%3A2083%2F
See various detections here:
https://www.virustotal.com/#/ip-address/160.153.157.138
as malicious and PHISHing...
For * Security Checks for mass03.xyz (instances of)
(3) Domain at risk of being hijacked
(4) Susceptible to man-in-the-middle attacks
(3) Unnecessary open ports
DNS is susceptible to man-in-the-middle attacks
polonus
«
Last Edit: April 25, 2019, 03:05:18 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
502 bad gateway alert for Word Press site under maintanance