Author Topic: Suspicious website flagged for PHISHING...avast detects!  (Read 1585 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Suspicious website flagged for PHISHING...avast detects!
« on: May 29, 2019, 07:09:30 PM »
Re: https://urlquery.net/report/ab235def-4e55-43fa-a646-47618963f731
Re: Security Checks for -signcompanieshawaii.icu
(4) Domain at risk of being hijacked
Malware may be present
(4) Susceptible to man-in-the-middle attacks
Emails can be fraudulently sent
DNS is susceptible to man-in-the-middle attacks
One detects: https://www.virustotal.com/#/url/f1b2f6fc9b508db0a5cf0c137314915e7e2d9c8d84cf4aca06376183aaee1688/detection
Flagged by Google: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c1tnbl5dbXB8blt7c2h8d3xbWy5bXnVgYl14YGZbbHtgbnt3cHxne2B8Xl5ddW50~enc
46 hints to improve website: https://webhint.io/scanner/5eb17826-23e3-4031-a315-24fab9b505a1
of which 17 security related.
10 red out of 10 risk score: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fsigncompanieshawaii.icu%2Fbox%2Ffile%2Fnewpage%2Faccount
Detections on IP: https://www.virustotal.com/#/ip-address/104.24.119.56

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Suspicious website flagged for PHISHING...avast detects!
« Reply #1 on: May 29, 2019, 07:49:15 PM »
This one NOT detected by avast? Website is sleeping.
Website owners can wake website from sleep in members area

000webhost
Wake website from sleep  -> https://urlquery.net/report/d00c449e-a515-410c-9dee-998b00f5fcf9
Re: vuln. to MiM attack: https://app.upguard.com/#/http://dolphinsolutionnal.000webhostapp.com/notificationn.php?email=kmiller@fleckens.hu  PHISHING

On IP -> https://www.virustotal.com/#/ip-address/145.14.145.158   see: https://www.shodan.io/host/145.14.145.158

Netcraft risk 7 red out of 10: https://toolbar.netcraft.com/site_report?url=http://dolphinsolutionnal.000webhostapp.com/notificationn.php?email=kmiller@fleckens.hu

I get:
Quote
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-api.opmnstr.com/v1/optin/13439/673828:1 Failed to load resource: the server responded with a status of 410 ()
-api.min.js:2 [OptinMonster] The campaign could not be retrieved. The following error was returned: A campaign with the ID 673828 does not exist.
Pt.error @ -api.min.js:2
(index):1 Failed to load resource: the server responded with a status of 403 (Forbidden)

Hostinger abuse -https://www.000webhost.com/cpanel-login?utm_source=000&utm_medium=website-sleeping&utm_campaign=pages
There: Retire.js
jquery   3.3.1.min   Found in -https://code.jquery.com/jquery-3.3.1.min.js
Vulnerability info:
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
jquery   3.3.1.min   Found in -https://code.jquery.com/jquery-3.3.1.min.js
Vulnerability info:
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   

Suricata IDS alert "   ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)  "
Exploitable plug-in: https://www.pluginvulnerabilities.com/tag/optinmonster/
Re: https://www.hybrid-analysis.com/sample/1ef7cdc06a770692a679999fa02ede2d39f3036fb4fbf75196b18ceb4d4caede?environmentId=100

Also consider for awex web server: https://www.openbugbounty.org/reports/154459/
shellshock vuln?
polonus
« Last Edit: May 29, 2019, 08:26:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!