Zenmate FW blocked for me to go to: hxtp://raneevahijab.id/
Why? See:
https://urlscan.io/result/d230a4be-f5a0-476a-ad3b-f53af1e6619a/ where IP is not being flagged,
but here, where it is flagged:
https://www.virustotal.com/gui/ip-address/103.24.13.91/relationswith various abuse from that particular IP.
https://totalhash.cymru.com/network/?ip:103.24.13.91 does not have it.
Misconfigured _>
https://urlscan.io/result/d230a4be-f5a0-476a-ad3b-f53af1e6619a/#transactions (pocong-website:))
Abuse on: -https://www.cbncloud.co.id/
Retire.js
jPlayer 2.1.0 Found in -https://www.cbncloud.co.id/wp-content/themes/bridge/js/plugins.js?ver=4.9.5
Vulnerability info:
High CVE-2013-2023 2.3.1 XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component 12
High CVE-2013-2022 2.3.23 XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component
High CVE-2013-1942 2.2.20 XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component
jquery-ui-dialog 1.10.2 Found in -https://www.cbncloud.co.id/wp-content/themes/bridge/js/plugins.js?ver=4.9.5
Vulnerability info:
High CVE-2016-7103 281 XSS Vulnerability on closeText option
jquery 1.12.4 Found in -https://www.cbncloud.co.id/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Insecure identifiers:
Unique IDs about your web browsing habits have been insecurely sent to third parties.
202=ioz_-wcf3gczrsx07v7o9ggmbmw_tcps_0vv2uscpacshjj-gepp4e6ovzvolruqrdi0rl3zn28sdqd9gn_kmaXXXXXXXXXXXXXzs4g6xjnsevyzm47ynfqfbxwsrpgmzuc2ab1ff9f4t3yywp2po3asoxwxcl_qg8v8-2skfg0
-www.google.com ID
Vulnerable -> Nginx, headers - 1.14.0
7.8
CVE-2018-16844
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
7.8
CVE-2018-16843
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
7.8
CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
5.8
CVE-2019-20372
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
4.3
polonus (volunteer 3rd party cold reconnaissance website-security-analyst and website error-hunter)
