« previous next »
Pages: [1]   Go Down

Author Topic: wp-missed-schedule-code and link to parking redcoruna dot com?  (Read 3551 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
wp-missed-schedule-code and link to parking redcoruna dot com?
« on: May 31, 2020, 06:11:50 PM »
Some  Word Press website - <link rel="pingback" href="htXps://something.xx/xmlrpc.php" />

<!--Plugin WP Missed Schedule Active - Secured with Genuine Authenticity KeyTag-->

<!-- This site is patched against a big problem not solved since WordPress 2.5 -->

A long exisiting problem in Word Press CMS

Then somehow landing at -http://humanstxt.org/cgi-sys/defaultwebpage.cgi -> iFrame -> hxtp://parking.redcoruna.com/redcoruna.html
-> -https://www.accessify.com/r/parking.redcoruna.com  * plug-in code from -https://s0.wp.com/_static/??-eJylk9tuwyAMhl9oxEFVTxfTHmUi4KRuOQlD0r79yLr0YtIirb3C+P/9WYCBKQodfEaf4cxgcCSN8dqc+Q2qRF7bYpC/NeIMI3oT0izFYG89Wds48ot9IUVbBvIMfbFWMGUUaCiTH8RdASkPx51s5Q48ThyVvojOBn356VLjag2c+Z4WI+H0V5Oh1G2HaahKQjg0smnFFHVw0BWyBkgePJA3eH0aYYITCZW5vchRUr6KQNYqojhlZ9dJz16+VikURrty9a6IpctEZsDMgKWq4UIorJogo4tWZfyVX+EoU+dIdCqBU5wx1UiEEVOiefweuX8Scqqn47UinSn4uegRrbkvxA6z2DQtfNa/AX1IbsU/j7DoraIEfFKpvsGy1qIP9y63x3a/3e2Pm/MXsZ9LXA==

IP address

-Parking.redcoruna.com uses IP address which is currently shared with 4 other domains. The more sites share the same IP address, the higher the host server’s workload is. It is strongly recommended that the host server should be changed or the hosting provider should be requested to give a different (separate) IP address for this domain.

Poor result
IP Trace

-parking.redcoruna.com

-fernandezdiaz.es

-redcoruna.com

-panel.redcoruna.com

-wowsfera.com

polonus
« Last Edit: May 31, 2020, 06:14:16 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: wp-missed-schedule-code and link to parking redcoruna dot com?
« Reply #1 on: May 31, 2020, 07:00:17 PM »
In this way we could easily meet with scam activity: example insecure archived site:
-https://sitecheck.sucuri.net/results/www.ranumbrandt dot dk/wp-admin/
Quote
TLS Recommendations
Password input field detected on an unencrypted HTTP page. Please use HTTPS protocol to protect login forms:
hxtp://www.ranumbrandt.dk/wp-login.php?redirect_to=hxtp://www.ranumbrandt.dk/wp-admin/&reauth=1
and through this we could land at:
Website blocked due to a suspicious top level domain (TLD)
Website blocked: wXw.ratucasino88 dot biz

Malwarebytes Browser Guard blocked this website because it may contain scam activity.
We strongly recommend you do not continue. And of course we did accordingly.
Good to have that extension warn me inside Avast Secure Browser beta.  ;)
(link alternatif -ratucasino88 yang masih aktif, Indonesian meaning "an alternative link that is still active"
livechat -ratucasino88 untuk info lebih lanjut = for more information). (translation source used by me is Google Translate)

See how easily it could be to abuse Word Press CMS infrastructure,
loads of this abuse form l33t Indonesian ?-S php hackers    ::)

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »