Hi Steven,
The security on -http://w9e.rzone.de/ is or was at least under par.
Just read on what I have seen there through 3rd party scanning,
and re-combining several scan results while searching the terms.
For instance see here what this A.S. is hosting: http://sitevet.com/db/asn/AS6724
and that is almost all the flaws of abuse in the book,
playing out on 205 blacklisted URLs at present there at that AS.
And from the Historical Badness picture we see that the situation at STRATO STRATO AG has been much worse in the past.
Time for a crypto report on the hostname: -w9e.rzone.de which gives a 404 (closed for port 80/443)
as it is known to have a very bad web rep,and here it is parading too:
https://www.malwaredomainlist.com/mdl.php?inactive=on&sort=Reverse&search=&colsearch=All&ascordesc=DESC&quantity=50&page=57 (quite a list of baddies there
for that particular IP)
with finds Redkit exploit kit, iFrame on compromise leading to Angler EK badware, Spyware.ZeuS.GO
(heh, SiteVet report forgot about that one).
Also FreeSAS seems interested in that IP, and this is Organization:
IP Pool for Iliad-Entreprises Business Hosting Cus, that recently came to scan that IP.
21/tcp open ftp ftpd.bin round-robin file server 3.4.0r12
|_ftp-anon: Anonymous FTP login allowed (FTP code 230) -
Just one has to check if there is an Anonymous Acount open
and they are feed for the proverbial birds.
And that was what actually been performed there,
as we find a report of it here: https://www.threatcrowd.org/ip.php?ip=81.169.145.144
80 and 443 return a Not Found or Bad Request -m
So there is still some work to do at this server to protect against abuse there.
polonus (volunteer website security analyst and website error-hunter)
