uBlock0 blocks 50.87.144.133 → http://toolbar.netcraft.com/site_report?url=+50.87.144.133
Unified Layer hostgator infested server? https://cymon.io/50.87.144.133
Host banned for sending malware: http://www.malwareurl.com/ns_listing.php?ip=50.87.144.133
and https://www.threatminer.org/host.php?q=50.87.144.133 → https://www.dns.coffee/ip/50.87.144.133
IP abuse: https://www.webiron.com/abuse_feed/ Host banned for sending malware command and control commands.,
Orphan Malware Scanner
polonus
Just an explanation what firehole may defend against.
(re: -https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cybercrime.ipset ) Do not go there…
Investigating on this IP address with WP that has come to be under brute force attacks: http://toolbar.netcraft.com/site_report?url=http://ppp-171-96-211-3.revip8.asianet.co.th
Read: https://steamid.eu/badvisitors_by_ip.php?ip=171.96.211.3 read background: https://hackertarget.com/attacking-wordpress/
What attack bot involved? https://www.webiron.com/bot_lookup/78c5e7c8e2bf89b015688ee6cb512412
SEO XOVIBOT * and WP log-in attempts reported: https://www.webiron.com/iplookup/
Vuln.: on -http://www.trueinternet.co.th/THA/home.html
Detected libraries:
jquery - 1.9.1 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.trueinternet.co.th%2FTHA%2Fhome.html
And here is the threat on one of the scripts from there: https://otx.alienvault.com/indicator/domain/hits.truehits.in.th/
Generic18.QEX malware downloader…
polonus
As an additional for those into cybersecurity here, this massive list of the cybersecurity involved groups: https://cyberwarzone.com/massive-list-300-cyber-security-groups-linkedin-know/
Damian (volunteer website security analyst and website error-hunter)