Generic Long Overdue Malware on IP - IDS alerts .....

Viruses and worms
1

Re: https://urlquery.net/report/90282e6a-4ed6-4fe3-8c3f-3af80a5493a9
ET INFO WinUpack Modified PE Header Inbound - ET POLICY PE EXE or DLL Windows file download HTTP - ET INFO EXE - Served Attached HTTP on client IP. Leaseweb dot nl CloudFlare abuse, https://www.reasoncoresecurity.com/ip-address-95.211.227.227.aspx
Issues: http://support.clhttps://threatintelligenceplatform.com/report/s7258.chomikuj.pl/bBaO0f8G74
Malware on domain: http://support.clean-mx.de/clean-mx/viruses.php?domain=chomikuj.pl&sort=
Re: http://toolbar.netcraft.com/site_report?url=http://chomikuj.pl
Consider on IDS: https://blog.inliniac.net/2012/03/07/f-secure-av-updates-and-suricata-ips/
Given safe here: https://virustotal.com/#/url/e559288866ace7017d967b9e108db18da4f1965d06ad9a71aa65800093442cf7/detection
on domain: https://virustotal.com/#/domain/s7258.chomikuj.pl

polonus (volunteer website security analyst and website error-hunter)

2

Also found insecure log-in on website: Poradniki - Dla dzieci - ksiazki - Chomikuj.pl padlock icon
-chomikuj.pl
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://chomikuj.pl/ksiazki/Dla+dzieci/Poradniki
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

Chain installation:
2 certificates found: RSA and ECC.
To view each certificate chain, click a tab below.

Common name:
ssl367231.cloudflaressl.com
SAN:
ssl367231.cloudflaressl.com, *.chomikuj.pl, chomikuj.pl
Valid from:
2017-Jul-08 00:00:00 GMT
Valid to:
2018-Jan-14 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:

Organizational unit:
PositiveSSL Multi-Domain,Domain Control Validated
City/locality:

State/province:

Country:

Certificate Transparency:
Not embedded in certificate
Serial number:
8d51069b87a9348578f8f39a88eacd77
Algorithm type:
SHA256withRSA
Key size:
2048

Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled

Comodo RSA - Comodo Domain Validation Secure Server CA - ssl367231.cloudflaressl.com = Tested Certficate.

polonus