The nameserver is DROWn vulnerable: https://test.drownattack.com/?site=66-34-242-122.static.dal01.corespace.com
Server header info proliferation: Apache/2.2.31 Unix mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
shows to have madshell expoitability.
See insecurity here: http://toolbar.netcraft.com/site_report?url=http://www.er-apocalypse.com
CoreSpace abuse found: http://killmalware.com/er-apocalypse.com/
-http://welcome.exploit-media.com/
Description of attack could only be found as cache content: -htxps://webcache.googleusercontent.com/search?q=cache:itmK89r0jhQJ:znx.lehighvalleybarbell.com/Mw68.htm+&cd=1&hl=nl&ct=clnk&gl=nl
(do not visit link - avast flags it as being infested! - I did block it on purpose - pol).
Insecure IDs tracking detected.
polonus
Good that avast flagged the link as URL:Mal infested for hxtp://185.38.197.68/Mw68.htm
pol
Similar hack and defacement was being performed here: http://killmalware.com/landsocial.com/#
See: http://toolbar.netcraft.com/site_report?url=http://landsocial.com
GoDaddy abuse and again on secureserver with the same server configuration and similar server header info proliferation.
Insecure IDs tracking on webspage detected:
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d60af0211ec4da2339XXXXXXXXXX5be11458137834
-i.imgur.com __cfduid
DROWn exploitable: https://test.drownattack.com/?site=ns47.domaincontrol.com
Hosting Security is well “under par” so to say:
Crypto report for secureserver.net
Warnings
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
TLS1.2
This server does not support the latest TLS protocol. Enable the latest TLS1.2 protocol. Contact your web server vendor for further assistance.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by Starfield Technologies, Inc. to help secure personal and financial information.
Common name:
*.secureserver.net
SAN:
*.secureserver.net, secureserver.net
Valid from:
2014-Aug-25 16:21:59 GMT
Valid to:
2017-Aug-25 16:21:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Special Domain Services, LLC
Organizational unit:
City/locality:
Scottsdale
State/province:
Arizona
Country:
US
Certificate Transparency:
Not embedded in certificate
Serial number:
27b78b2246c9c1
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
Starfield Root Certificate Authority - G2Intermediate certificate
Starfield Secure Certificate Authority - G2Intermediate certificate
*.secureserver.netTested certificate
Server configuration
Host name:
ip-208-109-4-222.ip.secureserver.net
Server type:
Microsoft-IIS/7.0
IP address:
208.109.4.222
Port number:
443
Protocols enabled:
TLS1.0
Protocols not enabled:
TLS1.2
TLS1.1
SSLv3
SSLv2
Secure Renegotiation:
Not Enabled
Downgrade attack prevention:
Unknown
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Enabled
OCSP stapling:
Enabled
Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Bad web rep on https://www.mywot.com/en/scorecard/ip-192-169-213-96.ip.secureserver.net?utm_source=addon&utm_content=rw-viewsc
Server scan warnings: https://asafaweb.com/Scan?Url=ip-192-169-213-96.ip.secureserver.net%2Fcgi-sys%2Fdefaultwebpage.cgi
polonus