Malware links on domain...1000mercis SA abuse

Viruses and worms
1

See: https://urlquery.net/report/4b36510b-7380-4caf-bf67-e143fe3f0dbf

Re: http://toolbar.netcraft.com/site_report?url=http://195.66.82.28

See: http://nzaza.com.ipaddress.com/ & http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fnzaza.com%2F&useragent=Fetch+useragent&accept_encoding=

& https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=nzaza.com&ref_sel=GSP2&ua_sel=ff&fs=1

source content

1: GIF89a����!�,D;
consider info found here: https://stackoverflow.com/questions/29531692/google-measurement-protocol-returns-gif89a-d

6 problems: https://mxtoolbox.com/domain/nzaza.com/

The other malcode link: https://urlscan.io/result/4b0c2fc8-b1fe-4e54-ab36-fe0a2bc686ad/#summary

5 problems: https://mxtoolbox.com/domain/mmtro.com/
similar: http://fetch.scritch.org/%2Bfetch/?url=mmtro.com%2F&useragent=Fetch+useragent&accept_encoding=

80/tcp open http nginx 1.11.3
| http-server-header:
| 29bfbb66fe82f380b88481981a3563756c7e8850
|_ e8ef6b676eb87d4db8bafeb52bdff45dd8618839
|_http-title: Site doesn’t have a title (image/gif).

-nzaza.com
Info
BEAST
This server is vulnerable to a BEAST attack

F-grade status and recommendation: https://observatory.mozilla.org/analyze.html?host=nzaza.com

site is configured with extremely broad resource sharing permissions = dangerous!

polonus

2

On the domain and the redirects:
-http://doctorsoftheworld.org/
301 - Moved Permanently

-https://doctorsoftheworld.org/
200 - OK
Final destination

Consider: https://urlscan.io/result/7cbb749a-cbdf-4453-8c15-d4c2dc731b41#summary

undefined variable jQuery in -doctorsoftheworld.org/wp-content/plugins/gravitate-blocks/library/js/responsive-images.min.js?ver=2.0.0 benign

Compare: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fdoctorsoftheworld.org%2F

errors in script source code line 38 and 39:

script
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: invalid label:
error: line:3: ;{“@context”:“http://schema.org”,“@type”:“WebSite”,“@id”:“#website”,“url”:“hxtps://doctorsoftheworld.org/”,“name”:“Doctors of the World”,“potentialAction”:{“@type”:“SearchAction”,“target”:“htxps://doctorsoftheworld.org/?s={string}”,“qu
error: line:3: …^
error: line:3: SyntaxError: missing } in XML expression:
error: line:3: {”@context":“htxp://schema.org”,“@type”:“WebSite”,“@id”:“#website”,“url”:“htxps://doctorsoftheworld.org/”,“name”:“Doctors of the World”,“potentialAction”:{“@type”:“SearchAction”,“target”:"htxps://doctorsoftheworld
error: line:3: …https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=doctorsoftheworld.org%2F&ref_sel=GSP2&ua_sel=ff&fs=1…^
http://www.sitetop.org/site/doctorsoftheworld.org
and https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=doctorsoftheworld.org%2F&ref_sel=GSP2&ua_sel=ff&fs=1

Retirable jQuery library detected: -https://doctorsoftheworld.org
Detected libraries:
jquery - 1.12.4 : (active1) -https://doctorsoftheworld.org/wp-includes/js/jquery/jquery.js?ver=1.12.4
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

polonus (volunteer website security analyst and website error-hunter)