Besides a unpatched vulnerability for 70 CCTV DVR with a Chinese vendor.
And we also see a DOM-XSS vulnerability luring in the background. Let’s have a look here:
Then look at the analysis here: http://www.domxssscanner.com/scan?url=http%3A%2F%2F220.128.119.155%2F
Detected: Results from scanning URL: -http://220.128.119.155/
Number of sources found: 7
Number of sinks found: 12
Read here: https://stackoverflow.com/questions/25440918/how-to-protect-location-href-from-cross-site-scripting-in-javascript
and the further explanation from Pedro Gámez, overshadow & jupenur here: https://stackoverflow.com/questions/24078332/is-it-secure-to-use-window-location-href-directly-without-validation/24089350#24089350
Info credits go to StackOverflow members mentioned here.
Looking into this address because of alerting aspecific GRE traffic, becoming an item reported here: https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
and also here: https://isc.sans.edu/forums/diary/More+on+Protocol+47+denys/21867/
Interesting to know what this attack if it is any could be all about?
Also consider this error
line:14: SyntaxError: missing } in XML expression:and we should look for testfile.htm - example: htxp://daihocdieuduong.dyndns.org/PcamEn.htm
error: line:14: document.location.href = “PcamEn.htm”;
error: line:14: …^
polonus (volunteer website security analyst and website error-hunter)