Script with privacy error on avast forum outdated cert. on now parked domain

What was detected:
-https://srvvtrk.com/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51807x8081x&r=1553699779276
srvvtrk.com Expiral date cert date invalid

Site Report
Risk Rating: 1
Country: DE Site rank: NA
First seen: Nov 2017 Host: Hetzner Onli…
PFS: :heavy_check_mark: SSLv3: Not supported

Not good for an av-solution to run third party code with an outdated Let’s Encrypt Authority X3 certificate, now parked domain.

Flagged as malicious by ESET: https://www.virustotal.com/nl/url/d6d9d7e462ea834d0b50e90ff163ac31114160d70afe2a83fc37b4566c9becf1/analysis/1553700472/

Google Safe browsing blocks access, as with privacy error your connection is not private.

It is a parked domain now, seems a bit sloppy, avast. Please, mind your own shop of 3rd party forum code.
Re: https://sitecheck.sucuri.net/results/srvvtrk.com

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Think, there is no code :wink: ;D being returned from it:
https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c312dnR9ay5eXW1gOTF8MjU1NjgzOHw3XjMze3xeMjg0e3t8MzBiI15eMjlgdnxsWyN8dHstc1t0ey5qczx1WyM9NTE4MDd4ODA4MXgmfT0xNTUzNzAxNjg4OTQz~enc

So nobody got caught from this end of the client and the server nulled it already.
But better not have it implemented.

Bitdefender blocks all coming from IP -http://144.76.185.168/ as dangerous

polonus

uMatrix now also blocks this.

uMatrix has prevented the following page from loading:

-https://srvvtrk.com/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51807x8081x&r=1553707358647
-https://srvvtrk.com/91a2556838a7c33eac284eea30bdcc29/validate-site.js
uid = 51807x8081x
r = 1553707358647

pol

More malcode on that same ASN: 144.76.224.213 → https://urlquery.net/report/af9a5777-fc5b-420b-8ab8-4f03497e4d41
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK

Web Server:
Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.5.31
X-Powered-By:
PHP/5.5.31
IP Address:
-144.76.224.213
Hosting Provider:
Hetzner Online GmbH
Shared Hosting:
36 sites found on -144.76.224.213

Site is blacklisted scan failed: https://sitecheck.sucuri.net/results/www.descubra.info/wp-content/
Outdated Software detected. CoinMiner threats were detected: https://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.descubra.info%2Fwp-content%2F

Now 6 to flag: https://www.virustotal.com/#/url/4c5feba4af1c604b8f1e0268283b8af9e7b996a3a22905bc22552bfbebec8d1a/detection

OK from Dr. Web’s URLologist. Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LiN7c151Yn18LltuZl0%3D~enc
Detected in Cloudflare - https://retire.insecurity.today/#!/scan/1fcfeee1a460ffce676bbdc7440bdb0beb6e860c2a69677816dc78e3cb899bcb
For the website at hand

Retire.js
jquery 1.12.4 Found in http://www.descubra.info/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers

Blocked via uMatrix for me is connection to - uMatrix has prevented the following page from loading:
hxtps://static.getclicky.com/js
&
uMatrix has prevented the following page from loading:

-https://srv.buysellads.com/ads/CVAI653I.json?callback=_bsa_go&segment=placement:demo
without parameters = -https://srv.buysellads.com/ads/CVAI653I.json
callback = _bsa_go
segment = placement:demo

Security Headers not returned: HTTP security headers Name Value

Setting secure
x-content-type-options Header not returned

Insecure Icon
x-xss-protection Header not returned

Insecure Icon
x-frame-options Header not returned

Insecure Icon
content-security-policy Header not returned

Insecure Icon cache-control Header not returned

Info from the developer’s console in Brave version 1.0:

JQMIGRATE: Migrate is installed, version 1.4.1
wXw.google-analytics.com/analytics.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
content.js:19 Loaded script with known vulnerabilities: htxp://www.descubra.info/wp-includes/js/jquery/jquery.js?ver=1.12.4

Most of the intereaction because of uMatrix script blocking and ad-blocking because of the particular settings of my web-client.
Also consider: https://www.shodan.io/host/144.76.224.213 Abuse on

Hostname -server2.watsinc.com
ASN AS24940
Organization Hetzner Online GmbH
Country Germany (DE)
GoDaddy abuse: https://toolbar.netcraft.com/site_report?url=server2.watsinc.com
Excessive info proliferation - exploitable: https://www.cvedetails.com/version/127585/ISC-Bind-9.8.2.html
because of 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 and other vulnerabilities https://pastebin.com/SbjwbYVr

All above info retained through 3rd party cold reconnaissance website security scanning and website error-hunting.

Cyber Hygiene, a must and should not be a last resort issue, for a better security for all of us online is vital,
static analysis often means “it’s a day after the fair”, but anyway we give 'em as we find these facts,

polonus