More malcode on that same ASN: 144.76.224.213 → https://urlquery.net/report/af9a5777-fc5b-420b-8ab8-4f03497e4d41
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.5.31
X-Powered-By:
PHP/5.5.31
IP Address:
-144.76.224.213
Hosting Provider:
Hetzner Online GmbH
Shared Hosting:
36 sites found on -144.76.224.213
Site is blacklisted scan failed: https://sitecheck.sucuri.net/results/www.descubra.info/wp-content/
Outdated Software detected. CoinMiner threats were detected: https://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.descubra.info%2Fwp-content%2F
Now 6 to flag: https://www.virustotal.com/#/url/4c5feba4af1c604b8f1e0268283b8af9e7b996a3a22905bc22552bfbebec8d1a/detection
OK from Dr. Web’s URLologist. Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LiN7c151Yn18LltuZl0%3D~enc
Detected in Cloudflare - https://retire.insecurity.today/#!/scan/1fcfeee1a460ffce676bbdc7440bdb0beb6e860c2a69677816dc78e3cb899bcb
For the website at hand
Retire.js
jquery 1.12.4 Found in http://www.descubra.info/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Blocked via uMatrix for me is connection to - uMatrix has prevented the following page from loading:
hxtps://static.getclicky.com/js
&
uMatrix has prevented the following page from loading:
-https://srv.buysellads.com/ads/CVAI653I.json?callback=_bsa_go&segment=placement:demo
without parameters = -https://srv.buysellads.com/ads/CVAI653I.json
callback = _bsa_go
segment = placement:demo
Security Headers not returned: HTTP security headers Name Value
Setting secure
x-content-type-options Header not returned
Insecure Icon
x-xss-protection Header not returned
Insecure Icon
x-frame-options Header not returned
Insecure Icon
content-security-policy Header not returned
Insecure Icon cache-control Header not returned
Info from the developer’s console in Brave version 1.0:
JQMIGRATE: Migrate is installed, version 1.4.1
wXw.google-analytics.com/analytics.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
content.js:19 Loaded script with known vulnerabilities: htxp://www.descubra.info/wp-includes/js/jquery/jquery.js?ver=1.12.4
Most of the intereaction because of uMatrix script blocking and ad-blocking because of the particular settings of my web-client.
Also consider: https://www.shodan.io/host/144.76.224.213 Abuse on
Hostname -server2.watsinc.com
ASN AS24940
Organization Hetzner Online GmbH
Country Germany (DE)
GoDaddy abuse: https://toolbar.netcraft.com/site_report?url=server2.watsinc.com
Excessive info proliferation - exploitable: https://www.cvedetails.com/version/127585/ISC-Bind-9.8.2.html
because of 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 and other vulnerabilities https://pastebin.com/SbjwbYVr
All above info retained through 3rd party cold reconnaissance website security scanning and website error-hunting.
Cyber Hygiene, a must and should not be a last resort issue, for a better security for all of us online is vital,
static analysis often means “it’s a day after the fair”, but anyway we give 'em as we find these facts,
polonus