polonus
4
Hi dutchie,
I do not mean to say that these are threat alerts, nothing more that general insecure coding that could be abused/exploited.
For the evaluation of your case, we have to consider that particular IP’s security and DNS resolving issues!
And then we are going to a new one: htxp://hatchedinafrica.com/
Daily changes → http://www.dailychanges.com/afraid.org/
DNS issues with nameservers: Results for httpembroidershoppe.com
The next instant it is resolving to: thequiltnation.com → http://www.dnssy.com/report.php?q=thequiltnation.com
See the patterns here!
Test Results Status
Checking domain format: Hostname looks good. Pass
Checking for parent nameservers: Found 13 parent nameservers. Pass
Checking for parent glue: Found glue from root nameservers to parent nameservers. Info
NS records at parent nameserver: Your NS records at your parent nameserver are:
Provided by a.gtld-servers.net Info *
Nameservers listed at parent: No nameservers found at parent nameserver. Fail
Your web server appears to reveal version information. This can pose a security risk if vulnerabilities are identified in this version. You should consider disabling version information in your server configuration.
WWW server alert from DNSsy
- the clue to it all this is a strange Bot-powered Scam Network , read: https://blog.damballa.com/archives/271
link article credits: – Gunter Ollmann, VP Research
– Credit to Roberto Perdisci for the detailed analysis
polonus