Hi team, I usually don’t post what appears on the antivirus, but know I’m curiouss, can you explain me?
I get a constant attack from l1s.strn-test.pl what does exactly this mean? that somebody is trying to hit my ports?
But I’m using a VPN, how they know my adress?
is there a way to stop them?
this is the ID of the attack 6df891ec2d10/2023-03-21T19:49:28.127Z
Please include a screenshot of the Avast warning pop-up, including the “Details” part.
That was yesterday
<img src=https://i0002.clarodrive.com/ocs/v1.php/apps/amx_branding/api/v1/preview?fileId=2314812088&x=-1&y=-1&animated=true&crop=false>
And this one is from today
<img src=https://i0002.clarodrive.com/ocs/v1.php/apps/amx_branding/api/v1/preview?fileId=2314815898&x=-1&y=-1&animated=true&crop=false>
So whats the point of a VPN if you still get attacked
Attach images to your post, posting links to unknown 3rd party sites, people won’t visit.
Use the Attachments and other options below the text window you use to post.
See attached screenshot on what to do. Click to expand the image.
Witam chordelord,
2 vendors to flag this destination website address as with phishing: https://www.virustotal.com/gui/url/0fc58c467206dc550a35b016e4d1addd8b81ba4b6e571d2ad1e32e36b7cac4db
It is a bitcoin related phish, e.g. Filecoin phish on slack; but with only a 11,1% score of being a genuine PHISH,
this 'though site has been blacklisted by MacAfee’s ->: https://sitecheck.sucuri.net/results/l1s.strn-test.pl
Returning a code 0. The site you give does not resolve (anymore).
See also: https://en.internet.nl/site/strn.network/1995899/
See: https://urlscan.io/result/176b4f90-2c71-4663-bafc-6b54902bbde3/#summary (indicators).
Final redirect has very well implemented CSP (content security policy),
So I would not worry that much, but wait for a final verdict from avast’s team.
The second link you presented has lerss of a clickjacking protection: https://sitecheck.sucuri.net/results/https/i0002.clarodrive.com (but not malicious as such)
Re;
jquery 1.11.0 Found in htxps://www.clarodrive.com/js/jquery.min.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Stay safe and secure both online and offline, pozdrawiam,
’
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
A VPN doesn’t specifically protect from malware, it might hide your location, from the recipient. But when your computer connects to a site (VPN connection or otherwise) it has to be able to send back to the originating IP or you wouldn’t be able to browse the internet.
So if the connection originates from your system then the return comes back to your system and Avast would alert if it considers it malicious. That is why we are asking for a screenshot of the alert.
And why I showed how to do that.
The alleged Filecoin phishing site does not resolve now anymore,
so was only short-lived.
Being behind a VPN or not; it is now “water under the bridge”.
Nothing to do with the security of Filecoin (on strn.network)
It is vulnerability probably through lousy Java code implementation,
and then as DavidR correctly states a VPN will not protect
the end-user against such scam and phishing,
polonus
OK thanks everybody for their replies…I have several notifications, here is it one fresh
What you said about clarodrive, it should be harmless, is a cloud drive service, so shouldnt be any risk, I uploaded the pictures there.