unknown_html ARIN US abuse at he dot net 216.218.224.229 to 216.218.224.229 classicgemsinternational dot com
On the code:
classicgemsinternational dot com/sites/all/modules/slideshow/js/slideshow.js?mr3tdl benign
[nothing detected] (script) classicgemsinternational dot com/sites/all/modules/slideshow/js/slideshow.js?mr3tdl
status: (referer=classicgemsinternational dot com/shipping-and-return-policy)saved 19256 bytes 1c31c53864885f1ba9a72521605f36bcf26b4f45
info: [decodingLevel=0] found JavaScript
suspicious:
Excessive headers: Warning
Requested URL: htxp://classicgemsinternational.com/shipping-and-return-policy | Response URL: htxp://classicgemsinternational.com/shipping-and-return-policy | Page title: shipping and return policy | Classic Gemsinternational | HTTP status code: 200 (OK) | Response size: 19,785 bytes (gzip’d) | Duration: 1,920 ms
Overview
By default, excessive information about the server and frameworks used by an ASP.NET application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.
Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks. System Details:
Running on: Apache/2.2.25
System info: (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered by: PHP/5.2.17
IP address has been identified as risky by one/more sources
Web application details:
Application: Drupal 7 (http://drupal.org)
See: https://www.virustotal.com/nl/ip-address/216.218.224.229/information/ -
IP listed: http://www.projecthoneypot.org/ip_216.218.224.229
Potentially risky methods used on server at newscorpio.hrn9 dot com! → DNS cache poising alert!
202/207 websites on one and the same IP: http://sameid.net/ip/216.218.224.229/
We recommend to not have too many website neighbors because if a website will be infected by malware it can affect also the online reputation of the other websites.
PHISHING on that AS and IP: http://support.clean-mx.com/clean-mx/phishing.php?domain=216.218.224.229&sort=id%20DESC
pol