Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: vixenlights appears to be compromised

  1. #11
    Join Date
    Nov 2011
    Location
    Brandon, MB, Canada
    Posts
    380
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    Quote Originally Posted by jchuchla View Post
    Are you all running into this from google, or are some of you using other search engines?


    Sent from my iPhone using Tapatalk
    I went directly to vixenlights dot com
    Jason C

  2. #12
    Join Date
    Nov 2011
    Location
    Chicago - Southwest Suburbs
    Posts
    7,754
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    Quote Originally Posted by jcross View Post
    I went directly to vixenlights dot com
    Sounds like it could be a DNS hijack at your ISP.


    Sent from my iPhone using Tapatalk

  3. #13
    Join Date
    Nov 2011
    Location
    Brandon, MB, Canada
    Posts
    380
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    Quote Originally Posted by jchuchla View Post
    Sounds like it could be a DNS hijack at your ISP.


    Sent from my iPhone using Tapatalk
    Two different ispís, and I recognized that so changed dns to google and same issue, cleared host files also. Not sure what to tell ya.


    Sent from my iPhone using Tapatalk
    Jason C

  4. #14
    Join Date
    Mar 2014
    Posts
    361
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    That would be at least three different ISP’s as I am in Australia.

  5. #15
    Join Date
    Oct 2011
    Location
    Maryville, Illinois
    Posts
    1,609
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    I have hit it from Safari on OSX, Chrome and Edge on Windows, and Safari on IOS and in all cases I go right to the web site as it should. I also tried from the Avast Secure browser on Windows and it worked fine as well with no complaints about site issues. I also searched for it on Google and hit the link there and it navigated correctly. So I am not sure how you are getting that. I would think if the site itself was compromised I would see it also.

  6. #16
    Join Date
    Nov 2013
    Location
    Morganton,North Carolina
    Posts
    1,646
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    No issues here.
    (1)Falcon PI Player (Running the show)
    (1)Falcon F16V3
    (1)Renard SS16
    (1)Renard SS24
    (1)EDM-LCD-CS-EP
    (20)P10 Panels



    WIKI
    Become A Supporting Member

    Falcon Christmas
    Renard Controllers


  7. #17
    Join Date
    Dec 2011
    Posts
    89
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    I tried it right after this got posted and again right now. No issues for me.

  8. #18
    Join Date
    Oct 2012
    Location
    Seal Beach, CA
    Posts
    44
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    I just hit it through google and it did go first to a funky site. Let me see if I can get it to do it again with developer tools open. But the URL looked right though it has a weird query parameter.

  9. #19
    Join Date
    Oct 2012
    Location
    Seal Beach, CA
    Posts
    44
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    It's weird. It did it the first time I hit the site on my desktop. I was in linux, I tried rebooting and using windows to be 100% sure it wasn't looking at anything cached and it wouldn't do it. I put my phone on LTE and it did it the first time, but again subsequent attempts aren't doing it. Might be able to recruit some friends or use a VPN to hit it their first time with fiddler or developer tools open.

  10. #20
    Join Date
    Oct 2012
    Location
    Seal Beach, CA
    Posts
    44
    Post Thanks / Like

    Default Re: vixenlights appears to be compromised

    I caught it in wireshark by pushing my phone in & out of airplane mode a few times while tethered to my laptop. The server is responding with a redirect page and the ip looks correct. My first guess would be the webserver, but being so intermittent is really strange. Too bad the site isn't https to quickly narrow down if the malicious content is actually being served from that server. See the screenshot, I have the full log saved but I don't see anything interesting beyond that packet. I saw the issue at one point or another on my desktop using Chrome in linux, my phone with its built in browser on LTE, then finally caught it on my Mac tethered through the phone's LTE connection.

    Screenshot from 2019-10-19 23-34-31.jpg

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •