What is "vacceedpasian.com"?

Last month, I noticed a bunch of CSP enforcement block actions against https://vacceedpasian.com/conversion.js, and I'm curious if anyone knows what this is. 

CSP stands for "Content Security Policy" and is a mechanism by which web sites can help detect and protect themselves against certain kinds of attacks such as cross-site scripting (XSS). We implement it at Epic Road Trip Planner, and use a trusted third-party service called Report URI to monitor detection and enforcement of attempted violations of our CSP policy. 

You can think of CSP a bit like my spry overgrown puppy of a grand-dog below. Even though he has no clue what his big beautiful brindled beast of a sister even wants over there, he's definitely going to pounce on her to stop her (enforce the CSP), and bark to let me know (send an enforcement report to Report URI). 


Two dogs - the larger brindled dog appears to just be trying to go about her day, and the other, a sleek black pitbull mix, is poised to pounce.

(I know that's a bit of a tortured analogy, but I sure do love these dogs, and I wanted you to see them.)

Screenshot of report-uri.com, showing a table of CSP reports and enforcements of attempted JavaScript injection of https://vacceedpasian.com/conversion.js on Wednesday, September 4


In addition to well-known and obviously nefarious XSS, there are various additional injections - some of them arguably legitimate - that are blocked by good, effective CSP. For instance, the integrated in-app browser from Instagram injects it's own JavaScript into pages, ostensibly for tracking. JavaScript injected by in-app browsers is an entirely different topic, but in any case, it's all intentionally blocked by our CSP at Epic Road Trip Planner in the interest of our users' privacy and security. Ditto browser extensions. We see a significant number of reports and enforcement of in-app browser and browser extension JavaScript injections on Report URI.

In any case, about a month ago, I started noticing an increasing number of enforcement block actions against https://vacceedpasian.com/conversion.js, and so far, I have been unable to determine where they're actually from. I subscribe to a number of threat intelligence alerts, and have not seen any traffic on any of those about it, either. By virtue of it's name, I would GUESS it's injected by any of several browser extensions that serve ads and/or track user behavior, but I'd like to KNOW, and I'm writing this because I couldn't find any information.

Here are a few things I do know:

They appear to be coming from Chrome browsers running on both Windows and macOS. I haven't seen reports from other browsers or operating systems so far.

The domain "vacceedpasian.com" was registered, privately, through Key-Systems GmbH on July 12 - so it's a relatively new domain, and whois won't be able to show who registered it.

Tracing the route to https://vacceedpasian.com shows it being hosted (or at least gatewayed) by Amazon CloudFront and EC2, in Ashburn and Boardman, so it's PROBABLY not Meta, TikTok, Google, Microsoft, Apple or any of the other well-known players there. One notable exception is Amazon itself - I don't yet know how to distinguish between something hosted BY Amazon or AWS vs. something hosted for a third-party ON AWS. 

When I attempt to download the JavaScript file itself, I get a 400 error from nginx/cloudfront, which is unfortunate, but neither surprising nor meaningful to me. 

That's about it, at this point.

If you do happen to know what this JavaScript is, or have suggestions on how to figure this out, please leave a comment below or email security@hillwoodpark.com.

Thanks!

-Tim


Tim Johns
Founder, Hillwood Park

Comments

Post a Comment

Popular posts from this blog

Epic Road Trip Planner 2023 Year In Review

Image
Epic Road Trip Planner  2023 Year in Review Building in Public A few years ago, I set out to plan an extended family cross-country road trip , and was flabbergasted at just how annoying and time-consuming it was to do so. It was a chore. It IS a chore. In early 2023, I founded Epic Road Trip Planner on the not-so-novel idea that both planning AND taking an epic road trip could actually be an enjoyable experience -- NOT a chore.  I firmly believe in building in public, so now that we've got the better part of a year behind us, I'd like to share a bit about how it went and what's next. Bottom Line Up Front In 2023, over 15,000 Epic Road Trip Planner users planned almost 20,000 road trips. I genuinely hope you all took every last one of them, and had an absolutely amazing time! 2023 Timeline The first very basic prototype of Epic Road Trip Planner went live online Monday, March 13. Just a few days later, I took a little trek up to Stemma Brewing Company in Bellingham to at...
Read more

It Is NOT Bright Red, It Is NOT Spurting, and YOU ARE NOT GOING TO DIE!

It Is NOT Bright Red, It Is NOT Spurting, and YOU ARE NOT GOING TO DIE! WARNING: Do not read this story if you are squeamish about blood! Copyright (c) 2009, Timothy A. Johns Be careful what you tell your kids. Not because they might hold it against you later, or they aren't ready for it yet, or you might warp them for life somehow, or all of the other obvious reasons to be careful what you tell your kids. Be careful what you tell your kids because they might remember it with the emphasis on the wrong details... First, a confession of sorts, and I'll just put it right out there (and some of you won't believe me): I faint at the sight of blood. Actually, that's not right. I faint at the sight of MY blood. Actually that's not right either. I faint at the THOUGHT of the sight of MY blood. (and as I write this I quite seriously don't feel so good all the sudden...) I first discovered this little 'issue' at Ft. Knox, Kentucky, when my company First Sergeant d...
Read more

A Lesson in Entrepreneurship From Playing Chicken With a Squirrel

The following is a blog entry I originally wrote many years ago, for humor value. Re-reading it again this morning, I realized it illustrates at least one personal, striking lesson in entrepreneurship.  I went to college in the early 90's in East Texas, where a man is often equated with the truck he owns. I say 'often', because if it were 'always', then my roommate John would have been the biggest, nastiest, most gargantuan creature of all time. And he would have smoked and rattled. To get back and forth between our house and school (or maybe it was suggested by their home owner's association), John's family gave him their big, old, 1974 Ford Extended Cab pickup, formally known as The Guck. Now remember in 1974, American automobiles were BIG. 1974 was the first year for the extended-cab, so Ford made that BIG, too. And it had a camper. A BIG camper. This gargantuan beast was so big, we actually measured the carport before his parents brought it up, just t...
Read more