What is "vacceedpasian.com"?

Last month, I noticed a bunch of CSP enforcement block actions against https://vacceedpasian.com/conversion.js, and I'm curious if anyone knows what this is. 

CSP stands for "Content Security Policy" and is a mechanism by which web sites can help detect and protect themselves against certain kinds of attacks such as cross-site scripting (XSS). We implement it at Epic Road Trip Planner, and use a trusted third-party service called Report URI to monitor detection and enforcement of attempted violations of our CSP policy. 

You can think of CSP a bit like my spry overgrown puppy of a grand-dog below. Even though he has no clue what his big beautiful brindled beast of a sister even wants over there, he's definitely going to pounce on her to stop her (enforce the CSP), and bark to let me know (send an enforcement report to Report URI). 


Two dogs - the larger brindled dog appears to just be trying to go about her day, and the other, a sleek black pitbull mix, is poised to pounce.

(I know that's a bit of a tortured analogy, but I sure do love these dogs, and I wanted you to see them.)

Screenshot of report-uri.com, showing a table of CSP reports and enforcements of attempted JavaScript injection of https://vacceedpasian.com/conversion.js on Wednesday, September 4


In addition to well-known and obviously nefarious XSS, there are various additional injections - some of them arguably legitimate - that are blocked by good, effective CSP. For instance, the integrated in-app browser from Instagram injects it's own JavaScript into pages, ostensibly for tracking. JavaScript injected by in-app browsers is an entirely different topic, but in any case, it's all intentionally blocked by our CSP at Epic Road Trip Planner in the interest of our users' privacy and security. Ditto browser extensions. We see a significant number of reports and enforcement of in-app browser and browser extension JavaScript injections on Report URI.

In any case, about a month ago, I started noticing an increasing number of enforcement block actions against https://vacceedpasian.com/conversion.js, and so far, I have been unable to determine where they're actually from. I subscribe to a number of threat intelligence alerts, and have not seen any traffic on any of those about it, either. By virtue of it's name, I would GUESS it's injected by any of several browser extensions that serve ads and/or track user behavior, but I'd like to KNOW, and I'm writing this because I couldn't find any information.

Here are a few things I do know:

They appear to be coming from Chrome browsers running on both Windows and macOS. I haven't seen reports from other browsers or operating systems so far.

The domain "vacceedpasian.com" was registered, privately, through Key-Systems GmbH on July 12 - so it's a relatively new domain, and whois won't be able to show who registered it.

Tracing the route to https://vacceedpasian.com shows it being hosted (or at least gatewayed) by Amazon CloudFront and EC2, in Ashburn and Boardman, so it's PROBABLY not Meta, TikTok, Google, Microsoft, Apple or any of the other well-known players there. One notable exception is Amazon itself - I don't yet know how to distinguish between something hosted BY Amazon or AWS vs. something hosted for a third-party ON AWS. 

When I attempt to download the JavaScript file itself, I get a 400 error from nginx/cloudfront, which is unfortunate, but neither surprising nor meaningful to me. 

That's about it, at this point.

If you do happen to know what this JavaScript is, or have suggestions on how to figure this out, please leave a comment below or email security@hillwoodpark.com.

Thanks!

-Tim


Tim Johns
Founder, Hillwood Park

Comments

Post a Comment

Popular posts from this blog

Epic Road Trip Planner 2023 Year In Review

Image
Epic Road Trip Planner  2023 Year in Review Building in Public A few years ago, I set out to plan an extended family cross-country road trip , and was flabbergasted at just how annoying and time-consuming it was to do so. It was a chore. It IS a chore. In early 2023, I founded Epic Road Trip Planner on the not-so-novel idea that both planning AND taking an epic road trip could actually be an enjoyable experience -- NOT a chore.  I firmly believe in building in public, so now that we've got the better part of a year behind us, I'd like to share a bit about how it went and what's next. Bottom Line Up Front In 2023, over 15,000 Epic Road Trip Planner users planned almost 20,000 road trips. I genuinely hope you all took every last one of them, and had an absolutely amazing time! 2023 Timeline The first very basic prototype of Epic Road Trip Planner went live online Monday, March 13. Just a few days later, I took a little trek up to Stemma Brewing Company in Bellingham to atte
Read more

It Is NOT Bright Red, It Is NOT Spurting, and YOU ARE NOT GOING TO DIE!

It Is NOT Bright Red, It Is NOT Spurting, and YOU ARE NOT GOING TO DIE! WARNING: Do not read this story if you are squeamish about blood! Copyright (c) 2009, Timothy A. Johns Be careful what you tell your kids. Not because they might hold it against you later, or they aren't ready for it yet, or you might warp them for life somehow, or all of the other obvious reasons to be careful what you tell your kids. Be careful what you tell your kids because they might remember it with the emphasis on the wrong details... First, a confession of sorts, and I'll just put it right out there (and some of you won't believe me): I faint at the sight of blood. Actually, that's not right. I faint at the sight of MY blood. Actually that's not right either. I faint at the THOUGHT of the sight of MY blood. (and as I write this I quite seriously don't feel so good all the sudden...) I first discovered this little 'issue' at Ft. Knox, Kentucky, when my company First Sergeant d
Read more

Google Calendar Chart Visualization of A Day in the Life of My Diabetic Daughter

Image
My 9 year old daughter Darcie has Type 1 Diabetes, and we use a Google Sheet to track her blood sugar, carb intake, and a couple of other important T1 details. She enters data on a Google Form, and it's populated in the corresponding Google Sheet. We have a number (a large number...) of charts we use to visualize what's going on there.  We, along with her endocrinologist, use the log and the charts to help determine what tweaks we need to make to her insulin regimen to keep her safe and healthy. To see a good visual representation of what goes on with her blood sugar over time, and especially to tell if her school routine, summer routine, and weekend routine are all on track, all along I would have loved to have had a Calendar Chart . We've been working on some pretty cool interactive Calendar Charts over at Tiller , and I'm already totally hooked on using this kind of chart to help me understand my spending habits, so also using them to visualize blood sugar checks i
Read more