Author Topic: Tests and other Media topics  (Read 455811 times)

0 Members and 3 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1005 on: July 09, 2022, 02:27:21 PM »
Checking for a Magento webshop site (random example):
(cold recon 2rd party scan results): https://www.magereport.com/scan/?s=https%3A%2F%2Fwww.tdcautomotive.com%2F
& https://webscan.foregenix.com/webscan_results.html?scanid=15f45d6b_1348_41e2_8375_ca2101279684&type=2&emailaddress=
& https://magentary.com/magento-security-patch-tester/
SSL checker results
Quote
Resolves to   -www.tdcautomotive.com
Expiration date   Jun 17, 2023
Vendor signed   No
Hostname   Doesn't Match
Key length   2048
Server type   NA
Common name   -tdcautomotive.com
SAN   -tdcautomotive.com, -www.tdcautomotive.com
Organization   Starfield Technologies, Inc.
Common name   Starfield Secure Certificate Authority - G2 Starfield Secure Certificate Authority - G2
Serial number   a4:36:46:d1:88:8f:65:d7
Signature algorithm   sha256WithRSAEncryption
Fingerprint (SHA-1)   C4DD2404FFA414580125E5A6DD936D4854750A13
Fingerprint (MD5)   C7DECE69DB4AEE913298BBDA0C40BC48

Retire.js results:
Quote
jquery   1.12.4   Found in
-https://www.tdcautomotive.com/pub/static/frontend/Smartwave/porto/en_GB/jquery.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
knockout   3.4.2   Found in
htxps://www.tdcautomotive.com/pub/static/frontend/Smartwave/porto/en_GB/knockoutjs/knockout.js _____Vulnerability info:
Medium   XSS injection point in attr name binding for browser IE7 and older
NO CSP POLICIES FOUND.
Vulnerabilities
Another scan delivers - low risk established
https://www.magereport.com/scan/?s=https%3A%2F%2Fros.your-printq.com%2F

But vulnerabilities detected on the server behind that website:, given here: https://www.shodan.io/host/185.137.171.10

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86935
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #1007 on: July 10, 2022, 12:35:12 AM »
Hi Pol,

Want to take a look at this one - https://forum.avast.com/index.php?topic=320277.0 - a bit weird youtube playlists causing avast to alert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1008 on: July 10, 2022, 12:43:56 PM »
Hi DavidR,

I did so in that thread, please read there.

Nice resources to give back to this community, that also found up on such CDNs as inherited,
like -> https://domain.op[/left]endns.com/yt3.ggpht.com

DNS services, that is to say sometimes vital and sometimes rather questionable services.

Have a nice Sunday,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1009 on: July 10, 2022, 04:55:11 PM »
Check dns for being blacklisted: https://www.dnsbl.info/
This domain is now for sale:
Re: https://www.dnsblacklist.org/?domain=dul.ru
Quote

-dul.ru
31.177.80.70
Russia

Result
Not blocked anywhere.

Check spam IPs here: https://glockapps.com/blacklist/all-s5h-net/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86935
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #1010 on: July 10, 2022, 05:26:51 PM »
Hi DavidR,

I did so in that thread, please read there.
<snip>

Have a nice Sunday,

polonus

I have seen it thanks.

Great Sunday here hot as hades right now, watching Wimbledon men's singles final right now.  I hope you are enjoying the good weather also.

It was pretty hot on my morning exercise too, I was out just before 12PM, sweating buckets.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1011 on: July 16, 2022, 07:17:49 PM »
Additionally to this being checked here: https://www.dnsblacklist.org/?domain=dul.ru
Re: https://github.com/NethServer/dns-community-blacklist/blob/master/adguarddns.dns
Compare results ->
Flagged but not being blocked according to what results we got here:
https://www.dnsblacklist.org/?domain=advantageglobalmarketing.com
blocked inside browsers with adblockers because of Easylist blocking: because of filter
-||advantageglobalmarketing dot com^

Quote
We will test your domain name against 17 of the most popular public DNS resolvers available.

AdGuard
CleanBrowing
CloudFlare 1.1.1.1
CloudFlare 1.1.1.3 (Family Filter)
Norton ConnectSafe
Google 8.8.8.8
OpenDNS Family
Quad9
Yandex DNS
Comodo Secure DNS

Check page for DNS via IP: https://matrix.spfbl.net/en/134.209.188.55

polonus
« Last Edit: July 16, 2022, 07:56:27 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1012 on: July 25, 2022, 05:26:35 PM »
All attack samples given here: https://www.thegeekstuff.com/2012/02/xss-attack-examples/
were detected by Malware Script Detector v. 02b run in Tampermonkey extension.
Given in as a Yahoo query this script 'barked' and blocked access.
Example of such a query blocked:
Quote
htxps://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md
semgrep.dev./s/we30
hxtps://itigic.com/find-xss-vulnerabilities-with-findom-xss-scanner/

Console messages: Mixed Content: The page at 'httxs://www.threeworldwars.com/world-war-3/ww3.htm' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'htxp://www.google.com/custom'. This endpoint should be made available over a secure connection.
-ww3.htm:1 Mixed Content: The page at 'htxps://www.threeworldwars.com/world-war-3/ww3.htm' was loaded over HTTPS, but requested an insecure script 'hxtp://www.google-analytics.com/urchin.js'. This request has been blocked; the content must be served over HTTPS.
-ww3.htm:647 Uncaught ReferenceError: urchinTracker is not defined
    at -ww3.htm:647
-ww3.htm:650 A parser-blocking, cross site (i.e. different eTLD+1) script, -htxps://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See
-htxps://www.ch40mestatus.qjz9zk/feature/5718547946799104 for more details.
(anonymous) @ -ww3.htm:650
-ww3.htm:650 A parser-blocking, cross site (i.e. different eTLD+1) script, -https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See htxps://www.ch40mestatus.qjz9zk/feature/5718547946799104 for more details.
(anonymous) @ ww3.htm:650
-ga.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-adsbygoogle.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-connect.facebook.net/en_US/all.js#xfbml=1:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-e8af8301-45e2-41c6-9212-9421ce1b1dc7.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-sp.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-onLoadModule.js:72 ...Selector Finder is running...
VM51:1 Uncaught ReferenceError: popWin is not defined
    at <anonymous>:1:1
3rd party cookie issues: Mixed content: load all resources via HTTPS to improve the security of your site

Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-adsbygoogle.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-connect.facebook.net/en_US/all.js#xfbml=1:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-e8af8301-45e2-41c6-9212-9421ce1b1dc7.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-sp.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-onLoadModule.js:72 ...Selector Finder is running...
VM51:1 Uncaught ReferenceError: popWin is not defined
    at <anonymous>:1:1
Enjoy,

polonus (- and x added in quote by me for obvious reason)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1013 on: July 26, 2022, 11:35:05 PM »
Next through avast protect your privacy against mass surveillance and total control measures:
-> privacytools.io

When not strictly obligatory do not enter personal identifiable data, when you can avoid it,
use an alias in stead. Do not share data online, that you would not already share with all of the globe,
because that is where all data goes on Interwebz.

Always keep this reasoning at the back of your heads, folks.
Once bitten, twice shy, and do'nt take coal to Newcastle (...they already have plenty of that there)  :D .

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1014 on: August 10, 2022, 10:22:45 PM »
Check on tracking and for insecure tracking methods here:
https://reports.exodus-privacy.eu.org/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1015 on: August 23, 2022, 01:10:02 PM »
It is advisable to check on Android though the Virus Total app for example all app permissions you granted.

What permissions to avoid?

See:  http://HTTPS://www.online-tech-tips.com/smartphones/30-app-permissions-to-avoid-on-android/
Source Guy McDowell

polonus



Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47431
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1017 on: September 02, 2022, 12:05:40 AM »
Test security of your website here: https://en.internet.nl

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topicsO
« Reply #1018 on: September 17, 2022, 04:49:34 PM »
One can perform a quick and dirty word press security scan for a website with WordPress CMS here: https://hackertarget.com/wordpress-security-scan/

Mind that the Word Press CMS version update comes faster than given there.

Scanned a random WP site there: -https://ufoholic.com/

Found following issues:
Quote
The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin   Update Status   About
popup-builder 4.1.9   Warning   latest release (4.1.13)
https://popup-builder.com
ultimate-social-media-icons 2.7.5   Warning   latest release (2.7.7)
http://ultimatelysocial.com
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths  using a dedicated tool.

Linked sites given the all green as well as JS links.
Quote
File not found for me because blocked: File not found: hxtps://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8450070672787649

Retirable code found up with retire.js
Quote
jquery-ui   1.13.1   Found in hxtps://ufoholic.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 _____Vulnerability info:
Medium   CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label   

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Tests and other Media topics
« Reply #1019 on: September 20, 2022, 03:39:19 PM »
For those developers into javascript security.

Different findings from retire.js and otto.js extensions inside a chromium browser.

Both extensions  are developers hlping tools:
Retire.js alerts retirable js libraries (outdated & vulnerable).
Otto.js extension checks on the visiting webpage for security issues like Tracking scripts, Data Stealing, Malware and Weak site security, it will also alert for vulnerable javascript as retire.js does.

Otto.js for this avast forum website alerts for a tracking script by kslogs.ru.

Although Google gives it the all green (pretty safe), webrate frowns upon it:
https://webrate.org/site/kslogs.ru/

Also see: -> https://www.virustotal.com/gui/url/66c6ed4e40e622a8c6ca05ada7e2cf2a46d86eb54877bf1eed925964ad40627c/details

Erlend Oftedal's retire.js has no alerts whatsoever for this here webforum site.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!