Author Topic: Tests and other Media topics  (Read 593254 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1050 on: March 20, 2023, 03:45:13 PM »
Be aware of maliicous IP -> https://www.criminalip.io/en/asset
Either critical or dangerous IP.

Also compare results (random IP example):
https://www.projecthoneypot.org/ip_191.102.153.111

then https://maltiverse.com/ip/191.102.153.111

https://www.virustotal.com/gui/url/81b11697fd251b1b1b4d9ef4583de0f4dd1a08d63386866b930e2d136d260987/details

and here: https://www.malwareworld.com/
Quote
Malicious: true for 35.146.254.16
Type: BadReputation
Location: Lat(37.87085623213167) - Long(-97.78518256324038)
References:
    https://www.maxmind.com/en/high-risk-ip-sample-list
    https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt

polonus
« Last Edit: March 20, 2023, 04:33:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1051 on: March 26, 2023, 06:21:21 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1052 on: April 21, 2023, 04:48:28 PM »
Evaluating: https://urlscan.io/result/cbeb3a97-46f1-40e1-ac29-1282dee7f249/#indicators
the one of contacts scanned with truspilot:
https://www.trustpilot.com/review/tradepub.com

Found to be safe: https://check.trendmicro.com/page/QuickStart?s=agrdy.com

Avast Online extension detect tracking:
Ad-tracking 1 detected
Webanalysis 1 detected

Also see: https://www.shodan.io/domain/www.tradepub.com

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1053 on: April 22, 2023, 04:41:51 PM »
Not malicious as such, but Word Press website with 5 vulnerabilities:

https://urlscan.io/result/a35090de-1468-4b6c-abff-e0bc60b85568/

Word Press CMS outdated, outdated plug-ins:
   contact-form-7 5.7.4   Warning   latest release (5.7.5.1)
https://contactform7.com/  &  ordpress-seo 20.2   Warning   latest release (20.5)
https://yoa.st/1uj

User Enumeration is not set to disabled.

Not flagged here: https://www.virustotal.com/gui/url/07d830d285a2eefc2c79496894e312b559aa8076ead43f87bf2e83c2d60b8f10?nocache=1

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1054 on: May 14, 2023, 09:32:52 PM »
Analysis of a website could hint at possible vulnerabilities,
see following scenario, that got me aware of a potential XSS flaw.

I checked and scanned this particular site at https://urlscan.io/ here:
https://urlscan.io/result/7d2197aa-190e-4d94-b841-fa87807f5516/
and then stumbled at the following cookie via: https://urlscan.io/result/7d2197aa-190e-4d94-b841-fa87807f5516/#behaviour

This website could be open to an XSS attack, read
: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1729
because of the       -savelife.in.ua/   1970-01-20
11:57:49   Name: AWSALBCORS cookie  (and what change should be applied to prevent this)

polonus (3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1055 on: May 16, 2023, 12:05:55 PM »
Fraudulous IP check - below zero is better.

Example: https://www.ip-lookup.org/score/151.101.193.69

A fraud score of 15, certainly too much (check through Netcraft extension and Shodan as well)
https://scamalytics.com/ip/65.55.252.93

Not only for checking IP: https://www.abuseipdb.com/check?query=https%3A%2F%2Fwww.timeloopsolution.com%2F

Another checker: https://www.abuseipdb.com/check?query=https%3A%2F%2Fwww.timeloopsolution.com%2F

Re: https://www.ipvoid.com/ip-blacklist-check/

And detecting those that wanna stay under the detection radar:
Read: https://medium.com/@xianghangmi/resident-evil-understanding-residential-ip-proxy-as-a-dark-service-dea9010a0e29

Use:https://intelx.io/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1056 on: May 16, 2023, 01:32:44 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1057 on: May 16, 2023, 10:25:20 PM »
Establishing vulnerabiliteis on a particular website with asserted IP abuse.

Compare various scan results:

https://www.abuseipdb.com/check/46.149.182.124  (random example)
Re: https://www.shodan.io/host/46.149.176.5  (with all vuln. given there )  on that Apache HTTP-server *

No threat in data exchanges - 3 trackers blocked - No restrictions found.

Missing intermediate TLS certificate   running on  Apache 2.4.41, Ubuntu *

CMS: WordPress 6.2.1

Powered by: Unknown  - 4 Word Press issues -

1. outdated CMS,

2.   Plugin   Update Status   About
woocommerce 7.3.0   Warning   latest release (7.7.0)
hxtps://woocommerce.com/

3. 4. User enumeration and directory listing not set at disabled.

Further website config issues
Quote
Protection
No website application firewall detected.
Please install a cloud-based WAF to prevent website hacks and DDoS attacks.

Security Headers
Missing security header for ClickJacking Protection. Alternatively,
you can use Content-Security-Policy: frame-ancestors 'none'.

Missing security header to prevent Content Type sniffing.

Missing Strict-Transport-Security security header.

Missing Content-Security-Policy directive. We recommend to add the following CSP directives
(you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

Default server banners displayed. Your site is displaying your web server default banners.

quote-info from a sucuri website scan result.

Sytange as here IP is given as above board: https://www.ip-lookup.org/score/46.149.176.5

Another source to check with - 4 detect: https://www.criminalip.io/en/asset/report/209.97.181.37

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

« Last Edit: May 18, 2023, 07:14:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1058 on: May 20, 2023, 05:15:08 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1059 on: June 03, 2023, 02:32:14 PM »
Test your browser here for CSS Exfil Vulnerabilities:
https://www.mike-gualtieri.com/css-exfil-vulnerability-tester

Protect your browser with an extension:
https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo

When on firefox: https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection/

With the upcoming CSS scanning of everybody online,
certainly worth protecting yourself as best you can,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1060 on: June 18, 2023, 01:14:17 PM »
Ad tracking link being blocked on:
htxps://thebakermama.com/wp-content/
-> following JS link: hxtps://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

Also: https://urlscan.io/result/5b385e2c-bd39-48dd-92be-0bd87f9c8280/

Privacy badger blocks 4 trackers. Site = Yoast SEO plug-in optimalized.

We are strongly advide by Dr.Web's against visiting:
-aax.amazon-adsystem.com listed at:
https://urlscan.io/result/5b385e2c-bd39-48dd-92be-0bd87f9c8280/#indicators

polonus
« Last Edit: June 18, 2023, 01:21:37 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1061 on: June 25, 2023, 03:12:18 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1062 on: June 28, 2023, 06:58:36 PM »
You would not expect to find following vulnerabilities on such a website like eff dot org, as mentioned here:

Quote
Retire.js
jquery-ui   1.10.2   Found in -https://www.eff.org/files/js/js_x2A4oj9_rCj5CWR_dGMHrobZW14ZVI9ruZKCDG7yyfM.js _____Vulnerability info:
Low   XSS when refreshing checkboxes if usercontrolled data in labels 2101 CVE-2022-31160   
Medium   CVE-2021-41184 XSS in the `of` option of the `.position()` util   12
Medium   CVE-2021-41183 15284 XSS Vulnerability on text options of jQuery UI datepicker   
Medium   CVE-2021-41182 XSS in the `altField` option of the Datepicker widget   12
Medium   CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label   
jquery.datatables   1.10.18   Found in -https://www.eff.org/files/js/js_Q6bf8MyLqauBH0V6N-qDG8KuvtMOI0HbAR9o9acrMQc.js _____Vulnerability info:
Low   possible XSS 2   
High   prototype pollution 3   
Medium   prototype pollution 4   1
jquery   1.12.4   Found in -https://www.eff.org/files/js/js_qd8BaywA4mj4edyGLb52Px4-BwFqScI7dgPymNmaueA.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

Re also: https://www.shodan.io/search?query=eff.org

Page-, header- and cookie-security: found no best policies implemented for cache-control, csp, search-block-form headers.

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunbter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1063 on: June 28, 2023, 10:13:04 PM »
Another IP detection here: https://urlscan.io/result/389db7e9-b90a-4bce-acb9-dc6ed2d421af/#indicators

Final url VT (not reflecting it is a parked site (see js file): https://www.virustotal.com/gui/url/ed66488c77223438dbd68d0b4f6ce123e1d75352cadbb7e70997535ba896cebb/details  -> -http://ww1.soureladim.com/js/parking.2.105.7.js

IP blacklisted: https://www.abuseipdb.com/check/199.59.243.223

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Tests and other Media topics
« Reply #1064 on: July 02, 2023, 03:32:23 PM »
Flagged: https://www.abuseipdb.com/check/178.128.165.94  *
Flagged as attack source: https://db-ip.com/178.128.165.94

High Risk: Attack target(s)   Mail, SSH (and other abuse mentioned here *)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!