Author Topic: Tests and other Media topics  (Read 372881 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #855 on: November 22, 2020, 12:06:21 AM »
Various resources used at covert.io threat intelligenge:
Quote
IOC Repositories
These repo’s contain threat intelligence generally updated manually when the respective orgs publish threat reports.

https://github.com/aptnotes/data
https://github.com/citizenlab/malware-indicators
https://github.com/da667/667s_Shitlist
https://github.com/eset/malware-ioc
https://github.com/fireeye/iocs
https://github.com/Neo23x0/signature-base/tree/master/iocs
https://github.com/pan-unit42/iocs
https://github.com/stamparm/maltrail/tree/master/trails/static/malware
https://github.com/stamparm/maltrail/tree/master/trails/static/suspicious
IOC Feeds
These URLs are data feeds of various types from scanning IPs from honeypots to C2 domains from malware sandboxes, and many other types. They were compiled from several sources, including (but not limited to): 1, 2, 3, 4, 5, 6. They are in alphabetical order.

http://antispam.imp.ch/wormlist
http://app.webinspector.com/recent_detections
http://atrack.h3x.eu/api/asprox_suspected.php
http://autoshun.org/files/shunlist.csv
http://blocklist.greensnow.co/greensnow.txt
http://botscout.com/last.htm
http://botscout.com/last_caught_cache.htm
http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
http://cinsscore.com/list/ci-badguys.txt
http://cybercrime-tracker.net/all.php
http://cybercrime-tracker.net/ccam.php
http://cybercrime-tracker.net/ccpmgate.php
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
http://data.netlab.360.com/feeds/dga/dga.txt
http://data.netlab.360.com/feeds/ek/magnitude.txt
http://data.netlab.360.com/feeds/ek/neutrino.txt
http://data.netlab.360.com/feeds/mirai-scanner/scanner.list
http://data.phishtank.com/data/online-valid.csv
http://dns-bh.sagadc.org/dynamic_dns.txt
http://feeds.dshield.org/top10-2.txt
http://hosts-file.net/?s=Browse&f=2014
http://labs.snort.org/feeds/ip-filter.blf
http://labs.sucuri.net/?malware
http://lists.blocklist.de/lists/all.txt
http://malc0de.com/bl/BOOT
http://malc0de.com/bl/IP_Blacklist.txt
http://malc0de.com/rss/
http://malwaredb.malekal.com/
http://malwaredomains.lehigh.edu/files/domains.txt
http://malwareurls.joxeankoret.com/normal.txt
http://mirror2.malwaredomains.com/files/immortal_domains.txt
http://mirror2.malwaredomains.com/files/justdomains
http://multiproxy.org/txt_all/proxy.txt
http://openphish.com/feed.txt
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
http://osint.bambenekconsulting.com/feeds/c2-masterlist.txt
http://osint.bambenekconsulting.com/feeds/dga-feed.txt
http://ransomwaretracker.abuse.ch
http://report.rutgers.edu/DROP/attackers
http://reputation.alienvault.com/reputation.data
http://rules.emergingthreats.net/blockrules/emerging-ciarmy.rules
http://rules.emergingthreats.net/blockrules/emerging-compromised.rules
http://rules.emergingthreats.net/fwrules/emerging-PF-CC.rules
http://rules.emergingthreats.net/open/suricata/rules/botcc.rules
http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt
http://sblam.com/blacklist.txt
http://support.clean-mx.de/clean-mx/xmlviruses.php
http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
http://tracker.h3x.eu/api/sites_1day.php
http://virbl.org/download/virbl.dnsbl.bit.nl.txt
http://vmx.yourcmc.ru/BAD_HOSTS.IP4
http://vxvault.net/URL_List.php
http://vxvault.siri-urz.net/URL_List.php
http://vxvault.siri-urz.net/ViriList.php
http://www.autoshun.org/files/shunlist.csv
http://www.blocklist.de/lists/apache.txt
http://www.blocklist.de/lists/asterisk.txt
http://www.blocklist.de/lists/bots.txt
http://www.blocklist.de/lists/courierimap.txt
http://www.blocklist.de/lists/courierpop3.txt
http://www.blocklist.de/lists/email.txt
http://www.blocklist.de/lists/ftp.txt
http://www.blocklist.de/lists/imap.txt
http://www.blocklist.de/lists/ircbot.txt
http://www.blocklist.de/lists/pop3.txt
http://www.blocklist.de/lists/postfix.txt
http://www.blocklist.de/lists/proftpd.txt
http://www.blocklist.de/lists/sip.txt
http://www.blocklist.de/lists/ssh.txt
http://www.botvrij.eu/data/ioclist.url
http://www.ciarmy.com/list/ci-badguys.txt
http://www.dshield.org/ipsascii.html?limit=10000
http://www.falconcrest.eu/IPBL.aspx
http://www.joewein.net/dl/bl/dom-bl-base.txt
http://www.joewein.net/dl/bl/dom-bl.txt
http://www.malware-traffic-analysis.net
http://www.malwareblacklist.com/showAllMalwareURL.php?userName=Guest&sessionID=&downloadOption=0
http://www.malwaredomainlist.com/hostslist/ip.txt
http://www.malwaredomainlist.com/updatescsv.php
http://www.malwaregroup.com/ipaddresses
http://www.michaelbrentecklund.com/whm-cpanel-cphulk-banlist-whm-cpanel-cphulk-blacklist/
http://www.mirc.com/servers.ini
http://www.nothink.org/blacklist/blacklist_malware_dns.txt
http://www.nothink.org/blacklist/blacklist_malware_http.txt
http://www.nothink.org/blacklist/blacklist_malware_irc.txt
http://www.nothink.org/blacklist/blacklist_snmp_2015.txt
http://www.nothink.org/blacklist/blacklist_ssh_day.txt
http://www.projecthoneypot.org/list_of_ips.php
http://www.spamhaus.org/drop/drop.txt
http://www.spamhaus.org/drop/edrop.txt
http://www.stopforumspam.com/downloads/listed_ip_1_all.zip
http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
http://www.urlvir.com/export-hosts/
http://www.voipbl.org/update/
https://atlas.arbor.net/summary/domainlist
https://dataplane.org/sshclient.txt
https://dataplane.org/sshpwauth.txt
https://disconnect.me/lists/malvertising
https://disconnect.me/lists/malwarefilter
https://dragonresearchgroup.org/insight/sshpwauth.txt
https://dragonresearchgroup.org/insight/vncprobe.txt
https://feodotracker.abuse.ch
https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt
https://gitlab.com/ZeroDot1/CoinBlockerLists/blob/master/list.txt
https://isc.sans.edu/feeds/daily_sources
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/topips.txt
https://isc.sans.edu/ipsascii.html
https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian
https://malc0de.com/bl/ZONES
https://malsilo.gitlab.io/feeds/dumps/url_list.txt
https://malwared.malwaremustdie.org/rss.php
https://malwared.malwaremustdie.org/rss_bin.php
https://malwared.malwaremustdie.org/rss_ssh.php
https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt
https://onionoo.torproject.org/details?type=relay&running=true
https://palevotracker.abuse.ch
https://paste.cryptolaemus.com/feed.xml
https://raw.githubusercontent.com/botherder/targetedthreats/master/targetedthreats.csv
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset
https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt
https://raw.githubusercontent.com/Neo23x0/signature-base/master/iocs/otx-c2-iocs.txt
https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules
https://secure.dshield.org/ipsascii.html?limit=1000
https://sslbl.abuse.ch
https://techhelplist.com/maltlqr/reports/dyreza.txt
https://techhelplist.com/pastes
https://techhelplist.com/spam-list
https://threatfeeds.io/
https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
https://urlhaus.abuse.ch/downloads/csv/
https://www.badips.com/get/list/any/2?age=7d
https://www.circl.lu/doc/misp/feed-osint/
https://www.dan.me.uk/torlist/
https://www.hidemyass.com/vpn-config/l2tp/
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://www.maxmind.com/en/anonymous_proxies
https://www.maxmind.com/en/high-risk-ip-sample-list
https://www.openbl.org/lists/base.txt
https://www.openbl.org/lists/base_all_ftp-only.txt
https://www.openbl.org/lists/base_all_http-only.txt
https://www.openbl.org/lists/base_all_smtp-only.txt
https://www.openbl.org/lists/base_all_ssh-only.txt
https://www.packetmail.net/iprep.txt
https://www.packetmail.net/iprep_CARISIRT.txt
https://www.packetmail.net/iprep_ramnode.txt
https://www.trustedsec.com/banlist.txt
https://www.turris.cz/greylist-data/greylist-latest.csv
https://zeustracker.abuse.ch


Also interesting (example): https://firewallban.dynu.net/search.php?submit=Search&search=2.57.122.96

Search engine to search for script snippet examples: https://publicwww.com/?q=

enjoy, my good friends, enjoy and have a good week,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #856 on: November 30, 2020, 12:28:35 PM »
L.S.

If your origin servers are exposed attackers can attack them directly and bypass any sort of protection you may have. Many large CDN companies have bad design which allows for serious security vulnerabilities.

Check website here: https://bitmitigate.com/origin-exposure-test.html?name=

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #857 on: December 02, 2020, 12:03:11 AM »
Check your access control to guarantee a secure connection between website and webserver behind it. Or you could find yourself in such a situation, where you find direct access to

Quote
{"099.php":{"aliases":{},"mappings":{},"settings":{"index":{"creation_date":"1606435124551","uuid":"BJaLkowESMCNLZr4WAlEHg","number_of_replicas":"1","number_of_shards":"5","version":{"created":"2030399"},"ajax":"true&a=Php&p1=die(@md5(S3pt3mb3r));"}},"warmers":{}}}
from a particular Rackspace IP address ending in /099.php ...
(weak PHP example found with Shodan.io)

A scan with the webbug tool produces this information:
Quote
HTTP/1.1 200 OK
Date: Wed, 02 Dec 2020 04:00:05 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 320
Access-Control-Allow-Origin: *
Connection: close

{
  "name" : "Super Sabre",
  "cluster_name" : "elasticsearch",
  "version" : {
    "number" : "2.3.3",
    "build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde",
    "build_timestamp" : "2016-05-17T15:40:04Z",
    "build_snapshot" : false,
    "lucene_version" : "5.5.0"
  },
  "tagline" : "You Know, for Search"
}

Attackers may use various special search methods on Google (so-called dorks and queries on shodan.io to find low hanging fruit on the Interwebz to compromize and worse. 
Be the first party to scan, as malcreants may already have scanned you.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #858 on: December 08, 2020, 02:06:03 PM »
Another fine resources site lost to us?

Not to be reached - isithacked.com - scan site to look at signs of Cloaking, spammy links etc.
Has it now also been discontinued? Re: https://mxtoolbox.com/SuperTool.aspx?action=mx%3aisithacked.com&run=toolpage
Re: https://sitereport.netcraft.com/?url=http%3A%2F%2Fwww.isithacked.com
https://www.virustotal.com/gui/ip-address/107.170.38.188/relations

What happened at the hoster, Digitalocean? Anyone.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #859 on: December 08, 2020, 03:12:51 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #860 on: December 21, 2020, 04:25:23 PM »
Time to test security of your Word Press CMS here: https://hackertarget.com/wordpress-security-scan/
or scan with Sucuri's. Look for oudated plug-in software, as attackers abuse domains there to spread malware:
https://blog.sucuri.net/2020/12/the-dangers-of-using-abandoned-plugins-themes.html  (info credits: Krasimir Kronov).

Remote code execution / file upload lek in Wordpress plugin Contact Form 7 [CVE-2020-35489],
read: https://contactform7.com/2020/12/17/contact-form-7-532/
Site of researcher that found it: https://www.jinsonvarghese.com/
Astra-site: https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #861 on: December 30, 2020, 02:45:36 PM »
Word Press is found on 40% of websites, Word Press CMS is a PHP-based CMS.

Check PHP using SNYK:
Re: https://snyk.io/vuln/npm:php_codesniffer_master
& https://support.snyk.io/hc/en-us/articles/360003817397-Snyk-for-PHP

Browser- extension: vulners webscanner alerts to vulnerabilities.
PHP vulners database: https://vulners.com/php

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #862 on: December 31, 2020, 06:28:14 PM »
Then it is a pity this website failed a low impact test: -https://code313detroit.org/

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin   Update Status   About
js_composer    Unknown   
nd-shortcodes    Unknown   latest release (6.3)
https://nicdark.com
nd-projects    Unknown   latest release (1.3)
https://nicdark.com
contact-form-7    Unknown   latest release (5.3.2)
https://contactform7.com/
revslider    Unknown   
woocommerce 3.0.7   Warning   latest release (4.8.0)
https://woocommerce.com/
slider-revolution 6.2.2    Unknown   
nd-donations    Unknown   latest release (1.7)
https://nicdark.com
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths  using a dedicated tool.

User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   code313   code313
ID: 2   garybeaver   Gary Beaver
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

However been given the all clean bill by DShield    CLEAN
AlienVault OTX      CLEAN
Cisco Talos    CLEAN
abuse.ch (Feodo)    CLEAN
URLhaus    CLEAN
Spamhaus (Drop / eDrop)    CLEAN

Bad for our future coders, big names for charity should do a better job in leadership. Hey Google, Amazon, Verizon, Microsoft?
A very happy and healthy New Year 2021 to you all, whishes,

Damian aka polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #863 on: January 04, 2021, 03:52:34 PM »
Is this analyzer thrustworthy: https://www.easycounter.com/report/pamcdn.avast.com ?

Does this work: https://sur.ly/web-safety-tools (as a google extension).

polonus
« Last Edit: January 04, 2021, 04:24:38 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #864 on: January 18, 2021, 10:08:38 PM »
Another real time website privacy inspector:
https://themarkup.org/blacklight

Enjoy, my good friends, enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #865 on: January 24, 2021, 05:59:38 PM »
Compromise here is not that difficult -  :o

Malcode reported here: https://urlhaus.abuse.ch/url/976418/   reported Elf ; mozi malware spreader.
Where: https://www.shodan.io/host/60.176.252.134

That is China Telecom on a  SDK 4.3.0.0 UPnP/1.0 MiniUPnPd/1.6 Server.

Discovery and PoC http://github.pannier.org/simpletr64/html/discover.html
delivering ->
Quote
.shstrtab.init.text.fini.rodata.ARM.extab.ARM.exidx.eh_frame.tbss.init_array.fini_array.data.rel.ro.got.data.bss.ARM.attributes

Just the one engine to detect: https://www.virustotal.com/gui/url/e5550612ad7a10ae39ace25e46801decc4c369255eff100154b2b50b27950e69/detection

Nothing here: https://www.virustotal.com/gui/ip-address/60.176.252.134/detection
(so not unlocked a perk point  through ARM atrribute hack :P )

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #866 on: January 26, 2021, 09:56:12 PM »
Test for modern Internet Standards:
For our forum see: https://www.internet.nl/site/forum.avast.com/1098593/

Test results only 50% of total reached.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46008
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #867 on: January 26, 2021, 10:23:40 PM »
Test for modern Internet Standards:
For our forum see: https://www.internet.nl/site/forum.avast.com/1098593/

Test results only 50% of total reached.

polonus
Does that explain all the spammers?
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #868 on: February 09, 2021, 10:19:07 PM »
@ bob3160,

Partly it does explain this situation.

On the other hand it is also because the following lore is getting harder and harder to put into practice,
that is staying more or less anonymous on the Interwebz.

Read about this from fravia's legacy: http://www.darkridge.com/~jpr5/mirror/fravia.org/noanon.htm

It is explaining a lot of things, we almost cannot escape from to-day as was still possible before the year 2001 (1999 in fact).

Here a listing of services , that will block Tor users from going and visiting certain websites and services (shodan.io)
using a Tor browser, read: https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor

You see a lot of CDNs mentioned (CloudFlare domains and the like) and even Internet-providers, particularly
lists from blocklist developers etc.

In case your provider is blocking Tor, one could use certain "bridges/mosti".

Other ways to circumvent are particular uri code scans to see the website in html code.

Then also through using Archive Wayback Machine, Archive dot fo, Google cache, Startpage dot com,
searx dot me, hypothes dot is, and various online proxies.

To evade captcha's on YouTube use hooktube dot com

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Re: Tests and other Media topics
« Reply #869 on: February 19, 2021, 01:59:05 PM »
See how we are being tracked through Amazon CloudFront,
see: https://urlscan.io/domain/gdpr-consent-tool.privacymanager.io
Example:
Re: https://sitecheck.sucuri.net/results/Mediacourant.nl
Word Press issue:
Quote
  User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   admin   
ID: 2   not found   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation


Re: https://webcookies.org/cookies/mediacourant.nl/31205635?589950#headers
Re: Google Chrome returned code 301 to -https://www.mediacourant.nl/
GoogleBot returned code 301 to -https://www.mediacourant.nl/

Re: https://www.virustotal.com/gui/ip-address/52.84.52.106/relations (and related communicating fles detected).

And a specific tracking report: https://whotracks.me/trackers/amazon_cloudfront.html
36% tracking and 8% ads found on AWS CDN aws dot amazon dot com.
Elements from -www.google.com ; -fonts.gstatic.com ; -amazonwebservicesinc.tt.omtrdc.net & -www.youtube-nocookie.com

This website is secured: This website is secured
100% of the trackers on this site are helping protect you from NSA snooping. Why not thank amazon.com for being secure?

Identifiers | All Trackers
 Secure Identifiers
Unique IDs about your web browsing habits have been securely sent to third parties.

 -Amazon dot coms_fid
209=mzr8wotm-vqvumv3lffmgwidgp5napj9u2505afonoqnv2vXXXXXXXXXXtzibackbrkimvktwejl9xgubrrxsk13g_jphcqisc1kxkiy1a-nps5kfn2weqg3vxucp8u6ynrrndbukqkaXXXXXXXXXXalaa6y3wv3nkrfejxj8 wXw.google.comnid (XXX by me for obvious reasons)


polonus
« Last Edit: February 19, 2021, 02:48:07 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!