Author Topic: Tests and other Media topics  (Read 386361 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #930 on: September 18, 2021, 05:20:00 PM »
I report webforum spammers here: (random example) https://ip-46.com/146.196.34.252
Also mentioned here: https://www.projecthoneypot.org/ip_146.196.34.37

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #931 on: September 18, 2021, 05:42:21 PM »
I report webforum spammers here: (random example) https://ip-46.com/146.196.34.252
Also mentioned here: https://www.projecthoneypot.org/ip_146.196.34.37

polonus

Nothing unusual there, Indian IP that SFS also indicates reported spammers, most of  the spammers hitting the forum are also Indian IP addresses, but you can't block them all.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #932 on: September 18, 2021, 06:51:40 PM »
Hi DavidR,

Before making them disappear with account and including all topics and postings, I note the IP and report it.

Agree with you that a Delhi IP address may be hosting a variety of such mainly webforum Coinbase phone number spammers, that seem also involved in all sorts of other attack and abuse activities.
For many a continuous pain in the neck. Sending them to digital oblivion seems the sensible thing to do.

And it is not only the spammer but also those that offer them a hiding-place to start their evil trade from.
Not doing anything just seems the other extreme for me.

But I agree you are right in your conclusions, as you most often are,

Kind regards,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #933 on: October 15, 2021, 11:58:00 AM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #934 on: October 17, 2021, 11:04:39 PM »
Checking URLHause browse links at VT.
Example: https://urlhaus.abuse.ch/url/1688922/

Checked: 6 engines flagged 4 hrs ago: https://www.virustotal.com/gui/url/f68fd30a505fece0f4efae6fc5c717347b6db677757071a972fac3266e778587/detection

Results for the CloudFlare IP on VT: https://www.virustotal.com/gui/ip-address/104.21.77.66/relations

Website being blacklisted: https://sitecheck.sucuri.net/results/a.gogamea.com/userhome/2202/any.exe

Redirect scan at VT, flagged by 5: https://www.virustotal.com/gui/url/bba9a9547d48a12c809efbb1d45ff8c4ec791f16e507146891be9d14345bc580

Webroot classifies site as malware site.  Abuse going on on a cloudflare server.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #935 on: October 22, 2021, 01:33:32 PM »
DNSViz: https://dnsviz.net/d/www.splunk.com/dnssec/

EDNS Compliance Tester: https://ednscomp.isc.org/ednscomp/16a499e8f2

Enjoy, my good friends, enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #936 on: October 22, 2021, 06:50:44 PM »
Or start a website project here: https://sitechecker.pro/app/main/dashboard  (free demo)

pol
« Last Edit: October 22, 2021, 06:53:28 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #937 on: October 24, 2021, 12:38:17 AM »
Check on and report spammers:

https://ip-46.com/212.102.33.248#ip-feeds
https://cleantalk.org/blacklists/212.102.33.248
https://www.abuseipdb.com/whois/212.102.33.248
https://scamalytics.com/ip/212.102.33.248
https://www.zerospam.org/ip-blacklist/212.102.33.248/

Whenever spammers are met, report them, so they could end up inside blocklists,
so they can be where they should reside, and that is digital oblivion.

polonus

P.S. polonus as member of ASO (Anti-Spam-Offensive)
« Last Edit: October 24, 2021, 01:40:54 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #938 on: October 30, 2021, 11:50:09 AM »
Why certain cookies, as mentioned with example, should be blocked.

Data is processed in countries without a suitable level of data protection.
When you do not allow webpushr it is being blocked by uMatrix and Cookienator.

Check and read: https://cookiedatabase.org/service/webpushr/

Other resources with another example:
https://cookie-scanner.com/summary/stripe.com?ucrid=CRICC8eb6d94e4e9b1dccf2054eda08bd4ff2

For third party AnalyticsSyncHistory cookies:
https://cookie-scanner.com/summary/www.avaloncx.com?ucrid=CRICCd9143443b9686958de3de4c56d5425f2
Indexable by every bot. Self-referencing canonical

pol
« Last Edit: October 30, 2021, 11:43:57 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #939 on: November 08, 2021, 01:03:18 PM »
Test canvas fingerprinting aspects inside your browser:
https://canvasblocker.kkapsner.de/test/

Tested with CyDec Security Anti-FP extension.

Firefox Focus browser has fingerprinting per default aboard.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #940 on: November 10, 2021, 03:18:11 PM »
Avast Secure Browser follows the Chrome 95.0 specifications here: https://privacytests.org/

Also see the tenta.com/test & browser privacy test gives an overall score of 45/100. (webbrowsertools.com)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #941 on: November 18, 2021, 10:39:51 PM »
How to work webhint inside the browser's development console?
Install the extension and then open Ctrl+Shift+I now. After that click hint at the top far right in the developer's console.

Hint will go over the page opened and inform you with tips (hints/issues).

Example for: htxps://ai-techpark.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
CSS features with 2 warnings: 'outline-offset' is not supported by Internet Explorer.
'content-type' header charset value should be 'utf-8'.

'content-type' header media type value should be 'text/javascript', not 'application/x-javascript'.

HTML: Resource should use cache busting but URL does not match configured patterns.

JS: JavaScript content should be minified. Security header issues.

But there is more with the general site as scanned for by hackertarget wp scan:

Scanned  https://hackertarget.com/wordpress-security-scan/  we will get 6 issues.

Outdated kernel software - outdated Word Press version, outdated plug-ins.

Not being disabled: User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   techpark   
ID: 2   businesswire   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

And also here: Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Linked sites and js resources all checked. But you can lint them using webhint one by one.

Retire.js (also a browser extension) finds:
jquery   1.12.4   Found in -https://ai-techpark.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   123
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1
jquery-migrate   1.4.1   Found in -https://ai-techpark.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Enjoy my good friends, enjoy - developer console a real trove of security information opens up gradually  ;)

pol


« Last Edit: November 18, 2021, 10:43:53 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #942 on: November 19, 2021, 12:29:45 AM »
How to work webhint inside the browser's development console?
Install the extension and then open Ctrl+Shift+I now. After that click hint at the top far right in the developer's console.
<snip>
pol

Its a shame that the old URL scanner link doesn't work any more, -https://webhint.io/scanner/ I get a 404 error on that link now.

Not sure I would want to install a browser add-on to carry out these checks (if that is what it is doing).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #943 on: November 19, 2021, 06:22:31 AM »
@ DavidR,

Happens all the time. Webhint is not the only online scanner, that has disappeared over time. Some don't even reappear as an extension for use inside the developer's console. Google won't allow online dom-xss scanners, but allows instances like questionable Punkspider.

So webhint has now been reduced to a community of approx. 4.000 developers.
Glad I could make it back to work for the website analysis I do here.

But the going gets more and more narrow all the time.
Just another script taken off of tampermonkey, because Googl insists on -180.upload.com, -4upfiles.com and -get.adobe.com
no longer being blocked by that particular script, and it seems "they call the shots globally".

Alas, it is like it is,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33376
  • malware fighter
Re: Tests and other Media topics
« Reply #944 on: November 19, 2021, 05:09:08 PM »
Another disadvantage of using extensions in the developer console is that it is not suited for webpage scanning,
as a website could be potentially malicious. Then an online third party scan could be the only secure option left
or using a special browser like Bobby's Malzilla for instance with a specific VM.

Malware should be studied on a stand alone offline device, one not being connected to the Internet.

So there are a couple of online scanners left.
For instance, this one: https://www.web-malware-removal.com/website-malware-virus-scanner/

Checked a site and is OK, but has some server related issue:
Quote
Server Details:

apache

Google and Web-Browser Content different! (an issue known as so-called "cloaking" (pol).
Google: 64539 bytes       Firefox: 64743 bytes,    Diff:   204 bytes

l" class="rss_link">rss</a> <a href="-https://twitter.com/securitynl" target="_blank" class="twitter_link">twitter</a> </div> </div> </div> </div> </body> </html> ...

Suspicious links found
-https://www.certifiedsecure.com --> ''
-https://www.certifiedsecure.com/live?q=secnl20211116 --> ' '

HTML Source: View -> -https://www.websicherheit.at/_d/hilite.php?url=https://www.security.nl

Console information received:
Quote
Failed to load resource: net::ERR_FILE_NOT_FOUND
hilite.php:1 Access to fetch at '-https://s-install.avcdn.net/aos/assets/prod/translations/Locale-en-US.json' from origin 'https://www.websicherheit.at' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
s-install.avcdn.net/aos/assets/prod/translations/Locale-en-US.json:1 Failed to load resource: net::ERR_FAILED
userscript.html?name=AdRemover.user.js&id=2e3eadc0-39e9-4512-bab0-1e350c99d118:236 Starting AdRemover 8.5 on https://www.websicherheit.at/_d/hilite.php?url=https://www.security.nl ...
userscript.html?name=AdRemover.user.js&id=2e3eadc0-39e9-4512-bab0-1e350c99d118:760 AdRemover 8.5 has finished it's work! [89 ms]
VM42:69 Syntax error @ "Malware Script Detector v 1.1 Enhanced"!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected identifier
    at eval (<anonymous>)
    at <anonymous>:4:80
    at Object.t [as F_c] (<anonymous>:3:191)
    at Object.E_u (<anonymous>:4:244)
    at eval (eval at exec_fn (:2:115), <anonymous>:67:477)
    at Object.create (eval at exec_fn (:2:115), <anonymous>:69:193)
    at c (eval at exec_fn (:2:115), <anonymous>:7:231)
    at <anonymous>:4:80
    at i (eval at exec_fn (:2:115), <anonymous>:5:165)
    at eval (eval at exec_fn (:2:115), <anonymous>:5:292)
eval @ VM42:69
VM42:69 Syntax error @ "Alert DOM-XSS Userscript"!
##########################
JSHINT output:
##########################

SyntaxError: Invalid regular expression flags
    at eval (<anonymous>)
    at <anonymous>:4:80
    at Object.t [as F_c] (<anonymous>:3:191)
    at Object.E_u (<anonymous>:4:244)
    at eval (eval at exec_fn (:2:115), <anonymous>:67:477)
    at Object.create (eval at exec_fn (:2:115), <anonymous>:69:193)
    at c (eval at exec_fn (:2:115), <anonymous>:7:231)
    at <anonymous>:4:80
    at i (eval at exec_fn (:2:115), <anonymous>:5:165)
    at eval (eval at exec_fn (:2:115), <anonymous>:5:292)
eval @ VM42:69
VM42:69 Uncaught SyntaxError: Unexpected identifier
    at eval (<anonymous>)
    at <anonymous>:4:80
    at Object.t [as F_c] (<anonymous>:3:191)
    at Object.E_u (<anonymous>:4:244)
    at eval (eval at exec_fn (hilite.php:2), <anonymous>:67:477)
    at Object.create (eval at exec_fn (hilite.php:2), <anonymous>:69:193)
    at c (eval at exec_fn (hilite.php:2), <anonymous>:7:231)
    at <anonymous>:4:80
    at i (eval at exec_fn (hilite.php:2), <anonymous>:5:165)
    at eval (eval at exec_fn (hilite.php:2), <anonymous>:5:292)
VM42:69 Uncaught SyntaxError: Invalid regular expression flags
    at eval (<anonymous>)
    at <anonymous>:4:80
    at Object.t [as F_c] (<anonymous>:3:191)
    at Object.E_u (<anonymous>:4:244)
    at eval (eval at exec_fn (hilite.php:2), <anonymous>:67:477)
    at Object.create (eval at exec_fn (hilite.php:2), <anonymous>:69:193)
    at c (eval at exec_fn (hilite.php:2), <anonymous>:7:231)
    at <anonymous>:4:80
    at i (eval at exec_fn (hilite.php:2), <anonymous>:5:165)
    at eval (eval at exec_fn (hilite.php:2), <anonymous>:5:292)
userscript.html?name=AdRemover.user.js&id=2e3eadc0-39e9-4512-bab0-1e350c99d118:260 Starting AdRemover 8.5 on
-https://www.websicherheit.at/_d/hilite.php?url=htxps://www.security.nl 4 seconds after page load ...
102VM94 watch-expression-1.devtools:1 Timer 'default' already exists
(anonymous) @ VM94 watch-expression-1.devtools:1

We could also audit using Lighthouse and node.js.
Final results:

Webpage Score
Malware A Spam A Phishing A
External Status
Blacklisting A Google Spam A
Server C
 
polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!