Author Topic: Tests and other Media topics  (Read 441578 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #975 on: February 19, 2022, 04:10:15 PM »
Hi DavidR,

Thank you for your well appreciated comments.
I gave the Zscaler online scanner info as I found it online.

There seems to exist more and more online that is not quite keeping up to standards as we have known them in the past
(from 1998 up and until now). Every av-vendor and also Zscaler has now jumped the data-slurping band-waggon.

Front-ends appearing like intelx.io and https://nitter.eu (Enter username). Intelligence for couch-potatoes. ;)

Then this for instance data towards a certain end (an utterly and completely random choice by me, pol):
https://metrics.torproject.org/rs.html#details/4AA0035604DF40E5BA20DBE88EF6D11432421BFA
&
https://udger.com/resources/ip-list/tor_exit_node
&
https://github.com/SecOps-Institute/Tor-IP-Addresses

To know what to be up against with cybercrime and alleged cybercrime, one has to study much, hence read and read.
Your adversary also does, so we cannot do without. So please go on and further comment the contents of this thread.

I just like to trigger end-users awareness. To generally being dumbed down is a process we all will undergo more and more anyway.
So to go up against and reverse this process a bit towards awarding and good ends is what I venture out for.
Sort of see that as my mission here as a website error-hunter of sorts.

your avast-forum-friend,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #977 on: March 01, 2022, 04:29:40 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #978 on: March 02, 2022, 01:34:06 PM »
Also good to have inside your IP-checking-tool-chest:
https://ipinfo.info/html/ip_checker.php

Something to check against: https://blackip.ustc.edu.cn/sshrawlist.php?ip=37.49.226.220 (random example given).
and https://ipinfolookup.com/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #979 on: March 05, 2022, 01:43:57 PM »
See what tracking techniques a website may use:

https://themarkup.org/blacklight?url=  (A Real-Time Website Privacy Inspector
By Surya Mattu)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #980 on: March 18, 2022, 10:04:36 PM »
Very helpful in fighting scam:
https://www.scam-detector.com/'
Also use the website validator there.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #981 on: March 22, 2022, 11:35:11 AM »
94,7% of websites will not honor your cookie preferences.
One could therefore install this extension to get rid of cookies that you do not want to allow in.
https://chrome.google.com/webstore/detail/cookieblock/fbhiolckidkciamgcobkokpelckgnnol?hl=en

See: https://karelkubicek.github.io/post/cookieblock

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #982 on: March 26, 2022, 06:23:30 PM »
Code page search engine, example -> https://publicwww.com/websites/caf.js/

Or in the case of this cloaking parked-website adsense ad-campaign:
https://publicwww.com/websites/parking.bodiscdn.com/

Then search on here: https://intelx.io/?s=+http%3A%2F%2Fww1.torrent9.bz%2F

Enjoy, my good friends,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #983 on: March 27, 2022, 02:33:04 PM »
With such specific search-engines there is a possibility to search for malware code-snippets, like of Mirai bot-malware, bitcoin darknet, so we searched bins/ppc (pay per click) found up at URLhaus -> https://urlhaus.abuse.ch/browse/

See results: https://publicwww.com/websites/bins%2Fppc/   359 webpages in all waiting to be analyzed.

Also see this for bin/sh mips/Mozi/elf malware: https://publicwww.com/websites/bin%2Fsh/
But mind not all results will answer to what we are searching for, we have to discriminate.

Or we have to sign up for paid results in case of a search for bins/arm6 depth:all
Also more here: https://www.guardicore.com/botnet-encyclopedia/bins/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #985 on: March 28, 2022, 03:35:51 PM »
Why here this site is not given as insecure, as Google Safebrowsing does.
Re: htxps://lb.larevet.net/ -> https://dnslytics.com/ip/147.78.144.6
Missed here: https://www.virustotal.com/gui/url/58e823564e976ab653a4e5d47d17b9b49aac1d26f784e5682f33d1935056b7da
Connection is not private:
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: *.geneanet dot org  (do not go there as avast flag this as a phishing site!).

Issuer: Gandi Standard SSL CA 2

Expires on: 11 mar 2023

Current date: 28 mar 2022

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIGMzCCBRugAwIBAgIRAJnvRbQbrOGRT5BHeHYJAgYwDQYJKoZIhvcNAQELBQAw
XzELMAkGA1UEBhMCXXXXXXXXXXXXXXXXXXXXcmlzMQ4wDAYDVQQHEwVQYXJpczEO
MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #986 on: March 29, 2022, 01:20:28 PM »
Resources to search: https://maltiverse.com/search;query=lb01.parklogic.com;page=1;sort=creation_time_desc

Searching using a known malicious address query: ( do not click  any links to malware) https://maltiverse.com/search;query=alibiaba.bugs3.com;page=2;sort=creation_time_desc
and then stumbling unto this malware analysis: https://maltiverse.com/url/c14b2080fbe8d03f30d4030d00e6da522533fe4e276d2387cb52ca0942748fd1

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #987 on: April 05, 2022, 06:44:43 PM »
Genuine scansite or just to get clickbait?
Re: https://www.scamvoid.net/check/qanator.com/  (not flagged as a scam).
Not flagged here either: https://www.virustotal.com/gui/url/66ea09f3b796804db46fbb98b33e1513b60c8fbc12e403ff28ea36925e4e3114
See: bootstrap   4.0.0-beta   Found in -https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js _____Vulnerability info:
Medium   XSS is possible in the data-target attribute. CVE-2016-10735   

Functioning in browser according to console info
Quote
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
VM210:81 audioblocktrue
VM210:130 canvasfont = true
qanator.com/:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
qanator.com/:1 Failed to find a valid digest in the 'integrity' attribute for resource '-https://code.jquery.com/jquery-3.2.1.slim.min.js' with computed SHA-256 integrity 'hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4='. The resource has been blocked.
qanator.com/:1 Failed to find a valid digest in the 'integrity' attribute for resource '-https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js' with computed SHA-256 integrity '/ijcOLwFf26xEYAjW75FizKVo5tnTYiQddPZoLUHHZ8='. The resource has been blocked.
bootstrap.min.js:6 Uncaught Error: Bootstrap's JavaScript requires jQuery. jQuery must be included before Bootstrap's JavaScript.
    at bootstrap.min.js:6
dD.js:1467
(unknown) Settings loaded...
intercept.js:1 Filter Running...
qanator.com/:1 Unchecked runtime.lastError: The message port closed before a response was received.
DevTools failed to load SourceMap: Could not load content for chrome-extension://gegfpbhjnhegdnjdkghhnneaocdbbhjp/firefox/browser-polyfill.min.js.map: HTTP error: status code 404, net::ERR_UNKNOWN_URL_SCHEME

Probably not functioning because blocked by CloudFlare for being behind a DigitalOcean proxy from London City.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #988 on: April 10, 2022, 07:02:52 PM »
Maltiverse - versatile resources:
Here we will find various collections:
https://maltiverse.com/url/131adc8b091ddae67842065614a663af6dc7b42fceb3bef55841667b8639a578

Can be combined with other resources as https://urlhaus.abuse.ch/

Here in this case just for researchers only: -https://github.com/HynekPetrak/javascript-malware-collection
(Do not venture out there...)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Tests and other Media topics
« Reply #989 on: April 29, 2022, 04:24:31 PM »
Checking on last bad events from another resources: https://www.projecthoneypot.org/list_of_ips.php
Example: https://www.abuseipdb.com/check/134.119.216.167

Attacker into SQL-injection attacks. 

Also reported here manifold: https://ip-46.com/134.119.216.167

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!