Tests and other Media topics

[polonus]

Checking for a Magento webshop site (random example):
(cold recon 2rd party scan results): https://www.magereport.com/scan/?s=https%3A%2F%2Fwww.tdcautomotive.com%2F
& https://webscan.foregenix.com/webscan_results.html?scanid=15f45d6b_1348_41e2_8375_ca2101279684&type=2&emailaddress=
& https://magentary.com/magento-security-patch-tester/
SSL checker results

Resolves to   -www.tdcautomotive.com
Expiration date   Jun 17, 2023
Vendor signed   No
Hostname   Doesn't Match
Key length   2048
Server type   NA
Common name   -tdcautomotive.com
SAN   -tdcautomotive.com, -www.tdcautomotive.com
Organization   Starfield Technologies, Inc.
Common name   Starfield Secure Certificate Authority - G2 Starfield Secure Certificate Authority - G2
Serial number   a4:36:46:d1:88:8f:65:d7
Signature algorithm   sha256WithRSAEncryption
Fingerprint (SHA-1)   C4DD2404FFA414580125E5A6DD936D4854750A13
Fingerprint (MD5)   C7DECE69DB4AEE913298BBDA0C40BC48

Retire.js results:

jquery   1.12.4   Found in
-https://www.tdcautomotive.com/pub/static/frontend/Smartwave/porto/en_GB/jquery.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
knockout   3.4.2   Found in
htxps://www.tdcautomotive.com/pub/static/frontend/Smartwave/porto/en_GB/knockoutjs/knockout.js _____Vulnerability info:
Medium   XSS injection point in attr name binding for browser IE7 and older

NO CSP POLICIES FOUND.
Vulnerabilities
Another scan delivers - low risk established
https://www.magereport.com/scan/?s=https%3A%2F%2Fros.your-printq.com%2F

But vulnerabilities detected on the server behind that website:, given here: https://www.shodan.io/host/185.137.171.10

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[polonus]

Scanning strating from a suspicious or insecure IP address:
https://www.projecthoneypot.org/ip_185.199.159.155
https://www.shodan.io/host/185.199.159.155
Nothing detected here: https://check.trendmicro.com/page/QuickStart?s=agrdy.com
Error and insecure connection (unsafe): http://185-199-159-155.xyz.agrdy.com/
VT somehow cannot resolve address (down?): https://www.virustotal.com/gui/url/3d7aadb8d64a2efc5938be4c206c68a28bc177bf1fbb32d799aa3fde73669b63?nocache=1
Re: https://intelx.io/?did=0906af8d-ea43-4d29-8582-0a8ad20deee4
See: https://sitecheck.sucuri.net/results/www.agentsuccesslab.com  (error).
Went full round: https://db-ip.com/137.175.69.54

Have a nice new week,

pol

[DavidR]

Hi Pol,

Want to take a look at this one - https://forum.avast.com/index.php?topic=320277.0 - a bit weird youtube playlists causing avast to alert.

[polonus]

Hi DavidR,

I did so in that thread, please read there.

Nice resources to give back to this community, that also found up on such CDNs as inherited,
like -> https://domain.op[/left]endns.com/yt3.ggpht.com

DNS services, that is to say sometimes vital and sometimes rather questionable services.

Have a nice Sunday,

polonus

[polonus]

Check dns for being blacklisted: https://www.dnsbl.info/
This domain is now for sale:
Re: https://www.dnsblacklist.org/?domain=dul.ru

-dul.ru
31.177.80.70
Russia

Result
Not blocked anywhere.

Check spam IPs here: https://glockapps.com/blacklist/all-s5h-net/

pol

[DavidR]

Hi DavidR,

I did so in that thread, please read there.
<snip>

Have a nice Sunday,

polonus

I have seen it thanks.

Great Sunday here hot as hades right now, watching Wimbledon men's singles final right now.  I hope you are enjoying the good weather also.

It was pretty hot on my morning exercise too, I was out just before 12PM, sweating buckets.

[polonus]

Additionally to this being checked here: https://www.dnsblacklist.org/?domain=dul.ru
Re: https://github.com/NethServer/dns-community-blacklist/blob/master/adguarddns.dns
Compare results ->
Flagged but not being blocked according to what results we got here:
https://www.dnsblacklist.org/?domain=advantageglobalmarketing.com
blocked inside browsers with adblockers because of Easylist blocking: because of filter
-||advantageglobalmarketing dot com^

We will test your domain name against 17 of the most popular public DNS resolvers available.

AdGuard
CleanBrowing
CloudFlare 1.1.1.1
CloudFlare 1.1.1.3 (Family Filter)
Norton ConnectSafe
Google 8.8.8.8
OpenDNS Family
Quad9
Yandex DNS
Comodo Secure DNS

Check page for DNS via IP: https://matrix.spfbl.net/en/134.209.188.55

polonus

[polonus]

All attack samples given here: https://www.thegeekstuff.com/2012/02/xss-attack-examples/
were detected by Malware Script Detector v. 02b run in Tampermonkey extension.
Given in as a Yahoo query this script 'barked' and blocked access.
Example of such a query blocked:

htxps://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md
semgrep.dev./s/we30
hxtps://itigic.com/find-xss-vulnerabilities-with-findom-xss-scanner/

Console messages: Mixed Content: The page at 'httxs://www.threeworldwars.com/world-war-3/ww3.htm' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'htxp://www.google.com/custom'. This endpoint should be made available over a secure connection.
-ww3.htm:1 Mixed Content: The page at 'htxps://www.threeworldwars.com/world-war-3/ww3.htm' was loaded over HTTPS, but requested an insecure script 'hxtp://www.google-analytics.com/urchin.js'. This request has been blocked; the content must be served over HTTPS.
-ww3.htm:647 Uncaught ReferenceError: urchinTracker is not defined
    at -ww3.htm:647
-ww3.htm:650 A parser-blocking, cross site (i.e. different eTLD+1) script, -htxps://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See
-htxps://www.ch40mestatus.qjz9zk/feature/5718547946799104 for more details.
(anonymous) @ -ww3.htm:650
-ww3.htm:650 A parser-blocking, cross site (i.e. different eTLD+1) script, -https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See htxps://www.ch40mestatus.qjz9zk/feature/5718547946799104 for more details.
(anonymous) @ ww3.htm:650
-ga.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-adsbygoogle.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-connect.facebook.net/en_US/all.js#xfbml=1:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-e8af8301-45e2-41c6-9212-9421ce1b1dc7.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-sp.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-onLoadModule.js:72 ...Selector Finder is running...
VM51:1 Uncaught ReferenceError: popWin is not defined
    at <anonymous>:1:1
3rd party cookie issues: Mixed content: load all resources via HTTPS to improve the security of your site

Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-adsbygoogle.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-connect.facebook.net/en_US/all.js#xfbml=1:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-e8af8301-45e2-41c6-9212-9421ce1b1dc7.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-sp.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-onLoadModule.js:72 ...Selector Finder is running...
VM51:1 Uncaught ReferenceError: popWin is not defined
    at <anonymous>:1:1

Enjoy,

polonus (- and x added in quote by me for obvious reason)

[polonus]

Next through avast protect your privacy against mass surveillance and total control measures:
-> privacytools.io

When not strictly obligatory do not enter personal identifiable data, when you can avoid it,
use an alias in stead. Do not share data online, that you would not already share with all of the globe,
because that is where all data goes on Interwebz.

Always keep this reasoning at the back of your heads, folks.
Once bitten, twice shy, and do'nt take coal to Newcastle (...they already have plenty of that there)  .

polonus

[polonus]

Check on tracking and for insecure tracking methods here:
https://reports.exodus-privacy.eu.org/

polonus

[polonus]

It is advisable to check on Android though the Virus Total app for example all app permissions you granted.

What permissions to avoid?

See:  http://HTTPS://www.online-tech-tips.com/smartphones/30-app-permissions-to-avoid-on-android/
Source Guy McDowell

polonus

[bob3160]

The correct link is:
https://www.online-tech-tips.com/smartphones/30-app-permissions-to-avoid-on-android/

[polonus]

Test security of your website here: https://en.internet.nl

polonus

[polonus]

One can perform a quick and dirty word press security scan for a website with WordPress CMS here: https://hackertarget.com/wordpress-security-scan/

Mind that the Word Press CMS version update comes faster than given there.

Scanned a random WP site there: -https://ufoholic.com/

Found following issues:

The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin   Update Status   About
popup-builder 4.1.9   Warning   latest release (4.1.13)
https://popup-builder.com
ultimate-social-media-icons 2.7.5   Warning   latest release (2.7.7)
http://ultimatelysocial.com
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths  using a dedicated tool.

Linked sites given the all green as well as JS links.

File not found for me because blocked: File not found: hxtps://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8450070672787649

Retirable code found up with retire.js

jquery-ui   1.13.1   Found in hxtps://ufoholic.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 _____Vulnerability info:
Medium   CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label   

polonus

[polonus]

For those developers into javascript security.

Different findings from retire.js and otto.js extensions inside a chromium browser.

Both extensions  are developers hlping tools:
Retire.js alerts retirable js libraries (outdated & vulnerable).
Otto.js extension checks on the visiting webpage for security issues like Tracking scripts, Data Stealing, Malware and Weak site security, it will also alert for vulnerable javascript as retire.js does.

Otto.js for this avast forum website alerts for a tracking script by kslogs.ru.

Although Google gives it the all green (pretty safe), webrate frowns upon it:
https://webrate.org/site/kslogs.ru/

Also see: -> https://www.virustotal.com/gui/url/66c6ed4e40e622a8c6ca05ada7e2cf2a46d86eb54877bf1eed925964ad40627c/details

Erlend Oftedal's retire.js has no alerts whatsoever for this here webforum site.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)