Author Topic: Tests and other Media topics  (Read 555966 times)

0 Members and 3 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1065 on: July 08, 2023, 12:30:49 PM »
Compare resources to check abuse IPs,

Re: https://ip-sc.net/en/r/82.176.30.210
and at AbuseIPDB.com  both qualify as risk High. https://www.abuseipdb.com/check/82.176.30.210

Another source to check against: https://scamalytics.com/ip/82.176.30.210  Fraud risk - 51%.

polonus
« Last Edit: July 08, 2023, 06:48:39 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1066 on: July 12, 2023, 02:53:32 PM »
Another resources to check against: https://www.abuseipdb.com/check/94.102.61.22
and also flagged here: https://www.abuseipdb.com/check/94.102.61.22  (flagged as spammer)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1067 on: July 12, 2023, 06:54:37 PM »
In this way we also get informed about the vulnerabilities that can be abused on a certain IP.

See: https://www.abuseipdb.com/check/128.199.52.45

and see existing vulnerabilities here: https://www.shodan.io/host/128.199.52.45

Also:
nextjs   12.3.4   Found in https://www.digitalocean.com/_next/static/chunks/main-d84ea29d76d456a4.js
also: https://www.shodan.io/search?query=digitalocean.com

Also: https://ipinfo.io/174.138.100.127  (not flagged)

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1068 on: July 13, 2023, 11:51:21 AM »
Checking online at SafeToOpen: -http://login.reclamefolder.nl
Results
Quote
Scan date/time:
13/Jul/2023 09:31:53 PM

HTML title:
Foutmelding |   Error

SSL issuer:
R3

SSL validity:
89 days

SSL age:
SSL issued 64 days ago

Favicon:
hxtps://login-static.dpgmedia.net/pip-components/favicon/default-favicon-32x32.png

Downloads:

and

Item   Original   Redirected
URL   -https://login.reclamefolder.nl/     -https://login.reclamefolder.nl/ 
FQDN   -login.reclamefolder.nl    -login.reclamefolder.nl
Domain Name   -login.reclamefolder.nl    -login.reclamefolder.nl
Domain Registration - Expiry      
IP Addr.   131.203.3.211    131.203.3.211
Hosted country   NZ   NZ
   Online source SafeToOpen online scan results.

Checked IP: https://www.shodan.io/host/131.203.3.211

Here it is getting interesting: https://urlscan.io/result/7ca297aa-1fe7-4e4b-b712-9cb5dc6e9840/

So is this extension/online scan site also profiling the end-users that work it?
9 detected files on this IP: https://www.virustotal.com/gui/ip-address/172.67.75.26/detection

Netcraft risk rating 1/10.  Vulnerability in content.js in on website in CLOUD14, San Francisco.

polonus
« Last Edit: July 13, 2023, 12:16:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1069 on: July 14, 2023, 06:33:29 PM »
Test you installed mobile apps for tracking and permissions.

Example: https://reports.exodus-privacy.eu.org/en/reports/org.blokada.alarm/latest/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1070 on: July 21, 2023, 02:15:15 PM »
IP address vulnerablities and related abuse.

Re: https://www.shodan.io/host/128.199.33.46  (see under general information)

Re: https://www.abuseipdb.com/check/128.199.33.46  (recent reports of abuse)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1071 on: July 22, 2023, 04:05:05 PM »
Threat resources - example https://otx.alienvault.com/indicator/ip/192.241.201.18

Verify with other resources - also https://www.abuseipdb.com/check/192.241.204.201

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1073 on: August 13, 2023, 01:20:11 PM »
Check on: https://www.abuseipdb.com/check/83.8.131.51
also here: https://db-ip.com/83.8.131.51 

(also there this IP-address is given as high risk attack source).

Read on attacks: https://venafi.com/blog/attacks-linux-servers-cloud-rise-ssh-abusing-malware/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1074 on: August 18, 2023, 03:16:42 PM »
Next check against greynoise:
Re: https://www.abuseipdb.com/check/167.71.68.224
and https://viz.greynoise.io/ip/167.71.68.224  verdict malicious.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1075 on: September 21, 2023, 02:25:56 PM »
Fine resources via https://dnsdumpster.com/  on dns recon
Also read this: https://dnsdumpster.com/footprinting-reconnaissance/

As a cold reconnaisance website security analyst and website error-hunter, I also use these resource instances

What is happening in the EU - official open DNS in the European Union -> https://www.dns0.eu/nl

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1076 on: September 29, 2023, 12:27:58 PM »
Checking on malicious IP, several resources: Recapitulation:
See this resource: https://www.fortypoundhead.com/tools_ipcheck.asp
And mentioned source also reports here: https://www.abuseipdb.com/user/30078 (random example, mind the challenge)
Re: https://www.ipqualityscore.com/ip-reputation-check
Re: https://scamalytics.com/ip  and https://dnschecker.org/ip-blacklist-checker.php
Re: https://talosintelligence.com/reputation_center/
See: https://viz.greynoise.io/ip/167.71.68.224 random example
and of cource VT - https://www.virustotal.com/gui/home/upload

Enjoy, my friends, enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
« Last Edit: October 04, 2023, 05:07:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1078 on: October 19, 2023, 04:40:28 PM »
Check abuse on a whitelisted cloud-IP: https://www.abuseipdb.com/check/172.71.102.128
Nothing here: https://db-ip.com/172.71.102.128
VT warns for ThreatFox IOCs for 2023-08-22 - according to source ArcSight Threat Intelligence - 1 month ago
IcedID botnet C2 domain (confidence level: 70%) 
Alsso see: https://intelx.io/?s=172.71.1
Risk on the server (6) : https://scamalytics.com/ip/172.71.102.128
Quote
Too bad! The connection with your website is not or insufficiently secured (HTTPS). Therefore information in transit between your website and its visitors is not sufficiently protected against eavesdropping and tampering. You should ask your hosting provider to enable HTTPS and to configure it securely.

polonus
« Last Edit: October 19, 2023, 04:42:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
Re: Tests and other Media topics
« Reply #1079 on: October 22, 2023, 12:35:57 PM »
Test example pulsedive - https://pulsedive.com/ioc/snap.licdn.com
Website was blocked by Privacy Badger and uBlock.
Blocked - hXtps://px.ads.linkedin.com/ *
The connection with  thewebsite is not or insufficiently secured.

* see: https://pulsedive.com/indicator/?iid=2650031 -> https://www.shodan.io/host/13.107.42.14
Given as clean: https://www.virustotal.com/gui/url/0c06a12108cebe7ed95771d207a8f1e736d294a1c3c6caf787d1aecdea193bfd/details

Also consider search results here: https://intelx.io/?s=13.107.42.14

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!