Checking your browser

Yesterday and today after booting up computer and going to https://blog.avast.com/ I get this before the site loads. See Attachment:
After clicking web site, go back and re click site no more warning etc.

This happens on Avast secure browser, Chrome, Firefox, Edge chromium. and only on Avast Blog Web Site .

Confirmed, same here.

Cheers Asyn :slight_smile:

You’re welcome.

It just came up again with “Checking your browser before accessing blog .avast.com”.

Must come up after a certain amount of time has elapsed,not like I thought only after a reboot.

I see many such delays on other sites, usually it is related to checking it is a browser rather than a bot trying to access the site.

One that comes to mind, if I visit Stop Forum Spam to check on a suspect. Whilst it is a slightly different initial page, but the same check, once it has confirmed it is a browser connection it loads as normal.

Thanks DavidR

This is the first time I have ever seen this.

At least I have learnt something new.

I’m guessing it’s similar to Cloudflare’s DoS protection system that does a similar thing.

You’re welcome.
RejZoR also gives an example that could be a (Distributed) Denial of Service prevention method.

L.S.

Nothing out of the ordinairy. But there are still code glitches, where libraries should be retired on the avast blog website.
to make it a tad more secure :stuck_out_tongue:

jquery 1.11.2 Found in -https://blog.avast.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js Vulnerability info: Medium 2432 3rd party CORS request may execute CVE-2015-9251 Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution jquery 1.11.2 Found in -https://blog.avast.com/hs-fs/hub/486579/hub_generated/template_assets/4971048709/1571307960770/Coded_files/Custom/page/responsive/jquery.1.2.min.js Vulnerability info: Medium 2432 3rd party CORS request may execute CVE-2015-9251 Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123 jquery 3.2.1 Found in -https://blog.avast.com/hs-fs/hub/486579/hub_generated/template_assets/7330550809/1569824219439/Coded_files/Custom/blog/js/jquery-tooltip-2019-january.js Vulnerability info: Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

High severity findings here for CSP: Evaluated CSP as seen by a browser supporting CSP Version 3
expand/collapse all
checkupgrade-insecure-requests

errorscript-src [missing]
script-src directive is missing.

errorobject-src [missing]
Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to ‘none’?

But this is not the only site with not optimal settings for best CSP policies. :wink:

There is CloudFlare protection: xpect-CT: max-age=604800, report-uri=“-https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
The Expect-CT header allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that the browser check that any certificate for that site appears in public CT logs.

See: https://webcookies.org/cookies/blog.avast.com/28916849?312212 (B and F-grade scan status)…

Clickjacking protection is enabled

+2
Instructs the browser if the current website can be embedded in HTML frame by another website. Since this allows the parent website to control the framed page, this creates a potential for data theft attacks (“clickjacking”) and most sensitive websites won’t allow them to be framed at all (deny) or just allow parts of them to be embedded in frames created by themselves only (samesite).

In the browser console I see:

SprocketMenu.js:65 GET -https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=486579&callback=jsonpHandler net::ERR_BLOCKED_BY_CLIENT (via uBlock Origin)
value @ SprocketMenu.js:65
value @ SprocketMenu.js:118
(anonymous) @ index.js:18
content.js:2 [VULNERS] Init
content.js:5 [VULNERS] Rules (292) [{…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, …]
content.js:15 [VULNERS] Match Slick /slick.js undefined
(anonymous) @ content.js:15
content.js:15 [VULNERS] Match cpe:/a:jquery:jquery jquery-libs/static-1.4/jquery/jquery-1.11.2.js undefined
(anonymous) @ content.js:15

Babel Quest Client - HubSpot offers a full platform of marketing, sales, customer service, and CRM software — plus the methodology, resources, and support — to help businesses grow better. Get started with free tools, and upgrade as you grow. (Timeframe retention of data = 300 days max.).

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Thanks to RejZoR, DavidR and polonus very much appreciated.

Cheers :slight_smile:

What did you use to get the first listing? (jquery 1.11.2 Found in…)
.

No such delay when I go to my blog hosted at the same place
https://bob3160.blogspot.com/ or any of the other blogs hosted at blogspot.
The delay and popup only comes up on the Avast blog

Hi guys, seems it’s gone. I can access the blog without any delay again.

Same here