A friend of mine told me that when she logs in into one of her Blogs with her cellphone, she gets some message / Security Warning. I barely e-mailed her inquiring as to whether she gets the same results if she logs in via her computer or not. It’ll probably be tomorrow or later before she gets back to me.
But, in the meantime I checked out her Blog’s URL — hxxp://siempredesdelejos.blogspot.com.ar/ with VirusTotal. It came out totally CLEAN. However, I then checked it out with Unmask Parasites and it comes out as SUSPICIOUS. Apparently 1 Suspicious Inline Script found and 8 Hidden External Links found. :o
The syntax of the info provided at Unmask Parasites regarding my friend’s Blog is beyond my scope of understanding. Can someone decipher what’s going on with her Blog … or even use something better that will provide a more understandable verdict? You know … given that Unmask Parasites has been in Beta for several forevers and may not even be being maintained anymore.
In the e-mail that I sent my friend, I told her that MAYBE the problem could be something as simple as just her using an outdated browser on her cellphone. Until I saw the Unmask Parasites results.
Wooooooo! Information overload. :o Not sure where to go, what to do with all of this. I had hoped to be able to tell my friend something like — this, this, this, that and that are bad. You need to remove them. But, instead, I have no idea to what specifically the suspiciousness and general badness discovered in her Blog is pointing to.
In other words, from what I can tell, on the surface, her Blog SEEMS harmless. Just a bunch of images and links to more images and poetry. Yet in the report in your 2nd link, it appears that I guess … her Blog is supposed to be some Mecca Nexus Grand Central Park of Nefariousness! :o Just exactly where is all this activity hidden? Just exactly where are all these “downloads” from her Blog supposed to be taking place from? I’m seriously missing something here.
Is her Blog hacked, infected or something? As in something NOT of her doing? Or could the nefariousness be hidden away perhaps in the 3rd party code that she uses in her Blog template to incorporate this & that function or effect in her Blog’s design? Cuz yeah, she HAS always loved to shoehorn in a plethora of color, images, functions and effects in her Blog’s design and functionality. So I guess it IS quite possible that one or more of the Gadgets or 3rd party code that she’s using is safeness-challenged. :o
Okay, question: In that 2nd link that you posted, the one with the VirusTotal IP Address information … that is supposed to be of her Blog? Why does the location indicate US if she’s from Argentina? I’d sure like to know how and why all that stuff that was supposedly found in her Blog as downloads or whatever … is happening.
I don’t actually go to that Blog of hers at all since it’s not her main Blog. But, from what I saw, her main Blog also yielded very similar results with Unmask Parasites. The only difference was her main Blog had only 6 Hidden External Links found instead of eight. If it’s a danger being around in her main Blog, I’d sure like to know. I’ve never had any problems before. Never had my computer infected by visiting her main Blog. Heck, my computer doesn’t get infected period.
I got a brief reply from my friend. She said she was going to look into that possibility that I told her about … about whether she was using the absolute latest version of her browser on her cellphone. She’ll then get back to me as to whether that remotely got rid of the Security Warning problem.
Pondus, I just finished e-mailing my friend and asked her to send me a screen capture of that Security Warning that she’s gotten. It’ll most assuredly be in Spanish, but I’ll translate it if and when she sends it to me.
As said, VT is checking URLs against a number of blacklists
If you want to scan it for infections (after VT URL check) click on “additional information” tab, scroll down and click on Sucuri and/or Quttera link, URL will then be scanned for infections
Eddy just tries to put forward, why that site has insecurities, has misconfiguraties, has outdated and vulnerable code on it.
Not everybody is able to mitigate such a website with insecurity that may come to it being compromised later or blocked.
Look for someone with relevant knowledge to make the site a good deal better and more secure.
There you have it. Now I don’t know anything about Security Certificates, but … does “Hatsuhiyo” sound right? Why does that sound out of place considering that she’s from Argentina? And what the frigg does giffy.me have to do with anything? Or does this possibly have something to do NOT with her Blog … but, with some IMAGE or GIF somewhere in her Blog?
Thanks for your clarification on the VirusTotal URL Tab, David.
Thanks for the heads up on the availability and function of Sucuri and Quttera, Pondus.
I took the liberty of scanning my Blog with those 2 sites and it received a Clean status from both. Whew! I was a little worried. ;D
However, I guess there MUST be something not completely clean at my friend’s Blog because while hers got a Clean status from Sucuri … it FAILED the Quttera scan, just like Eddy had pointed out. Although I didn’t manage to figure out how to display all the mega details that Eddy provided.
Ssss SO, bottom line, is there anything in all of that info that remotely points specifically to what my friend has to do or remove to get rid of the security warnings?
I’m still hoping it turns out to be a simple case of her cellphone having an outdated browser. But, I probably shouldn’t bet on that being the case.