Went over to VirusTotal to check on an alleged DOS-attack undertaken from -js.stripe.com via -m.stripe.network on the -www.unz.com website.
A rescan for the finalizing scan results was only available for privileged users,
so I launched an anonymous search here:
https://packettotal.com/app/analysis?id=57809fff9e90ae7dc08403185cd44569&name=conn
What came us there were all Wireshark packed scans (connection and others)
Packettotal, quite nice resources,
polonus
Scan tools resources being worked around here: https://www.dshield.org/tools/
pol
Bookmarked, thanks.
Example: https://www.dshield.org/tools/dnslookup.html
Interesting in the light of this news: https://www.quad9.net/news/blog/an-update-to-the-quad9-and-sony-music-german-court-injunction-august-2022/
And these recommendations: https://bgr.com/guides/the-best-free-and-public-dns-servers-in-2022/
Issues like no security support for non-business users and/or no ad-blocking at Cloudflare’s for instance could be serious considerations what DNS to choose. On windows one could use DNS Jumper v2 to change one’s DNS on the fly.
polonus
TLS Checker with instant results to be found here: https://www.cdn77.com/tls-test
Moderate version 1.2. found to reside here: https://www.cdn77.com/tls-test/result?domain=forum.avast.com
Check also with otto for Chrome: no Tracking Scripts, no Data Stealing, no Malware, no Weak Security.
Also has a CSP designer on board, example:
default-src 'self' ; worker-src 'self' blob: ; script-src 'self' 'unsafe-eval' 'unsafe-inline'
polonus
Website scan sites to check on a potential phish:
https://easydmarc.com/tools/phishing-url & https://checkphishing.com/
In this case 5 vendors at VT also flag this as a PHISH:
https://www.virustotal.com/gui/url/a84de0bf2fb6d844449b6d785597b2cf5b28c178021632ba34b5e50df5e5f25f
while that website’s IP is only being flagged by one instance here:
https://www.virustotal.com/gui/ip-address/155.94.143.206
while here all instances were given:
https://www.virustotal.com/gui/ip-address/155.94.143.206/relations
So we will look for ASN-QUADRANET-GLOBAL abuse at URLHAUS, cleantalk.org, ip.lookup.org.
VPN/TOR/Proxy: Likely (and also abuse) 4% online malware
→ https://www.ip-lookup.org/location/155.94.143.206/
polonus
You are being tracked inside your browser all over the Internet.
Do not feed data that you do not want to share with the world and land on all sort of desks.
Who is tracking you - a extension to see what goes on is the “Who is tracking me”-extension
Reporting here for instance on a website for a big national Dutch newspaper
38 instances of GStatics tracking, -googleapis.com and -privacy-centre.org
Disconnect extension only flags 3. Brave shield blocks 2,
We found one unhandled javascript error
Unhandled JavaScript Error
at window.console.error (:1:649) at hxtps://www.telegraaf.nl/:17:23 at patchedCallback (:132:45)
Error at 17:23 of hxtps://www.telegraaf.nl/
polonus
All chromium-based browser may leak your local IP.
Test here: https://niespodd.github.io/webrtc-local-ip-leak/
Then this WebRTC Control extension will prevent leakage:
https://chrome.google.com/webstore/detail/webrtc-control/fjkmabmdepjfammlpliljpnbhleegehm
polonus
Where the threat was being reported: https://urlhaus.abuse.ch/url/2385725/
Where it was detected as not to be scanned: https://sitecheck.sucuri.net/results/warukraine.co/un/nsittes
Where the IP address was being scanned by Threat Analysis: https://jamesbrine.com.au/213.229.66.214/
Flagged as suspicious by one vendor here: https://www.virustotal.com/gui/url/749739209e87e4fda855f3a47713d1f4317a74ea44bdae86c6e8199bd4adcb7b
Categorized as compromised website - https://www.virustotal.com/gui/url/749739209e87e4fda855f3a47713d1f4317a74ea44bdae86c6e8199bd4adcb7b/details
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
IP blacklist checking for a server address used by MBAM:
https://www.ip-tracker.org/blacklist-check.php?ip=Sirius.mwbsys.com
polonus
Tested my adblocking in the latest beta version of the Avast Secure Browser.
Likely you would like to test also, then go here: https://adblock-tester.com/
(made by matuhin dot ru) (P.S. your English seems fine to me).
Enjoy my friends,
By the way, I had the full 100 points out of 100:
This is the most common form of advertising and tracking on the internet. It’s very easy for website owners to set up. These services collect data about you in order to find the right advertisement for you.close
Script loading:test passed
Block visibility:
close
Script loading:
Block visibility:
close
Script loading:
Block visibility:
medium
close
These services monitor your actions on the site and collect information about you. They are needed only by the owner of the site, for the user it is only unnecessary requests and the code that needs to be executed. Unfortunately, blocking them sometimes can completely break the site.close
Script loading:
Script execution:
close
Script loading:
Script execution:
low
close
This type of advertising is often used on large websites that sell ad space. It is difficult to block because it is difficult to distinguish between an advertising image and a regular image. Often the rules are written for each site separately, so this check is not entirely accurate. It only checks for the presence of keywords in the file path and the availability of Flash.close
File loading:
Block visibility:
close
File loading:
Block visibility:
close
File loading:
Block visibility:
low
close
Unlike analytics tools, these services are used to track and measure errors on websites. Services monitor almost all user actions so that the error message is as complete as possible. Most often, if you turn these off, nothing will break.close
Script loading:unable to check (possibly due to service security settings)
Script execution:
close
Script loading:
Script execution:
100 points out of 100
(10 services, 20 cheks)
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Various scanners to scan scam websites
urlscan.io
www.emailveritas.com
www.scamvoid.net
www.scam-detector.com
www.scamaider.com
for tracking apps: reports.exodus-privacy.eu.org
website scanner:
ionos.com/tools/website-checker
sitecheck.sucuri.net
enjoy,
polonus
In the light of all the data breaches on websites and recent SSL vulnerabilities through heap overflow (fortinet’s etc.) it is advisable to do a thorough SSL Server Test, like:
https://www.ssllabs.com/ssltest/analyze.html?d=fortinet.com (also check with certview there).
At SSLBL.abuse.ch for detecting malicious SSL Threats, at www.zscaler.com
SSL Certificate Chain analysis at vulners.com Using the SSL Checker at www.sslshopper.com
Online SSL Scan at hackertarget.com & SSL Scanner report at www.ssltools.com
Enjoy,
polonus
Why so many websites lack a decent CSP policy?
Like these here forums. F-grade: Result
CSP Protection
None
CSP Reporting
Missing
CSP Validity
Invalid
XSS
No CSP Protection
Clickjacking
No CSP Protection
Formjacking
No CSP Protection
General
No CSP Protection
You could argue, they just provide plain content, so they do not need CSP,
but what in view of all the forum-spam to be cleansed?
Just check your CSP scanner extension, it is always penny wise and pound foolish policies.
Also use this: https://csp-evaluator.withgoogle.com/
Check with: https://cspvalidator.org/#url=https://forum.avast.com
No CSP policies in headers or meta elements found at -https://forum.avast.com/
polonus
The information gained here could also be important in combination with a website security scan,
for instance via nibbler: https://nibbler.insites.com/en_US/
polonus
With Let’s Encrypt we will basically have to trust DNS.
Check DNS with Nir Sofer’s tool: DNSDataView (combined with his tool IPNetinfo).
Online check with: DNSSec Analyzer dnssec-debugger.verisignlabs.com
and re-check with DNSViz at dnsviz.net
(Mind you that at dnsviz.net you will also communicate with twitter,
lest you haven’t blocked that with NoScript for example)
Check for twitter searching nitter.eu or nitter.it).
Important to check DNS, because certain Android-malware may change DNS-settings.
Be vigilant,
polonus
Do a website scan with Snyk, and take a glance over the Web Page Test details,
a random example with the waterfall results, you can find it here:
https://www.webpagetest.org/result/230207_BiDcQ5_JAR/1/details/#waterfall_view_step1
You probably also experience what my browser had blocked (ad-blocker and tracking blocks).
Enjoy, my good friends, enjoy,
pol
Marked malicious parked domain (9 vendors flag):
Website scan: https://urlscan.io/result/a89defce-9340-4fc5-a782-6ad9e958acb0/
Snyk vulnerability test scan results:
https://snyk.io/test/website-scanner/?test=230208_AiDc17_DJP&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Connection viewer etc.:
https://www.webpagetest.org/result/230208_AiDc17_DJP/1/details/#waterfall_view_step1
VT results - manyfold flagged as malicious website:
https://www.virustotal.com/gui/url/93117aef5b2e4a3ca73fcbb03ad5f095f3452b4d04be5095f3588f5488751efc/details
On IP: https://www.abuseipdb.com/check/199.59.242.153
polonus
Various Spam IP scans:
https://www.abuseipdb.com/check/45.134.225.229
https://scamalytics.com/ip/45.134.225.229
https://cleantalk.org/blacklists/45.134.225.20
Verdict: spam and fraud.
pol