Thread: Where I keep my spare cats.
View Single Post
  #120  
Old June 2nd 17, 03:41 PM posted to rec.photo.digital
David B.
external usenet poster
  
Posts: 296
Default Screenshot! (was - Where I keep my spare cats)
On 02/06/2017 01:05, Diesel wrote:
"David B."
Thu, 01 Jun 2017 10:35:39 GMT
in rec.photo.digital, wrote:

On 01/06/2017 11:13, Diesel wrote:
"David B."
Thu, 01 Jun 2017 08:10:45
GMT in rec.photo.digital, wrote:

On 01/06/2017 07:31, Diesel wrote:
Well, I wasn't a kid when I worked for Malwarebytes. Do you
understand what's involved in reverse engineering potentially
malicious 0day binaries?

Then SHOW folk just how good you are with such things!

With pleasure.

What malware can you find at the LIVE web page, Dustin?

Oh, you mean the site in my signature?
https://tekrider.net/pages/david-brooks-stalker.php

I imaged the site the other day..So, unless something 'new' has
been added in the past few days, it has no 'live malware' to
speak of.

From the link you shared (which I confirmed is still active)

Suspicious domain detected. Details:
http://sucuri.net/malware/malware-en...listed35?post1
script type="text/javascript"
src="http://windows-web-browsers.co.cc/alert/"

It doesn't like the co.cc link. Which presently points to a
'dead' domain that's been effectively parked and is available for
your taking, if you wanted it.

And sucuri wrongly automatically calls it malware and provides
this reason for it's justification:

A suspicious code was identified loading content from a
blacklisted domain.

so the domain was blacklisted, supposedly, and this somehow makes
having it in tekriders site 'malware'; Not ****ing hardly.

https://www.verisign.com/en_US/domai...in-names/index.
xhtml https://en.wikipedia.org/wiki/.cc

And as far as sucuri goes, take them with a large salt shaker:

https://www.whitefirdesign.com/blog/...i-makes-a-pers
uasive-case-that-you-should-avoid-using-their-services/

Now, you owe me David. I'll let you know what I want at a later
date.


Securi has done a LIVE check on the site for me.

It's Sucuri, David...

This if the result:
https://sitecheck.sucuri.net/results/www.tekrider.net

Well, you have another issue with Sucuri then.

wget tekrider.net
--2017-06-01 19:41:47-- http://tekrider.net/
Resolving tekrider.net... 192.251.238.3
Connecting to tekrider.net|192.251.238.3|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: pages/index.php [following]
--2017-06-01 19:41:47-- http://tekrider.net/pages/index.php
Reusing existing connection to tekrider.net:80.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.php'

[ = ] 5,737 --.-K/s in 0.02s

2017-06-01 19:41:47 (227 KB/s) - `index.php' saved [5737]

Verified the lines Sucuri thinks are present in the index.php using
alleycode and notepad (not necessary, but, I like to be thorough for
you) are not.

Also verified the results with firefox:

view-source:https://tekrider.net/pages/index.php

So, that's three seperate ways of doing it, and, all three confirm,
Sucuri is incorrect. Local mirrored copy (#1), wget (#2), firefox
(#3) as I know you're a bit 'slow' concerning matters of a
technical nature.

Securi has MUCH better standing in the community that you, Dustin!

Which community, David?

The 'security' community, Dustin. The folk who purport to protect us!

Did you read the informative link at whitefiredesign?

https://www.whitefirdesign.com/blog/...heir-services/

I did! :-)

I was impressed by what I read, so I've written to the company.

Now, I'll even share what I said, too! ;-)

=

WHITE FIR DESIGN


Hello - I write to seek your help after reading your comments about Securi.

Since being caught up in a scam back in 2005, I've been seeking to
discover just how the 'bad guys' operate on the Internet.

I'd really appreciate it if you could investigate a particular web site
for me. It appears to be carrying an unauthorised script at line 86 -
which can be seen by using this facility:-

https://aw-snap.info/file-viewer/?pr..._sel=ff&fs= 1

The site owner swears that there is nothing at all at line 86 in the
source code of his web site, so I am puzzled. Here is a message which I
succeeded in posting on his 'Contact Form' recently.

https://www.dropbox.com/s/2h2t4md638...2017.tiff?dl=0

Securi ALSO reports a 'problem' with this web site. Here's a screenshot:-

https://www.dropbox.com/s/6nj382qhv4...29.tiff?d l=0

When I view the Tekrider web site in normal course, I can see no mention
of the site owner's 'Stalker' page - but I CAN if I use a VPN. I'm
convinced that something is amiss and respectfully request that, in the
Interest of ALL Internet users, someone from from your firm takes a look
at this situation. I will be most grateful.

Sincerely,

David B.
Devon, England

--
The only people who make a difference are the people who believe they can.