Trusted Security Services

link and website audit tools

Following is a list of trusted sources we use to audit website safety.

You don't need to be a guru to use them, but do use them before visiting a site you don't already trust.  You don't need to be road-kill on the information superhighway.

Quick Overviews

Get Link Info
Where Goes?
A shortened link in your e-mail or Twitter looks tempting; but how many unknown and possibly malicious pages does it traverse to arrive at the promised destination (IF it actually does)?  Copy and paste the link into one of these services to see all the redirections and transformations that happen on the way to the final landing page - without them happening to you.  NOTE:  Untrustworthy web pages may be rigged to fail (with an error code such as 404) or appear empty unless they are loaded in a live browser session where they can do real damage.  If the landing page cannot be reached, you should assume that the fault is in the page or the pathway to it, rather than in the link expander services.

Analyzes suspicious files and checks domains and URLs against 60+ security services.

Checks domains against 20+ security services, and provides additional analytical tools.

Sucuri SiteCheck
Scans domains and directories for malware, checks domains against black-lists, and excels at checking for outdated CMS platforms (e.g. Joomla, WordPress) vulnerable to attack.

Google Safe Browsing
One of Big Brother's advantages is that he gets to see a lot of websites - and test them for badware.

McAfee Threat Intelligence
McAfee offers its own unique view, including external affiliations based on traffic flow.

Web of Trust
Rates domains based on multiple trusted sources and a meritocracy of trusted human observers who also check numerous sources.  Simply paste a domain name into the top-right box on most WOT pages.  Provides a lightweight browser add-on to inform you of ratings as you browse and search.  More...

Anti-FAKE NEWS browser extensions
help you distinguish original photos, trusted news, and real Twitter users, from doctored images, spin and fever, and political robots, while you surf.

Extended Checks

Websense CSI
Assesses potential malware, detects the OpenSSL HeartBleed vulnerability (CVE-2014-0160), and attempts to classify content:  news, social, tech, etc.

From MalwareBytes, classifies bad domains and IP addresses, and may detect problems that other sources overlook.

Analyzes requests and scripts executed in loading a web page, and shows calls to external sites.  Bet you didn't know that CharityX sends your donations to PoliticianY and your personal info to SpammerZ.  (Actually, you would need more research to verify it; but these clues can help.)

Trend Micro
This security vendor does its own research as well as checking other's reports.

This OpenDNS project reports domains cited for "phishing":  impersonating a legitimate website or page for malicious purposes.

Qualys SSL Labs
If a site claims to be secure and this SSL scanner reports grade "C" or less, don't shop there.  If a site is not secure (address begins with "http", not "https"), don't shop there.  If you see fake trust seals - BBB, VeriSign, etc, images which are not live links to the trust authority - don't shop there.  If the trust seals link a trust authority other than the one shown, don't shop there.  If the trust seals link the corresponding trust authority, but it reports a different website, don't shop there.  And don't enter any of your credentials.  Just.  Don't.

Norton Safe Web
Malware reporting which tends to be a bit too optimistic, but may detect real problems overlooked by others.

Another unique malware perspective.  Take it with a grain of salt:  it's not as accurate on either side of the fence but may detect real problems overlooked by others.

A central registry for spamming domains and IP addresses.

A heuristic and statistical approach to domain and IP threat analysis.

Dumpster Diving

A unique "Swiss Army Knife" of domain and IP associations, categories, mappings, and histories.
Yesterday, some site was the Face of Evil; but somebody tipped off the crook, and today the evidence is gone.  Or maybe not.

DomainTools WhoIs
The standard for domain record and IP address lookups and research.

Hurricane Electric BGP
Domain record and IP address lookups with its own tool-set and more flexibility than the free version of DomainTools, but the results may lag somewhat.

now reading: Trusted Security Services
© 2010-2019 Lauver Systems • Edwardsburg, MI • 269 635-0721
 Print this frame ...