https://LauverSystems.com/

Trusted Security Services

link and website audit tools
 

Following is a list of trusted sources we use to audit website safety.

You don't need to be a guru to use them, but do use them before visiting a site you don't already trust.  You don't need to be road-kill on the information superhighway.


Quick Overviews

Get Link Info
Redirect Detective
Where Goes?
A shortened link in your email or Twitter ("𝕏") looks tempting; but how many unknown and possibly malicious pages does it traverse to arrive at the promised destination (if it actually does)?  Copy and paste the link into one of these services to see all the redirections and transformations that happen on the way to the final landing page - without them happening to you.  NOTE:  Untrustworthy web pages may be rigged to fail (with an error code such as 404) or appear empty unless they are loaded in a live browser session where they can do real damage.  If these redirection testing services fail to reach a final landing page, you should assume that the page or the pathway to it is either broken or unsafe.

VirusTotal
Analyzes suspicious files and checks domains and URLs against 60+ security services.  This gold standard should be your first stop in testing unknown targets.

Sucuri SiteCheck
Scans domains and directories for malware, checks domains against black-lists, and excels at checking for outdated CMS platforms (e.g. Joomla, WordPress) vulnerable to attack.

Google Safe Browsing
One of Big Brother's advantages is that he gets to see a lot of websites - and test them for badware.

Anti-FAKE NEWS browser extensions
help you distinguish original photos, trusted news, and real Twitter users, from doctored images, spin and fever, and political robots, while you surf.


Extended Checks

Charset.org Punycode Converter
This page doesn't check websites, it checks the characters in their domain names; for example, this " gоοgle.com " isn't what it appears to be (and please don't try to visit it).  In that domain name, the first letter that looks like a Latin (English) "o" is actually the Cyrillic small letter "O", and the second one is actually the Greek letter "omicron".  When converted to "punycode", that domain name looks like " xn--ggle-0nd57e.com " (again please don't try to visit it) which, when loaded into a browser will land on the same non-Google site if it exists.  If instead, you run the real "google.com" through the punycode converter, it comes out unchanged as "google.com".   As of this writing, VirusTotal reports the bogus domain as clean, but a domain name that is clearly created to spoof a major brand should not be trusted.  Since about 2018, VirusTotal and major browsers reveal non-Latin characters in domain names.

Norton Safe Web
Malware reporting which tends to be a bit too optimistic, but may detect real problems overlooked by others.

PhishTank
This OpenDNS project reports domains cited for "phishing": impersonating a legitimate website or page for malicious purposes.  PhishTank is unable to traverse redirection hops or identify phishing attempts in pages that are rigged to load only in a live browser.

Qualys SSL Labs
If a site claims to be secure and this SSL scanner reports grade "C" or less, don't shop there.  Also: If a site is not secure (address begins with "http", not "https"), don't shop there.  If you see fake trust seals - BBB, VeriSign, etc, images which are not live links to the trust authority - don't shop there.  If the trust seals link a trust authority other than the one shown, don't shop there.  If the trust seals link the corresponding trust authority, but it reports a different website, don't shop there.  And don't enter any of your credentials.  Just.  Don't.

Quttera
Another unique malware perspective.  Take it with a grain of salt:  it's not as accurate on either side of the fence but may detect real problems overlooked by others.

Spamhaus
This central registry of spamming domains and IP addresses also provides block-lists.

Trend Micro
This security vendor does its own research as well as checking other's reports.

URLQuery
Analyzes requests and scripts executed in loading a web page, and shows calls to external sites.  Bet you didn't know that CharityX sends your donations to PoliticianY and your personal info to SpammerZ.  (Actually, you would need more research to verify it; but these clues can help.)

URLScan
Inspired by the legendary URLQuery, URLScan analyzes requests and scripts executed in loading a web page and its content, and shows calls to external sites.

Zulu.Zscaler
A heuristic and statistical approach to domain and IP threat analysis.


Dumpster Diving

RobTex
A unique "Swiss Army Knife" of domain and IP associations, categories, mappings, and histories.

Archive.org
Yesterday, some site was the Face of Evil; but somebody tipped off the crook, and today the evidence is Gone.  Or maybe not.

DomainTools WhoIs
The standard for root-domain record and IP address lookups and research.

Hurricane Electric BGP
Domain record and IP address lookups with its own tool-set and more flexibility than the free version of DomainTools, but the results may lag somewhat.



now reading: Trusted Security Services
© 2010-2024 Lauver Systems℠ • Edwardsburg, MI • 269 635-0721
 Print this frame ...