https://blog.sicuranext.com/68-of-phishing-websites-are-protected-by-cloudflare/
#BigTechisEvil
@chazh : one of the partners in crime. Lots of DV certificates for Cloudflare proxies are issued by "Google Trust Services".
@chazh :
100% security is impossible. But it's bad and it's getting worse.
Fix:
1️⃣ Immediately after setting up an https connection (before downloading content), EVERY browser should warn people if they've never visited the site (exact domain name) before, if ownership of the domain name changed or upon any other risky anomaly.
2️⃣ The warning should include as much as possible information about:
• the current owner of the domain name;
• if such info is available, the *reliability* of that info.
3️⃣ Depending on said info, the user is informed about the risks they take when deciding to "trust" the website and opening it (thereby adding it to their "visited before" list).
4️⃣ User education is very important, at the very least browsers should provide easy to understand tutorials.
5️⃣ The current (corrupt) CAB/forum needs to be replaced by an organizations with end-user participation.
Google in particular does not want that. They don't want internet users to be able to easily distinguish between authentic and junk websites. Scamsites are part of their business model.
@chazh
> "You’re very angry that passkeys don’t close HTTPS cert-shaped holes. But neither do password managers or anything else in a browser."
No. Instead, I'm very angry that big tech makes the internet less secure every day while first telling people to use 2FA to fix that (which was a lie) and now telling people to use passkeys to fix that (which is a lie).
Because people's accounts will keep getting compromised and/or they'll keep getting locked out of their accounts. It's one big hoax.
#BigTechIsEvil #GoogleIsEvil #LetsEncryptIsEvil #CloudflareIsEvil #AmazonIsEvil #MicrosoftIsEvil #AppleIsEvil
@cendyne : https certs are in the chain of trust.
If they are issued to the wrong sites, passkeys fail.
Note that I will NOT login to my bank (using a passkey or whatever) if it suddenly has a junk LE DV cert (soon valid for 45 days without OCSP), because I expect a decent certificate.
Why don't passkeys enforce AT LEAST an OV (Organization Validated) certificate?
R.I.P. Windows
![Screenshot from the top of https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-24h2-bug-crashes-key-system-components/
Microsoft: Windows 11 24H2 bug crashes Explorer and Start Menu
By Sergiu Gatlan
November 24, 2025 05:41 AM 0
[Image: Windows logo + text: "Windows 11"]
Microsoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash after installing cumulative updates released since July 2025.](https://files.mastodon.social/cache/media_attachments/files/115/604/404/851/870/839/original/827e14847c33bdfe.jpg)
"We Free Shipping Worldwide" - IF we ship (after you paying).
@faab64 : interestingly, Cloudflare leaked that you were denied access to some subdomain of https://instant-system.com
Which, by the way, is mostly hosted by a Google cloud server in Belgium (35.187.37.119).
@faab64 : apparently they (*) don't want you to speak English.
(*) Could be Cloudflare.
"Onze privé-gegevens zijn niet veilig als een Amerikaans IT-bedrijf op het punt staat eigenaar te worden van DigiD!"
— https://actie.degoedezaak.org/petitions/stop-de-amerikaanse-overname-digid
Klopt. Maar ik teken NIET want dit soort petities zijn BULL SHIT:
1️⃣ Als je tekent, geef je jouw gegevens aan de eigenaar van "degoedezaak.org". Waarom verzamelt die club onze persoonsgegevens, en wat doen ze daar WERKELIJK mee?
2️⃣ Daarnaast deel je jouw gegevens met tal van Amerikaanse BigTech bedrijven: Cloudflare, Google, Amazon, Facebook, BlueSky en vermoedelijk ook Twitter.
3️⃣ Je kunt natuurlijk liegen over jouw identiteit, maar dan kun je ook tig keer stemmen (bij het songfestival "beperkt" tot 10x per persoon: https://security.nl/posting/913878). Hoeveel stemmen zijn authentiek en beperkt tot ÉÉN per levende Nederlandse burger?
4️⃣ Uit https://www.degoedezaak.org/privacyverklaring/:
"13. Als bewijs voor daadwerkelijke steun voor petities en burgerinitiatieven (burgerinitiatieven vereisen minimaal naam, adres en geboortedatum)"
Deze petitie vraagt, zo te zien, niet om een geboortedatum en is -naar verluidt- dus ongeldig.
P.S. er is een fix voor de meeste problemen: https://www.security.nl/posting/912595/Idee%3A+DigiD%2B%2B+voor+petities%3F.
#OnlinePetities #ONBETROUWBAAR #OnlineAuthenticatie #Authenticatie #Impersponatie #Identificatie #Petities #Privacy #Risicos #DataGraaiers #BigTechisEvil #GoogleIsEvil #CloudFlareIsEvil
![Screenshot van https://actie.degoedezaak.org/petitions/stop-de-amerikaanse-overname-digid met de "Tekenen" pop-up open
Teken de petitie
Recent Signers
Ruben één minuut geleden
Ree 3 minuten geleden
Sem 9 minuten geleden
Annet 11 minuten geleden
[Invulveld: Voornaam *]
[Invulveld: Achternaam *]
[Invulveld: E-mail *]
[Invulveld: Postcode *]
[Grote knop: TEKENEN]
Door deze petitie te ondertekenen ga je akkoord met ons privacy beleid.
Deze petitie is gestart door burgers of groepen die campagne voeren voor iets dat zij belangrijk vinden. De standpunten van burgercampagnes vertegenwoordigen niet noodzakelijk de standpunten van DeGoedeZaak.](https://files.mastodon.social/cache/media_attachments/files/115/593/606/143/694/494/original/a4e2c263f467b2e5.jpg)
![Screenshot van onderaan https://www.virustotal.com/gui/url/ef10e2c6b5f2b65b4cec7c9d1e0acd4fb2aa04ab81e0dbce9b417b61658d680e/details
[...]
csrf-param: authenticity_token
csrf-token: ygGkMSEm5ahQ4JUeHnBJG6E8Je_y6YhmZWR4fd9M_aHxq8G-B21JroYvCxSMHHJoe2h1HnkKjbjDpd58sAR0UQ
description: DeGoedeZaak is de bondgenoot voor progressief Nederland. Start je petitie vandaag en maak samen verandering.
og:url: https://actie.degoedezaak.org/
og:title: DeGoedeZaak
og:description: DeGoedeZaak is de bondgenoot voor progressief Nederland. Start je petitie vandaag en maak samen verandering.
og:image: https://static.controlshift.app/organisations/homepage_share_images/122/open_graph/preview-image.png?1512466235
twitter:title: DeGoedeZaak
twitter:description: DeGoedeZaak is de bondgenoot voor progressief Nederland. Start je petitie vandaag en maak samen verandering.
twitter:card: summary_large_image
twitter:image: https://static.controlshift.app/organisations/homepage_share_images/122/open_graph/preview-image.png?1512466235
Trackers
1) Amazon Cloudfront
d8s293fyljwh4 (https://d8s293fyljwh4.cloudfront.net/stories/images/701/hero/roya-ann-miller-196182_copy.jpg?1510831212) 2022-09-05 14:10:18 UTC
2) Google Tag Manager
G-6MWTCEMMDS (https://www.googletagmanager.com/gtag/js?id=G-6MWTCEMMDS) 2025-11-22 12:18:43 UTC
UA-118653807-1 (https://www.googletagmanager.com/gtag/js?id=UA-118653807-1) 2023-07-14 11:39:40 UTC
Redirection chain
https://actie.degoedezaak.org/](https://files.mastodon.social/cache/media_attachments/files/115/593/606/178/776/119/original/3b85285da2673ae0.jpg)
Cloudflare (maffiamaatje), Pulitzer en onzichtbare inkt
Een beeldverhaal 🧵 met weinig woorden
🧵1 Pulitzer en de onzichtbare inkt
#CloudflareIsEvil - block all Cloudflare IP-ranges and whitelist essential domains.
I checked the last 2000 domain names proxied by this server.
Of those, 1055 domains are flagged as malicious by at least 1 virus scanner (of 95).
699 are flagged as malicious by at least 5 virus scanners.
186 are flagged as malicious by at least 10 virus scanners.
2 are flagged as malicious by at exactly 15 virus scanners:
🚨 bhl2b3b4u4g0 dot shop
🚨 bhm8v7a4y5b5 dot shop
Probably ALL domains are malicious. Cloudflare does not care; facilitating cybercrime is part of their bussines.
#BigTechIsEvil #GoogleIsEvil #LetsEncryptIsEvil #DVcertsAreWorthless
Hey #PoPo , word eens #FSCKING wakker!
BTW "mezohost․cc" (samen met subdomains "plesk." en 'backup.") verstopt zich achter Cloudflare met certificaten van "Google Trust Services": https://www.virustotal.com/gui/domain/mezohost.cc
(Edit) Sinds 1 juni dit jaar: https://crt.sh/?Identity=mezohost.cc
#BulletProofHosting #MezoHostCC #RailNetLLC #CyberCrime #CyberCriminaliteit #OVHisEvil #BigTechIsEvil #Politie #GoogleIsEvil #CloudflareIsEvil
🚨 Phishing: de nepsite waar ik op 6 én 12 okt. over schreef (resp.https://todon.nl/@ErikvanStraten/115323922859027525 en )https://todon.nl/@ErikvanStraten/115363066193164967 is nog steeds live (screenshot van 16:15 vanmiddag).
Deze nepsite "draait" op een door cybercriminelen gehuurde server van OVH. Van de 147 domeinnamen van reguliere websites op die server worden er 123 door minstens één virusscanner als kwaadaardig gedetecteerd, maar dat zijn ze (mijn inschatting) allemaal.
Ik heb zojuist een tabel met alle 147 foute domeinnamen te gepubliceerd in https://www.security.nl/posting/909740.
Nb. het is zinloos om de websitenamen (domeinnamen) van nepsites bij te houden of zelfs te onthouden, want elke dag komen er vele duizenden nieuwe bij en worden de websites van ongeveer evenveel voor weinig geld verkocht aan domeinnaam-parkeerders - die de domeinnamen in een paar jaar "witwassen".
Meer info over die OVH server postte ik eerder (op 12 oktober) in https://security.nl/posting/908855 en daaronder in https://security.nl/posting/908859.
#Phishing #DomeinNaam #WebsiteNaam #BigTechIsEvil #DV #DomainValidated #VanWIEisEenWebsite #OV #OrganizationValidated #EV #ExtendedValidation #EchtVanNepOnderscheiden #NepVanEchtOnderscheiden
Sundar Pichai: lets call our CA "Google Trust Services" and hand out certs to cybercriminals without checking the guys who hire Cloudflare's evasive proxy services to cybercriminals while doing that without checking the guys who hire the domain name "lastpassdesktop․com" from the morons @nicenic.net.
The domain name was ready for reuse, after having been bitwashed in slightly less than 4 years (https://crt.sh/?q=lastpassdesktop.com).
@halvar : #CloudflareIsEvil as well; they make big money from proxying malicious websites.
Example: https://www.bleepingcomputer.com/news/security/fake-inflation-refund-texts-target-new-yorkers-in-new-scam/ mentions a scamsite in a text message (I've replaced some ASCII chars by Unicode to prevent accidental opening):
https:⧸⧸revenue․payvem․cc⧸notice
The RELATIONS tab of https://www.virustotal.com/gui/domain/revenue.payvem.cc/relations reveals 2 Cloudflare IP-addresses:
• 104.21.75.60
• 172.67.214.249
Both IP-addresses proxy mostly the same websites. On both, more than 22% are detected as malicious by at least one anti-malware product.
The left screenshot provides a simplified view of https://www.virustotal.com/gui/ip-address/104.21.75.60/relations - where I've removed all domains with zero detection (which does not mean that they're not malicious).
This result is quite common for most Cloudflare proxy servers (188.114.96.* and 188.114.97.* are a lot worse; see for example https://www.virustotal.com/gui/ip-address/188.114.96.0/relations).
After opening mentioned malicious site, Cloudflare *today* warns for phishing - with the ability to ignore the warning and open the website (this warning already proves that Cloudflare is MitM'ing the connection).
Tapping "Ignore & Proceed" opens the page in the screenshot at the right.
"Google Trust Services" issued the DV certificate to Cloudflare (https://crt.sh/?id=21315266720&opt=ocsp).
🚨 Phishing: de nepsite waar ik op 6 okt. over schreef (https://todon.nl/@ErikvanStraten/115323922859027525) is nog steeds live (screenshot van 22:14 vanavond).
Een paar andere virusscanners bestempelen de site nu als kwaadaardig, maar dat is veel te laat en het zijn er nog steeds veel te weinig.
Meer info hierover postte ik eerder vanavond in https://security.nl/posting/908855 en daaronder in https://security.nl/posting/908859.
#Phishing #DomeinNaam #WebsiteNaam #BigTechIsEvil #DV #DomainValidated #VanWIEisEenWebsite #OV #OrganizationValidated #EV #ExtendedValidation #EchtVanNepOnderscheiden #NepVanEchtOnderscheiden
@ma1 : looks like this is why MS makes Outlook stop rendering SVG: https://www.bleepingcomputer.com/news/security/microsoft-outlook-stops-displaying-inline-svg-images-used-in-attacks/.
From hxxps://xss[.]report/ :
"Welcome to XSS.Report
Blind XSS Platform Discover and address blind XSS vulnerabilities effectively using the automated services of xss.report.
[...]
© For bug bounty hunters – All rights reserved."
Hiding behind Cloudflare: https://www.virustotal.com/gui/ip-address/104.21.27.56/relations (of course).
Anonymous DV certs from Sectigo and "Google Trust Services: https://crt.sh/?q=xss.report
(Thanks a million for NoScript!)
#SVG #XSS #NoScript #CloudflareIsEvil #BigTechIsEvil #DV #DomainValidated #GoogleIsEvil
![Screenshot from the top of hxxps://xss[.]report/c/teslaw
A lot of hardly readable Javascript can be seen, including calls to POST to the URL mentioned above, as wel as the use of "window.sessionStorage".
Further down (not visible in the screenshot) highly obfuscated code is used to unpack one or more ranges of encoded bytes.](https://files.mastodon.social/cache/media_attachments/files/115/335/017/401/107/960/original/3d5dc4bb6a2b2227.jpg)
Let op de websitenaam, trap niet in phishing!
De volgende websitenaam (ook bekend als domeinnaam):
mijn-kpn․info
is van oplichters!
Kijk, direct na openen, altijd éérst naar de websitenaam voordat u naar de webpagina kijkt; de pagina kan identiek zijn aan die van de echte website. U kunt dáár te vaak niets interessants uit afleiden om nep van echt te kunnen onderscheiden.
De websitenaam van de echte site luidt:
inloggen.kpn.com
(bron: https://www.security.nl/posting/907657/KPN+Scam%3F).
Onthoud in elk geval:
• Lees websitenamen van rechts naar links en vraag je bij elk "segment" (of sub- / hoofddomein = TLD = Top Level Domain, zoals "com" of "nl") af of het klopt
• Links van elke punt is een subdomein van wat rechts van de punt staat (de punt is het enige scheidingsteken in websitenamen)
• Een minnetje '-' is géén scheidingsteken in websitenamen!
Nb. "mijn-kpn" is dus een subdomein van ".info" (kennelijk was de websitenaam "mijn-kpn․com" al bezet).
Checken of een website niet nep is kan helaas een hele puzzel zijn. Meer info: https://security.nl/posting/906992 (zie ook de Alt tekst "onder" de plaatjes hieronder).
#Phishing #DomeinNaam #WebsiteNaam #BigTechIsEvil #DV #DomainValidated #VanWIEisEenWebsite #OV #OrganizationValidated #EV #ExtendedValidation #EchtVanNepOnderscheiden #NepVanEchtOnderscheiden
@faab64 : probably you're right.
It may be part of the deal between the two war criminals.
Apologize to Qatar, "finish the job" in Iran and propose an "agreement" to Hamas that they impossibly can agree to: they will die if they do and they will die if they don't.
Netanyahu, who never keeps his word, will tell his people that Hamas is to blame for the death of 20 Israeli hostages and 2 million Gazans.
There ARE winners: the weapon manufacturers, IT big tech and investors of both categories.
Image below (screenshot of https://nos.nl/l/2584494#UPDATE-89189834): a Gazan man says (subtitled): "If they release all the hostages at once, we're finished."
#FrancescaAlbaneseIsRight #BigTechIsEvil #NetanyahuToICC #TrumpToICC #Gaza #Westbank #Genocide #GazaGenocide
![Screenshot of https://nos.nl/l/2584494#UPDATE-89189834
A screenshot of a video is shown in which a Gazan man says (subtitled): "If they release all the hostages at once, we're finished."
Below (https://nos.nl/l/2584494#UPDATE-89187914) is part of a contribution by Nasrah Nabiballah:
10:41
'Still a lot unclear'
Israel and Palestinian Territories correspondent Nasrah Habiballah:
"Trump's twenty-point plan may sound very comprehensive, but that's actually quite disappointing. This is because many details about that plan are still unclear. Certain points are formulated in such a way that different interpretations are actually possible. For example: the plan does mention Palestinian self-determination, but whether, where, and when a Palestinian state would be established? That is completely unclear."
It's also unclear whether there's a timeline for many points and who will do what [...]
"](https://files.mastodon.social/cache/media_attachments/files/115/297/716/182/194/607/original/1492c19a28aead57.jpg)
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst