Wave of scams related to the war in Palestine

In recent days I have noticed that many sites related to the situation in Palestine are being created, especially many sites asking to support the Palestinian population with donations or purchases of material.

There are certainly many people who try to help using the Internet, but many are taking advantage of this tragedy to scam people who want to help those who are suffering.

Wanting to give an example of a suspicious site, I started taking a look at this site “impact-palestine.com”.

The domain was registered two days ago.

I don’t take the HTTPS certificate into consideration because it might be normal to use a certificate of this type for a voluntary association.

The name of the site recalls that of IMPACT initiatives (https://www.impact-initiatives.org/). The text is in English but in some places there are texts in Russian.

We read about funds raised…

… but their wallet says otherwise.

It is also noted as asking for donations only via cryptocurrencies.

The links to their alleged social accounts lead to accounts of other well-known associations or to non-existent accounts.

If you are able and willing to help, I suggest you rely on well-known associations. For example https://www.amnesty.org/en/ or https://www.savethechildren.net/

What happens when a fascist runs a social network

In recent months I had asked why my account was suspended. After a few months I received this answer. There is no possibility of dialogue and not even a decent explanation. They talk to me generically about a violation of the rules.

Now we need to understand whether this response is the result of poorly made artificial intelligence or of a biological moron 😀 😀 😀

1M in less than four months:)

After Twitter blocked my account I moved to Urlscan.io where Johannes welcomed and supported me very kindly. I was able to appreciate the platform and today we reached the milestone of one million submissions made.

Thanks to the urlscan.io team for their work!

REALFLIGHT EVOLUTION on Lenovo ThinkCentre neo 30a

I think it’s been about 30 years since I’ve installed a game on my computer. The last one I think was Gunship 2000 or something!
Today, however, I installed this simulator for model aircraft.

From the videos and comments it seemed like a well-made product and so I decided to buy it to learn how to drive model aircraft and to be able to do something useful during some online meetings.

I had read about some problems with Intel graphics cards but being an optimist I decided I would fix it. Indeed it was, I had to work on it a bit but in the end everything works 🙂

After installing it using Steam (which I didn’t know about but it seems to me a fantastic object) the game started without problems, only that instead of letting me do anything it presented me with a model aircraft stopped on the runway. Searching on the Internet on the various forums there was talk of switching to the use of the beta version “dxvk-intel.fix” which could have solved the problem.

To use the beta version, simply enter the game properties, select the “Betas” item, select the “dxvk-intel-fix” beta, close the window with the “x” and restart the game.

When I restarted the game I got an error message telling me that the graphics card was not working properly. To solve this problem I downloaded these drivers and after the installation I restarted my computer as requested and after the reboot everything started working fine 🙂

No more Twitter!!

After more than 400,000 tweets, the blue bird platform suspended my account for violating the counterfeit goods rules.

I’ve decided to move the publishing of reports to urlscan.io.

In the new release I made some changes to the publishing platform, the main one for users is that now sites that don’t have a default page are also published. These are the so-called “opendir”.

Update from Twitter account

November 2022 saw a new update of “The Smith Project” solution.

This update makes it possible to identify a new type of malicious sites that spread malicious Android app and Windows executable.

The increase in tweets from October to November was almost 100%. If compared with September the increase was more than 200%

It’s hard to find time to work on this project, however there are many ideas. Stay tuned!

Typo generator online

I just released a web application for generating typos. This service exposes a resource that can simply be invoked by the browser or any http client (eg curl) and returns a list of strings that look like the original string. For now the request is not that much customizable, the next releases will allow you to configure the algorithm that generates the strings.

The application can be found here: http://typ0generat0r.com

The application is available to everyone with few limitations:

no more than one call every three minutes for each client
maximum length of the text to be used to generate the typos must be eight characters

To overcome these limits you can ask me for a key through which you can use the application without limitations,

Infosec people that post IOCs on Twitter

See the live page here

GoodFATR

A Platform for Automated Threat Report Collection and IOC Extraction

A few days ago I came across this project from the University of Madrid. Below is a summary and the entire document. Enjoy the reading 🙂

To adapt to a constantly evolving landscape of cyber threats, organizations actively need to collect Indicators of Compromise (IOCs), i.e., forensic artifacts that signal that a host or network might have been compromised. IOCs can be collected through open-source and commercial structured IOC feeds. But, they can also be extracted from a myriad of unstructured threat reports written in natural language and distributed using a wide array of sources such as blogs
and social media. This work presents GoodFATR an automated platform for collecting threat reports from a wealth of sources and extracting IOCs from them. GoodFATR supports 6 sources: RSS, Twitter, Telegram, Malpedia, APTnotes, and ChainSmith. GoodFATR continuously monitors the sources, downloads new threat reports, extracts 41 indicator types from the collected reports, and filters generic indicators to output the IOCs. We propose a novel majority-vote methodology for evaluating the accuracy of indicator extraction tools, and apply it to compare 7 popular tools with GoodFATR’s indicator extraction module. We run GoodFATR over 15 months to collect 472,891 reports from the 6 sources; extract 1,043,932 indicators from the reports; and identify 655,971 IOCs. We analyze the collected data to identify the top IOC contributors and the IOC class distribution. Finally, we present a case study on how GoodFATR can assist in tracking cybercrime relations on the Bitcoin blockchain.

goodfatr Download

Our fight against fraud and abuse: an update

An interesting article by Namecheap that illustrates their commitment (and to a small extent mine too) in the fight against scams and abuses on the Internet.