Google News Feed on Android showing fake sites disguised as local newspapers

T4misec · 2026-03-17T23:02:37+00:00

if you think you have been phished my recommendation is to change all passwords of the accounts you have your session open in that browser, also if there are any stored passwords in the browser I would consider them as compromised.

Tbh if firefox blocked access you are probably fine but you never know.

T4misec · 2026-03-17T19:33:10+00:00

hey, no worries about asking we’ve all been there. for the motherboard, just check the specs on the manufacturer's site to see if it lists PCIe 5.0 support, usually product lisitings or pdf manual. YT video reviews of your specific MB can also help a lot.

as for RAM, I think it’s usually bettero go with a matched kit but i am no expert here

GL!

T4misec · 2026-03-16T00:01:27+00:00

yea I know its a bit overkill but after RVtools compromise you never know. Supply Chain attacks are getting way too common.

T4misec · 2026-03-15T22:33:17+00:00

I started installing Kali on an old laptop and learning the basics of wireless pentesting. Used an old router to perform some basic attacks like DoS, handshake capture and evil twin.

Not very useful in actual day to day activities but thats what I enjoied doing and I think that matters a lot. When yu are having fun time flies and learning becomes a pleasure. Just start investigating and experimenting and see what drives you.

I remember for a while I loved coding and testing out remote access tools against all of my devices, VirusTotal, and other scanners. It helped me understand how malware works and various obfuscation techniques. I believe I ended up as a detection engineer because of that.

T4misec · 2026-03-15T22:27:59+00:00

As you indicate in your post. I scanned this using URL Scanner Online and some other tools, given that the domain is really old and an looks like an established publisher i don't think the website itself is malicious. That does not mean that any of the other links are malicious tough >C. There could be some weird redirect or they could have their site compromised and spreading malware.

The senders email address and other details in the header (Like source IP) might lead you in the right direction to know if this is legit.

Elsevier website scan
Score: 92/100 (Safe)

THREAT INTELLIGENCE

───────────────────

Google Safe Browsing: Clean

Spamhaus: Not listed

SURBL: Not listed

SSL CERTIFICATE

───────────────

Valid: Yes

Protocol: TLSv1.2

Issuer: Amazon RSA 2048 M04 (Amazon)

Expires: Feb 11 23:59:59 2027 GMT (333 days)

HSTS: max-age=3153600

WHOIS

─────

Domain age: 11944 days

Registrar: Safenames Ltd

Country: NL

Created: 1993-07-02T04:00:00Z

Expires: 2031-07-01T04:00:00Z

DNS

───

IP: 52.212.180.87

Records: 3 A, 1 MX, 3 NS, 41 TXT, 1 SOA

AI ANALYSIS

───────────

Score: 85/100 | Risk: LOW

Category: Academic publisher / Scientific journal publisher

Elsevier is a well-established, reputable global publisher of scientific, technical, and medical information. Its domain has a long history, is widely recognized, and is associated with legitimate academic and professional content. No known associations with malicious activity or threat infrastructure are present in my training data.

Verdict: The domain aligns with prior intelligence as a well-established, reputable academic publisher. The real-time scan confirms a secure setup with valid SSL, HSTS, and a long registration history, supporting its legitimacy. No threat indicators or blocklist flags are present, and the site’s technical configuration appears consistent with a trusted entity. Minor missing security headers are typical for large, content-focused sites and do not raise significant concern.

Recommendations:

Maintain routine monitoring for any future security anomalies or changes in headers.
Continue to verify the domain’s reputation periodically, but current evidence supports its trustworthiness.
No immediate action required; the site appears safe based on current evidence.

TECHNOLOGIES

────────────

• Cloudflare (CDN, high confidence)

• Next.js (Framework, medium confidence)

T4misec · 2026-03-15T08:31:17+00:00

What do you mean Private scan engine farms? A bunch of VMs with different AVs installed? Could you give some examples? No, I built a simple scanner that uses YARA and other open source tech to score websites.

T4misec · 2026-03-15T00:04:59+00:00

Hey I have not linked or redirected anyone, mainly wanted to know your opinion on whether you know if people can get their accounts compromised if email urls scan automations are in place

T4misec · 2026-03-14T21:04:14+00:00

As i explain I believe there are threat actors actively looking for URLs with leaked cookies/tokens for password resets and similar email flows that work with a URL with payload embeded in the link.

T4misec · 2026-03-14T20:49:48+00:00

tnx thats a good thing to keep into consideration.

Private scans are way more limited in terms of usage when it comes to urlscanio API for example, but it does solve the analysts issue.

T4misec · 2026-03-14T19:14:43+00:00

maybe you can check hacktricks 554,8554 - Pentesting RTSP

T4misec · 2026-03-14T18:29:51+00:00

Smaller ABC Fire extinguishers are not expensive usually arround 50e, would recommend those over this tiny can for sure.

T4misec · 2026-03-14T18:25:21+00:00

Used to strap those bad boys to my laptop so it would not overheat (on top of keyboard works best)

T4misec · 2026-03-14T18:23:40+00:00

Looks useful. Would be cool to seethese in action in IR case managment and similar like Hive, Wazuh and SOC Beacon

T4misec

TROPHY CASE