Donate for the Cryptome archive of files from June 1996 to the present

6 November 2014

SiteLock Removed from Cryptome After One Day

SiteLock removed after reader noted it spies on visitors. A reminder that all site security programs spy on visitors and the host as does any "security" service, from personal to national and beyond.

SiteLock is a service recommended by Web.com (Network Solutions), Cryptome's host, to daily check for malware.

Date: Thu, 06 Nov 2014 17:52:17 +0100
From: DC <chandes[at]noos.fr>
To: cryptome[at]earthlink.net
Subject: SiteLock and Cookies inside cryptome.org !!!

Quand j'accède à cryptome.org,
    il veut accéder à shield.sitelock.com
plus précisément Ã
http://shield.sitelock.com/shield/CRYPTOME.ORG

Je bloque cet accès et j'ai accès à cryptome.org
MAIS
en fournissant l'image de garantie
*  il trace le visiteur du site sur un site tiers
*  il laisse deux (ou quatre cookies)
dont un (ou deux) ont une durée de un an
de quoi s'agit-il donc ?


De quelque chose d'américain (US)
 *qui trace les accès à cryptome.org*
Je suis surpris que l'équipe de John Young
ait pu souscrire à ce service *traceur*

merci pour les informations publiées
DC

==== courtesy translation=========
Whenever I go today 2014-11-06 to cryptome.org site
it tries to get me to access shield.sitelock.com
to obtain the image
http://shield.sitelock.com/shield/CRYPTOME.ORG

I deny this access and have access to cryptome.org

What is it ?
It is an american web service hosted between Chicago
(http://shield.sitelock.com/ SingleHop, Inc)
and Florida (sitelock.com Incapsula Inc.)
that annonces continuously securing web sites

BUT by delivering its seals in the page,
* it trace the visitors of the "secured" site
* and it use TWO (or FOUR ?) Cookies
one(/two?) of which being of one year duration :
What are they for ?

I ma surprised that John Young Team used such a service.

Thanks for the mega information delivered to the public
DC

P.S.
line 5
< <META name="sitelock-site-verification" content="6501" />>

line 35/36
<A href="#" onclick="window.open
('https://www.sitelock.com/verify.php?site=CRYPTOME.ORG','SiteLock',
'width=600,height=600,left=160,top=170');"> <IMG alt="website security" title="SiteLock" src="//shield.sitelock.com/shield/CRYPTOME.ORG"/></A>

=========================================================================
========
tentative d'analyse :  =====

0.  http://blog.sitelock.com/

en Français (diffuseur en France du service qui collecte des données à *l'insu de *)
http://www.mustangtechno.com/hebergement/sitelock/?lang=fr
DEUX traceurs profileurs masqués vus
dont *Google-Analytics compte n°'UA-21816605-5'] TROIX COOKIES dont deux pour SiteLock.com pourtant site bloqué par mes soins ???
http://shield.sitelock.com/shield/mustangtechno.com)
http://www.mustangtechno.com/hosting/sitelock/


http://blog.sitelock.com/category/sitelock-products/
...
TrueShield is SiteLock’s web application firewall.
...
 SiteLock Malware Automated Removal Tool or SMART
....

A. http://shield.sitelock.com/
403 Forbidden

http://shield.sitelock.com/shield/
404 Not found

une image 117x67 pixels
CRYPTOME.ORG SiteLock Secure passed 06-Nov-2014
http://shield.sitelock.com/shield/CRYPTOME.ORG
*MAIS DEUX Cookies dont un d'un an pour .sitelock.com (visid_incap_45800)


A1. NSLookUp; <<>> DiG 9.4.3-P3 <<>> shield.sitelock.com any +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
shield.sitelock.com.    1800 IN AAAA 2002:adec:2652::adec:2652
shield.sitelock.com.    86400 IN A 184.154.178.164
sitelock.com.           86400 IN NS ns10.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns14.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns11.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns13.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns12.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns15.dnsmadeeasy.com.


; <<>> DiG 9.4.3-P3 <<>> -x 184.154.178.164 any +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
164.178.154.184.in-addr.arpa. 42187 IN PTR shieldlb02.sitelock.com.


A2. ROBTEX
https://www.robtex.com/en/advisory/dns/com/sitelock/shield/#records

SHIELD.SITELOCK.COM     2002:ADEC:2652::ADEC:2652               
2002::/16 RFC3068-WIDEXS
AS12779 ITGATE IT.Gate S.p.A.   
184.154.178.164 SHIELDLB02.SITELOCK.COM 
184.154.0.0/16 SINGLEHOP
SINGLEHOP
AS32475 SINGLEHOP SingleHop, Inc.       Chicago, United States

SITELOCK.COM    SITELOCK.COM    199.83.128.143  199.83.128.143.IP.INCAPDNS.NET  
199.83.128.0/24 Incapsula Inc.
INCAPSULA
AS19551 Incapsula Incapsula.com United States
199.83.134.143  199.83.134.143.IP.INCAPDNS.NET  
199.83.134.0/24 Incapsula Inc.
INCAPSULA
Dover, United States


B.  http://www.sitelock.com ===> https://www.sitelock.com/



nsLookup
; <<>> DiG 9.4.3-P3 <<>> sitelock.com any +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
sitelock.com.           86400 IN SOA ns10.dnsmadeeasy.com. dns.dnsmadeeasy.com. (
                                2009010259 ; serial
                                43200      ; refresh (12 hours)
                                3600       ; retry (1 hour)
                                1209600    ; expire (2 weeks)
                                180        ; minimum (3 minutes)
                                )
sitelock.com.           86400 IN NS ns14.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns15.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns12.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns10.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns11.dnsmadeeasy.com.
sitelock.com.           86400 IN NS ns13.dnsmadeeasy.com.
sitelock.com.           1800 IN A 199.83.128.143
sitelock.com.           1800 IN A 199.83.134.143
sitelock.com.           1800 IN MX 30 aspmx2.googlemail.com.
sitelock.com.           1800 IN MX 30 aspmx4.googlemail.com.
sitelock.com.           1800 IN MX 30 aspmx3.googlemail.com.
sitelock.com.           1800 IN MX 10 aspmx.l.google.com.
sitelock.com.           1800 IN MX 20 alt1.aspmx.l.google.com.
sitelock.com.           1800 IN MX 30 aspmx5.googlemail.com.
sitelock.com.           1800 IN MX 20 alt2.aspmx.l.google.com.
sitelock.com.           1800 IN SPF "v=spf1 mx ip4:99.198.118.218 ip4:173.236.57.86 ip4:208.93.135.147 ip4:108.178.34.206 ip4:96.43.144.0/20 ip4:182.50.76.0/22 ip4:202.129.242.0/23 ip4:204.14.232.0/21 ip4:62.17.146.128/26 ip4:64.18.0.0/20 ip4:207.126.144.0/20" " include:_spf.google.com  include:mktomail.com ~all"
sitelock.com.           1800 IN TXT "v=spf1 mx ip4:99.198.118.218 ip4:173.236.57.86 ip4:208.93.135.147 ip4:108.178.34.206 ip4:96.43.144.0/20 ip4:182.50.76.0/22 ip4:202.129.242.0/23 ip4:204.14.232.0/21 ip4:62.17.146.128/26 ip4:64.18.0.0/20 ip4:207.126.144.0/20" " include:_spf.google.com  include:mktomail.com ~all"


; <<>> DiG 9.4.3-P3 <<>> -x 199.83.128.143 any +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
143.128.83.199.in-addr.arpa. 300 IN PTR 199.83.128.143.ip.incapdns.net.

Whois : enregistré chez Whois.GoDaddy.com
depuis le Creation Date: 2000-11-21 04:52:22

Registrant Name: Site Lock
Registrant Organization: SiteLock
Registrant Street: 1637 Race Track Rd
Registrant Street: Suite 203
Registrant City: Saint Johns
Registrant State/Province: Florida
Registrant Postal Code: 32259
Registrant Country: United States
Registrant Phone: 877-257-9263
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: tech[at]sitelock.com
Registry Admin ID:

https://www.robtex.com/en/advisory/dns/com/sitelock/#whois
SITELOCK.COM    199.83.128.143  199.83.128.143.IP.INCAPDNS.NET  
199.83.128.0/24 Incapsula Inc.
INCAPSULA
AS19551 Incapsula Incapsula.com United States
199.83.134.143  199.83.134.143.IP.INCAPDNS.NET  
199.83.134.0/24 Incapsula Inc.
INCAPSULA
Dover, United States