Krypton Security

Browser Information

Network

By knowing your IP and your real hostname, you can often be geolocalized (city or state), and an attacker could know your ISP to begin with a social engineering attack (forging emails from your ISP, or calling you on behalf of them to solve a problem of payment)

Network Address:

This is your IP Address, i.e. the way you're publicly known on Internet.

Hostname:

Refers to the IP and reflects info about your ISP.

Location

We used your IP to try to geolocate you, and the accuracy depends on the way your ISP provides you your IP. This info can be useful in a social engineering attack, or to send perfectly geo-targeted spam. That's basically what dating (or ewhoring/porn) websites do.

Country: City: Region: Latitude: Longitude: Postal Code:

Browser

All the below informations have been sent through javascript by your browser. Each one of these items can possibly give some info, but all combined together, this gives a "footprint" of your system. When you combine the "cookies" info, the browser footprint (User Agent + installed plugins) and the IP, you can know a lot about somebody.

User Agent:

Describes the browser (Internet Explorer, Chrome, Firefox, Opera, Safari, etc) you're using, its version and your Operating System. This info can be used in order to automatically check if, according to its version, your browser has faults. The OS section can give info to a hacker in order to refine the way he's going to attack you (you don't install the same malware on Windows or on Mac OS). Last thing : it's very rare, but some online shops rise their prices by a couple of % if the visitor is running a recent Mac...

Cookies:

If you don't have your cookies enabled, it may give a hacker the info that you're either a bot, or somebody very concerned by security and online privacy. By enabling a persistent cookie (i.e. "evercookie"), a hacker could litterally mark you with a branding iron, so that even if your change your IP, he can still follow your moves. This info, combined with all the IPs you used, can be very useful to know what are the places you often visit, etc.
Shared cookies between websites are also a good source of info : some websites deliver a couple of cents to website editors if they share their infos with them. For example, you enter your zip code into a box to get grocery coupons around your place, and the coupon delivering website records this data and then resells it to third parties so that they can send you ultra targeted spam/ad.

Java:

Lots of faults are carried by Java, which can provide a total access to the system of the victim, if not up to date.

Plugins:

Again, the version of the installed plugins on your browser can give info to a possible vector of attack, using a particular version of the plugin. Anyway, it's part of the footprint delivered by the browser.

Operating System

As mentioned before, the OS can be a useful info to design targeted payloads.

System: Screen Resolution:

This info can be useful to visually "cloak" information (to hide it, using a text-indent of -9000px), or to create targeted phishing page.

Social Networks

Knowing which one of the social network you use is a gold info, and this can be used as the first step of a social engineering attack. Some "clickjacking" tactics designed to make you "like" or "+1" pages without your consent nor your knowledge are a good start to start spamming your "wall / timeline" or to gain access to private info. Another way to dig into this info is to start searching your identity (with your email if you left it on the same website for example)

Facebook: Google: GooglePlus: Twitter:

Whois Record

This is the info given with your IP. With this info, a hacker can precisely know what is your ISP, if your connected through a VPN or not, etc.