Netcraft.com Site Report

0 views

Skip to first unread message

Damaris

unread,

Aug 5, 2024, 2:34:30 AM8/5/24

to letengsforin

WhenI get a phishing email, I first forward it to Netcraft (sc...@netcraft.com) and PhishTank. I copy the URL from the lure, then use the Report > Report Phishing option in Outlook to report the phish to Microsoft:

One criticism against adding advanced features to browsers to allow analysis or recognition of phishing sites is that the vast majority of users will not be able to make effective use of them. For instance, features like domain highlighting (showing the eTLD+1 in bold text) are meaningless to 99% of users.

Beyond my immediate answer (yes), I have personal evidence of the impact. One of my happiest memories of working on the IE team was when the SmartScreen team looked up how many potential victims my phish reports blocked. I shared with them my private reporter ID and they looked up my phishing reports in the backend, then cross-referenced how many phishing blocks resulted from those reports. The number was well into the thousands.

Beyond the immediate blocks, threat reports these days are also used by researchers to identify phishing toolkits and campaigns, and new techniques phishers are adopting. Threat reports are fed into AI/ML models and used to train automatic detection of future campaigns, making the life of phishers more difficult and less profitable.

Hello there! Idk is out of the ordinary but I am just slightly concerned. So I use chrome, I have an ad block, and I was reading comics but Norton said "Malicious Domain: Malicious Site Request 22" and then said "No action required", from what I read it has something to do with the site having ads or attempting to redirect me to an ad, but I just want to confirm there is nothing to worry about?

Web Ads/Analytics

Sites that provide online advertisements, banners, or the means to identify and market to existing or potential customers based on their browsing or online purchasing habits including but not limited to Web analytics sites such as visitor tracking and ranking sites. Includes social plugins and analytics that allow site visitors to share, vote for, or signal their appreciation of a site or its content (e.g. Facebook "Like" or Google "+1" plugins).

Apparently it happened 3 times today, two times by versionslent and one time by goomaphy. I havent downloaded anything or clicked any links so is this a cause for concern, because I do have an ad block and the site i read comics on definitely had alot of ads before i had the ad block.

thehood83:

I mean it sounds safe, I have been using this site for years and never once had a problem before, but just half an hour ago i got an alert stating the following "Web Attack Unwanted Push Advertisement 8" when I was on incognito on google, cause for concern there?

No clue, for some reason my ad block does not work on incognito (honestly it really picks n chooses) but I know these warnings popped up a month ago too, but nothing has come from them. I think it could be an advertisement or whatever, so thank you for your help. I greatly appreciate it!

as test: extensions

uBlock Origin works, my side, with Chrome Incognito window

Malwarebytes Browser Guards works, my side, with Chrome Incognito window

AdGuard works, my side, with Incognito window

Oh I see, you have a the Norton web safe thing, I use an ad block i got off chrome extension, which could explain some things. But also, I can be a very paranoid individual, so honestly speaking do you think I should be okay? Can everything seems to be functioning just fine!

Yes, I run Norton Safe Web extension with Chrome profile 2 for testing. I have uBlock Origin & Malwarebytes Browser Guard extensions with Chrome default profile.

What's your Chrome extension ad blocker?

I'd like to see if it'll work with Chrome Incognito window. My Chrome extensions run in Chrome Incognito window.

Malicious Sources/Malnets

Sites that host or distribute malware or whose purpose for existence is as part of a malicious network (malnet) or the malware ecosystem. Malware is defined as software that takes control of a computer, modifies computer settings, or collects or reports personal information without the permission of the end user. It also includes software that misrepresents itself by tricking users to download or install it or to enter personal information. This includes sites or software that perform drive-by downloads; browser hijackers; dialers; any program that modifies your browser homepage, bookmarks, or security settings; and keyloggers. It also includes any software that bundles malware (as defined above) as part of its offering. Information collected or reported is "personal" if it contains uniquely identifying data, such as email addresses, name, social security number, IP address, etc. A site is not classified as malware if the user is reasonably notified that the software will perform these actions (e.g., it alerts that it will send personal information, be installed, or that it will log keystrokes).

AdBlock started blocking intrusive ads the moment it was installed. But you may see a few non-intrusive ads on some sites. We try to be good web neighbors by striking a balance between protecting you from bad ads and depriving responsible sites of the revenue they need to provide the content you love. You can opt out now or turn this setting on or off later in AdBlock's options. It's your choice, always.

1) good thing? I think bad thing.

2) thehood83:

In regards to the "Web Attack: Unwanted Push Advertisement Website 8" I got this morning, the attacker url was rndskittytor, have you seen something like this before?

Malwarebytes offers free second opinion on-demand scanner.

Malwarebytes Malware Removal Help offers free one-on-one help.

Malwarebytes staff & experts help all. Malwarebytes subscription is not needed.

Gen trademarks or registered trademarks are property of Gen Digital Inc. or its affiliates. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

The other day I was looking for some old software and accidentally fell into the trap of clicking on a malware web site. The web site proceeded to download a file (which I cancelled) then redirected the browser to a fake National Security Agency (NSA) site.

This was a malware, or rather a ransomware site, at enforcement-dymcxcci-engine.in/law_enforcement/ that said I was in danger of being prosecuted for downloading an illegal file, that my browser was now locked, and that my computer files were now being encrypted. The page also said to avoid any further action I could send the site authors $300 via Moneypak. All of which are, of course, a load of crap.

These pop-ups do have a useful purpose. For example, if a form has not been completed or filled in correctly then a pop-up of this sort can ask if the user is really sure that they want to navigate away from the page. Facebook uses it when a post has not yet been completed

These pop-ups are nearly always written in the standard web browser programming language, JavaScript. Almost any event can cause the script to be run, any mouse movement, for example, but it is becoming increasingly common for authors to use onbeforeunload.

This form of ransomware is not a virus attack, but there some that are. No files, in this form anyway, are downloaded to your computer. Unfortunately in IE and Chrome it will stop any further navigation in any other tab until the JavaScript is dealt with. In Firefox the dialog box is modal to the tab not the entire browser so, unless the script is more sophisticated the other tabs can be used with no problems.