• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos1 Stats

Check This Website's Safety

Hello.

The site below is currently being detected as malicious only by Norton, Sucuri Site Check and Webroot.

https :// celebrity-leaks . net/

Norton has classified it as Malicious Site and is also blocking it by IPS, other than Safe Web.

Webroot has classified the site as Malware Sites.

But none of them points to the threat exactly.

Sucuri Site Check EXACTLY points to the malicious code in the site which can be found in the links below:

https://sitecheck.sucuri.net/results/https/celebrity-leaks.net

https://labs.sucuri.net/db/malware/malware.cryptominer.3

=====

Actually it shows that the site contains a Coin Hive script in it.

I already sent the site to Norton Safe Web for analysis SEVERAL TIMES.

Everytime Norton re-classified the site as Malicious without any notice of the malicious code!

Meanwhile, I sent the site to Kaspersky, McAfee, Malwarebytes and Trend Micro for further analysis. THEY ALL CONFIRMED that the site is clean and is being detected as malicious by other security services mistakenly.

So, one more time I decided to send the site to Norton Safe Web Team (this time thru this topic) for DEEPER analysis to see if the site is really clean!

I'll wait for a response from any Norton Safe Web employee.

Thank you in advance.

Replies

Kudos0

Re: Check This Website's Safety

Pitbull2020: I'll wait for a response from any Norton Safe Web employee.

Um, have you considered while waiting for response from Norton Safe Web employee that any website may have a history (past-present-future) of infections and vendors may have different determinate site reputation rating criteria.  

Have you considered that Norton Safe Web site reputation rating re 'celebrity-leaks.net' is not real-time analysis. 
https://safeweb.norton.com/report/show?url=celebrity-leaks.net
--
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30998


Webroot BrightCloud: 'celebrity-leaks.net'

Maybe, 'celebrity-leaks.net' does not have Reputation Influences by vendor criteria to be deemed okay, at this time.   
Just me. Just saying. 

Kudos0

Re: Check This Website's Safety

BTW ~ when I disabled my website content filters on 'celebrity-leaks.net' ... my machine experienced faux virus-support alert.  

Kudos0

Re: Check This Website's Safety

Hello Pittbull

According to Safe Web, the location of the malware is this.

Threat Name:

Malicious Site: Malicious Domain Request 16

Location:

https:     //celebrity-leaks.   net/

This is what the Threat Name means.

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30998

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.2.47 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: Check This Website's Safety

Hello, bjm_

Yes, I know all of the things you explained.

Yes, I already checked the site's history on Webroot BrightCloud. As you can see, the site has been infected 370 times in the PAST. Actually, we don't know whether it's infected now or not.

Yes, I know that Norton Safe Web is NOT a real-time service and that's so bad. :(

Yes, MAYBE you're right. MAYBE the site doesn't meet the criteria Norton wants it to have.

But I still insist that the Safe Web Team re-check the site.

And at last, thank you for the screenshot you shared with us! ;)

========

Hello, floplot.

My username contains only one (t). It's being written like Pitbull; not Pittbull. :D

I already checked the page you shared. And let me mention that the last time IT WAS ME who sent this site to Norton Safe Web and asked them to BLOCK it and also block it by IPS with the message: Malicious Domain Request. That's why that page shows such a message! :D

Now, after I found that Kaspersky, McAfee, Malwarebytes and Trend Micro shows the site as clean, I decided to double-check the site with Norton Analysts.

I'm still waiting for a response from them.

I would appreciate if someone who have contacts with them, inform them of this topic.

Kudos0

Re: Check This Website's Safety

Hi Pitbull2020,
I'd luv to know what website content filters you're running.   Along with the x-rated content and redirects on celebrity-leaks.net.  I get for example: faux Flash Player update with my website content filters disabled.  

Kudos0

Re: Check This Website's Safety

Hello again, bjm_

Thank you for the reply. I use Adblock Plus on my Firefox. It closes almost all annoying ads and pop-up windows and even sometimes miner codes in websites. In addition, I use No Coin and No Miner add-ons on Firefox which blocks miner codes in websites, in particular.

Accepted Solution
Kudos1 Stats

Re: Check This Website's Safety

Pitbull2020:

Hello again, bjm_

Thank you for the reply. I use Adblock Plus on my Firefox. It closes almost all annoying ads and pop-up windows and even sometimes miner codes in websites. In addition, I use No Coin and No Miner add-ons on Firefox which blocks miner codes in websites, in particular.

Yeah, so you suspect celebrity-leaks.net is mis-categorized by Norton even though you're filtering website content?
Does No Coin or No Miner report miners on celebrity-leaks.net?

Pitbull2020:  I sent the site to Kaspersky, McAfee, Malwarebytes and Trend Micro for further analysis. THEY ALL CONFIRMED that the site is clean and is being detected as malicious by other security services mistakenly.

As we know celebrity-leaks.net offers dozens of embedded links n' content, pop-ups, ads and redirects.  Maybe, some vendors only classify the static celebrity-leaks.net home page vs. other vendors dig deeper. 
Random repeated clicking numerous site links sans my website content filters tells me the site is not "clean" by my criteria.  
Just me.  Just saying.

FWIW ~ I agree with Norton > Malicious Site: Malicious Domain Request 16
https://safeweb.norton.com/report/show?url=celebrity-leaks.net

Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.

Description
You have attempted to visit a known malicious IP address. Visiting this web site could potentially put you at risk to becoming infected. Symantec's Network Threat Protection solution has prevented any potential infection attempts from occurring. You should not have to take any additional actions and are safe from infection. It is recommended that you do NOT visit this site.

Additional Information
You have been prevented from accessing a known malicious IP address. It is recommended that you do NOT visit this site. 

[...]

Users can be silently infected just by visiting a web site with attacks known as drive-by downloads or social engineering attacks where misleading applications can attempt to trick users into installing fake antivirus solutions <here> or fake video players <here>.

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30998

Regards w Respect

Kudos0

Re: Check This Website's Safety

Yes, I didn't even check the site without my Blocker programs.

I'm convinced with those explanations that the site is dangerous.

Thank you anyway.

Kudos0

Re: Check This Website's Safety

Pitbull2020:

Yes, I didn't even check the site without my Blocker programs.

Yeah, I was able to check 'celebrity-leaks.net' without my content blocker/filters in browser sandbox.    
Cheers

Kudos0

Re: Check This Website's Safety

Hello Pitbull

Sorry about the misspelling of your username. My eye sight is not the best any more.

Since your issue is solved, could you please leave some Feedback for the Forum by clicking on the black and orange message on the upper right side of the page.? It looks like this.

Have a  Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.2.47 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Check This Website's Safety

Hello again, floplot.

Thank you for your comment. I left my feedback several days ago.

This thread is closed from further comment. Please visit the forum to start a new thread.