• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos1 Stats

H.B.’s Security Round-up 5-19-19.

One of the first to report on is: 34.237.153.102.  For this IP, Norton 360 blocked three [3] instances where this attempted to install Fake Flash Player Download 19:

Safe Web is currently in the dark: https://safeweb.norton.com/report/show_mobile?name=34.237.153.102

Although whois.domaintools.com indicates that this IP is registered to: United States Ashburn Amazon Technologies Inc., the overall site that triggered this may have been aniviewDOTcom. 

PC Mag published a piece not speaking too highly of Aniview: https://www.pcmag.com/news/367346/video-ad-fraud-has-been-draining-phone-batteries 

Next up, a lead from a fellow Safe Web reviewer concerning: topmusicsDOTinfo.  She had mentioned about the inappropriate content with respect to a specific link, but, there was so much more (threatwise) to be paying attention to.  Upon entry to her specific link with respect to the site, i was confronted with malicious IP: 188.72.215.59 launching two [2] attacks: Malicious Domain Request 22:

Safe Web is in the dark with respect to topmusicsDOTinfo:

https://safeweb.norton.com/report/show_mobile?name=topmusics.info  With respect to the specific link the user visited, VirusTotal deemed it safe (which, obviously, it wasn’t) however, just running the generic site without the specific extension into V.T. indicated 'malicious' via Quttera:

From my past research, visiting “.info” domains more often than not, proved problematic….

What i hadn’t realised at first was, there was also additional fallout due to visiting this site revealed in the Norton Security Logs (NSL):

Ucheephu, revealed as: Local or Remote Attacker II.  By the way, Safe Web, once again, in the dark concerning the site:

https://safeweb.norton.com/report/show?url=ucheephu.com 

Next topic, fraudulent e-mail scam going out to people:

Claiming that you have “unread messages” from Apple Support, yet, the message stems from “slaterinsurance”.  Don’t be fooled. Don’t click the links in this scam.  Safe Web in the dark with respect to “slater”:

https://safeweb.norton.com/report/show?url=slaterinsurance.com 

Rounding out this security report, are some questionable e-mail links:

As you can imagine, Safe Web in the dark with respect to just about all of them:

https://safeweb.norton.com/report/show?url=milankuran.com

https://safeweb.norton.com/report/show?url=footswitch.cl

https://safeweb.norton.com/report/show?url=asiatech.ir (Although Safe Web does indicate GREEN on this one, perhaps, because i have received a potentially dangerous communication stemming from that extension, they might want to still re-evaluate the safety of that domain)

https://safeweb.norton.com/report/show?url=amico.org.ar

Regards,

H.B. 

Replies

Kudos1 Stats

Re: H.B.’s Security Round-up 5-19-19.

Hello H B

I will once again submit this to Safe Web. This time I am going to mention that you are a reviewer for Community Buzz and that is where you are getting these sites from, This time I can see that your Norton is catching some of them and giving you more sites to check up on..

Please stay tuned to this thread for a response from the Safe Web Team on Sunday night after midnight EDT. No promises though again, sorry.

Have a Nice Day and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.2.47 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: H.B.’s Security Round-up 5-19-19.

Hi Hammer_Bro,

Of all the domains, you have listed, we were able to find malicious content only in 'topmusics.info'. The rating should reflect as malicious in a few hours.

https://safeweb.norton.com/report/show?url=topmusics.info

For the other domains, we could not find any malicious content to provide a rating. Hence they will remain untested in safeweb.norton.com.

Cops

Kudos1 Stats

Re: H.B.’s Security Round-up 5-19-19.

COPS explains-

For the other domains, we could not find any malicious content to provide a rating. Hence, they will remain untested in safeweb.norton.com.”

Hmmmm….  That does not inspire an overwhelming degree of confidence, my dear.  For the mere fact that N360 BLOCKED three [3] separate attempts to install a fake flash player from IP 34.237.153.102, that should absolutely reflect RED in Norton Safe Web.

Ucheephu was flagged as “Local or Remote Attacker: 2” so, correspondingly, that should be RED in Safe Web.

Further, Google Security has flagged those questionable e-mail communication domains: “Similar messages were used to steal people’s personal information…”  So, at the very least, those should reflect the orange caution in Safe Web.  Just leaving things with the “gray question mark”, will leave open an unnerving door of possibility that users may not be warned and fall unnecessarily into traps.  We must endeavour to improve Safe Web, especially when warnings have been provided.

Regards,

H.B.    

Kudos0

Re: H.B.’s Security Round-up 5-19-19.

Hammer_Bro:

Hmmmm….  That does not inspire an overwhelming degree of confidence, my dear.  For the mere fact that N360 BLOCKED three [3] separate attempts to install a fake flash player from IP 34.237.153.102, that should absolutely reflect RED in Norton Safe Web.

 

Kudos1 Stats

Re: H.B.’s Security Round-up 5-19-19.

Hello H B I will notify cops that you have responded to them. Have a Nice Day and Thanks
Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.2.47 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: H.B.’s Security Round-up 5-19-19.

Hi HB,

As bjm_ has pointed out, the IP 34.237.153.102 is currently 404 and the domain 'ucheephu.com' redirects to Google. Hence they do not qualify to be rated malicious in Safeweb.

Cops