« previous next »
Pages: [1]   Go Down

Author Topic: Trash that should be blocked?  (Read 982 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
Trash that should be blocked?
« on: November 18, 2017, 02:57:56 PM »
With a monitoring service I see connections to -62.76.24.80 -srv80.ybw.ru & -185.63.188.123 -nolan.kintav,.ru
where a link to htxp.fwservices.com gets blocked because of an existing blocklist I subscribed to with uBlock Origin.

Consider messages on https://trashbox.ru/link/tvzavr-android
Redirecting to -https://marketium.ru/rejting-zhen-2/ for example where one needs AdRemover cleansing for 21 objects,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
Re: Trash that should be blocked?
« Reply #1 on: November 19, 2017, 01:38:06 PM »
All that traffic started after installing this Google Chrome extension from the Google Webshop:
-https://chrome.google.com/webstore/detail/minerblock-%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B0-%D0%BC%D0%B0%D0%B9/jdkbipcangaabpfffdcffcneenkilajh/related

Nothing detected on VT nor here: https://www.malwares.com/report/ip?ip=74.125.124.113
but 11 here were malicious: https://www.malwares.com/report/host?host=apps.google.com

Is this extension suspicious? Nothing specific here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fchrome.google.com%2Fwebstore%2Fdetail%2Fminerblock-%25D0%25B1%25D0%25BB%25D0%25BE%25D0%25BA%25D0%25B8%25D1%2580%25D0%25BE%25D0%25B2%25D0%25BA%25D0%25B0-%25D0%25BC%25D0%25B0%25D0%25B9%2Fjdkbipcangaabpfffdcffcneenkilajh%2Frelated

Anyone? error
Quote
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
www.gstatic.com/hosted/picturefill/picturefill.min.js benign
[nothing detected] (script) wXw.gstatic.com/hosted/picturefill/picturefill.min.js
     status: (referer=www.google-analytics.com/)saved 12983 bytes e25d78e4773c5ed2e99487db0964edad2206901b
     info: [decodingLevel=0] found JavaScript
     error: undefined variable b.implementation
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var b.implementation = 1;
          error: line:1: ....^
     info: [element] URL=wXw.gstatic.com/hosted/picturefill/undefined
One gets such an error when one tries to access an undefined index of an array (pol).

polonus (volunteer website security analyst and website error-hunter)

P.S.
Quote
President Vladimir Putin has ordered the government to create legislation governing the status of bitcoin, other cryptocurrencies, mining, initial coin offerings, as well as defining everything that relates to digital money by July 2018.
« Last Edit: November 19, 2017, 02:25:31 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »