bobbonomo

Member
  • Content Count

    64
  • Joined

  • Last visited

  • Days Won

    2

bobbonomo last won the day on November 3

bobbonomo had the most liked content!

Community Reputation

2 Neutral

About bobbonomo

  • Rank
    Active Member

Profile Information

  • Gender
    Male
  • Location
    Montreal Canada
  • Interests
    GOOD beer

Contact Methods

  • Yahoo
    mydumbsite#yahoo.com

Recent Profile Visitors

3120 profile views
  1. bobbonomo

    Fake Tech Support websites

    I'm not so convinced. The name is still registered with namecheap and probably still operates (ping = OVH Poland) using different URL parameters. I never contacted the hoster OVH. There will be others.
  2. bobbonomo

    Fake Tech Support websites

    Seems to not respond any more. The registrar says so and so do my tests
  3. bobbonomo

    Fake Tech Support websites

    FYI Here is a fake tech support which comes through: a red screen and audio (both emsi and norton) https: // stfebwehgbewhew.info /90t/?c5aeb99095434e0ftfn1d5aeb99095438a=(866)%20465-8113 It started as https: // stfebwehgbewhew.info /90t/?a=10012592&campid=46 from an ad from: adjustable .global. ssl. fastly. net I have the screenshots and all
  4. bobbonomo

    Fake Tech Support websites

    The Norton one. The fingerprint must have been different The Emsisoft did miss a coin miner but I reported it in my coin miner thread and it was caught by Norton so I went to my other computer with Emsi to test just to see. I always have a CPU meter on so I would notice a spike for a new coin miner. Neither of these are dangerous so I don't worry much.
  5. bobbonomo

    Fake Tech Support websites

    Just an update. Since then it has missed a coin miner and a fake site.
  6. You targeted child port to which 99.999% of people would respond with "I don't care" [about my stuff being discoverable (my editorial)]. People always zoom in on this point. That's not the point. Change the target. You are a journalist working in Liberia and your laptop is seized by that "benevolent government". One of your colleagues got popped. Now do you care? I can think of umpteen similar situations and go on and on. Privacy is privacy... the bad comes with the good. What's the alternative? Bring back the little man, from the 30s, with the funny moustache and hair. He would love what we got. NO not Charlie Chaplin.
  7. If they grab your computer, they will also be looking at the physical disk sector by sector using a forensic program. They will look for keywords or all readable words then choose to look at words of interest and hunt. So you better wipe those "old" logs. Now what about all those temp files which are created and deleted on the fly by the apps and OS? So wipe the free space? At what frequency? Ah! You have a 53.7% full 3TB disk. How much time to do? What about all those trackers you leave around the world from all the SM platforms. If you are in that type of environment, then you might as well be using something like Tails (TOR app). Does not use the disk and wipes RAM memory and video before shutting down. I actually use my browser logs as a filing cabinet so I can search keywords for articles I have read. Regularly I clean it of fluff.
  8. bobbonomo

    JSCoinminer Download 8

    OK here is one: www. cdcovers. cc I checked the source. You know who would be in a position to catch all these? Google and Bing. They read all the sites in the world. If I can see coinhive.js so can they.
  9. bobbonomo

    Fake Tech Support websites

    Since then I have not seen this on the computer which has emsisoft on it. But on my "reading" PC with Norton it has and they did not catch it so I put entries in my host file to disable the domain name which is the cause. ...and for me this usually happens when I read news from the Yahoo portal and now I have disabled js on that portal. Too bad for their ads. They need to get their spit together.
  10. bobbonomo

    Fake Tech Support websites

    I am fairly sure those links I supplied have been taken down. I suspect they were compromised websites which have been "fixed".
  11. Do you catch "Fake Tech Support" websites as a malware or PUPs or "BADware". I know this description is very vague. On my reading computer, in the kitchen, I use Norton and it actually catches the signature of these "Fake Tech Support" and blocks them. On this computer (my workhorse in the dungeon) I use EMSIsoft and remember one such attempt where I killed Firefox from the task manager. I seem to remember clicking X on top right did not work. I searched my history and found the incident which occurred March 6, 2018. It happened today with my "Norton" laptop so I immediately checked it out using Phantomjs. It did a screen capture and got the html code. It is the same image I remember from my "EMSI" computer; a big ominous red screen made to look like it came from Windows.com Am not sure what to supply you for testing. What else would you need? I took apart the URLs below: Here is the Norton warning: This URL now does not produce the same output using Phantomjs as it did above. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacker URL 2018-03-18 12:12:06,High,An intrusion attempt was blocked.,Blocked,No Action Required,Web Attack: Fake Tech Support Website 164,No Action Required,No Action Required,https: // ar2multimedia. com/iops/?c5aae9281817410ftfn1d5aae928181776=(888) 558-3089 Network traffic was detected that matches the signature of a known attack. The attack was resulted from C:\Program Files (x86)\Mozilla Firefox\firefox.exe. Previous to this blocked attack I see in my history: https: // getmediajobs. org/?pageid=15aae8fbc74559 On this PC from my history of March 6, 2018 I see: https: // avalon-webdesign. com/dsp/?gidvdata=15a9eed1b61543 which then went to: https: // 254ads. com/iops/?c5a9eed9b711720ftfn1d5a9eed9b711a8=(866)%20203-9964 I know it always comes from reading Yahoo News and on March 6, 2018 I was reading: https: // ca.style.yahoo. com/video/lucy-hale-shares-her-firsts-170000090.html OK just read it was not only a Yahoo problem. Google was hit last Thursday the 16 by the same type of attack search ZDNET for: Yet again, Google tricked into serving scam Amazon ads Same difference for us EMSIsoft users
  12. bobbonomo

    JSCoinminer Download 8

    I'm really hoping not to find any more.
  13. bobbonomo

    JSCoinminer Download 8

    I thought so. Now the obvious question is why did I have to report it? You are not alone. I submitted the site mentioned above to virustotal.com Jan. 29, 2018 and it was green lights everywhere. I never got around to EMSIsoft to discuss it. I realise it is hard to catch by just analysing the code on the web page. Looks just like regular javascript code. It's the call to the js library on dynamic-dns.net which does the damage. This guy here: https: // greenindex .dynamic-dns.net / jqueryeasyui.js
  14. Is Coin Mining javascript in a website considered malware to EMSIsoft? If not why not. If yes then you missed this version which Norton caught. On this machine with EMSI, the URL did raise the CPU level. I killed JS and the CPU went down. Norton is on another machine. The JS code which starts the process is at the bottom of the page just before end body and html tags. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacker URL 2018-02-14 11:29:49,High,An intrusion attempt was blocked.,Blocked,No Action Required,Web Attack: JSCoinminer Download 8,No Action Required,No Action Required, https: // www. top-password. com / firefox-password-recovery.html Network traffic was detected that matches the signature of a known attack.
  15. bobbonomo

    The FF slow start - 22 seconds

    OK 5935 seems to have solved it