bobbonomo

I'm not so convinced. The name is still registered with namecheap and probably still operates (ping = OVH Poland) using different URL parameters. I never contacted the hoster OVH. There will be others.

Seems to not respond any more. The registrar says so and so do my tests

FYI Here is a fake tech support which comes through: a red screen and audio (both emsi and norton) https: // stfebwehgbewhew.info /90t/?c5aeb99095434e0ftfn1d5aeb99095438a=(866)%20465-8113 It started as https: // stfebwehgbewhew.info /90t/?a=10012592&campid=46 from an ad from: adjustable .global. ssl. fastly. net I have the screenshots and all

The Norton one. The fingerprint must have been different The Emsisoft did miss a coin miner but I reported it in my coin miner thread and it was caught by Norton so I went to my other computer with Emsi to test just to see. I always have a CPU meter on so I would notice a spike for a new coin miner. Neither of these are dangerous so I don't worry much.

Just an update. Since then it has missed a coin miner and a fake site.

You targeted child port to which 99.999% of people would respond with "I don't care" [about my stuff being discoverable (my editorial)]. People always zoom in on this point. That's not the point. Change the target. You are a journalist working in Liberia and your laptop is seized by that "benevolent government". One of your colleagues got popped. Now do you care? I can think of umpteen similar situations and go on and on. Privacy is privacy... the bad comes with the good. What's the alternative? Bring back the little man, from the 30s, with the funny moustache and hair. He would love what we got. NO not Charlie Chaplin.

If they grab your computer, they will also be looking at the physical disk sector by sector using a forensic program. They will look for keywords or all readable words then choose to look at words of interest and hunt. So you better wipe those "old" logs. Now what about all those temp files which are created and deleted on the fly by the apps and OS? So wipe the free space? At what frequency? Ah! You have a 53.7% full 3TB disk. How much time to do? What about all those trackers you leave around the world from all the SM platforms. If you are in that type of environment, then you might as well be using something like Tails (TOR app). Does not use the disk and wipes RAM memory and video before shutting down. I actually use my browser logs as a filing cabinet so I can search keywords for articles I have read. Regularly I clean it of fluff.

OK here is one: www. cdcovers. cc I checked the source. You know who would be in a position to catch all these? Google and Bing. They read all the sites in the world. If I can see coinhive.js so can they.

Since then I have not seen this on the computer which has emsisoft on it. But on my "reading" PC with Norton it has and they did not catch it so I put entries in my host file to disable the domain name which is the cause. ...and for me this usually happens when I read news from the Yahoo portal and now I have disabled js on that portal. Too bad for their ads. They need to get their spit together.

I am fairly sure those links I supplied have been taken down. I suspect they were compromised websites which have been "fixed".

Do you catch "Fake Tech Support" websites as a malware or PUPs or "BADware". I know this description is very vague. On my reading computer, in the kitchen, I use Norton and it actually catches the signature of these "Fake Tech Support" and blocks them. On this computer (my workhorse in the dungeon) I use EMSIsoft and remember one such attempt where I killed Firefox from the task manager. I seem to remember clicking X on top right did not work. I searched my history and found the incident which occurred March 6, 2018. It happened today with my "Norton" laptop so I immediately checked it out using Phantomjs. It did a screen capture and got the html code. It is the same image I remember from my "EMSI" computer; a big ominous red screen made to look like it came from Windows.com Am not sure what to supply you for testing. What else would you need? I took apart the URLs below: Here is the Norton warning: This URL now does not produce the same output using Phantomjs as it did above. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacker URL 2018-03-18 12:12:06,High,An intrusion attempt was blocked.,Blocked,No Action Required,Web Attack: Fake Tech Support Website 164,No Action Required,No Action Required,https: // ar2multimedia. com/iops/?c5aae9281817410ftfn1d5aae928181776=(888) 558-3089 Network traffic was detected that matches the signature of a known attack. The attack was resulted from C:\Program Files (x86)\Mozilla Firefox\firefox.exe. Previous to this blocked attack I see in my history: https: // getmediajobs. org/?pageid=15aae8fbc74559 On this PC from my history of March 6, 2018 I see: https: // avalon-webdesign. com/dsp/?gidvdata=15a9eed1b61543 which then went to: https: // 254ads. com/iops/?c5a9eed9b711720ftfn1d5a9eed9b711a8=(866)%20203-9964 I know it always comes from reading Yahoo News and on March 6, 2018 I was reading: https: // ca.style.yahoo. com/video/lucy-hale-shares-her-firsts-170000090.html OK just read it was not only a Yahoo problem. Google was hit last Thursday the 16 by the same type of attack search ZDNET for: Yet again, Google tricked into serving scam Amazon ads Same difference for us EMSIsoft users

I'm really hoping not to find any more.

I thought so. Now the obvious question is why did I have to report it? You are not alone. I submitted the site mentioned above to virustotal.com Jan. 29, 2018 and it was green lights everywhere. I never got around to EMSIsoft to discuss it. I realise it is hard to catch by just analysing the code on the web page. Looks just like regular javascript code. It's the call to the js library on dynamic-dns.net which does the damage. This guy here: https: // greenindex .dynamic-dns.net / jqueryeasyui.js

Is Coin Mining javascript in a website considered malware to EMSIsoft? If not why not. If yes then you missed this version which Norton caught. On this machine with EMSI, the URL did raise the CPU level. I killed JS and the CPU went down. Norton is on another machine. The JS code which starts the process is at the bottom of the page just before end body and html tags. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacker URL 2018-02-14 11:29:49,High,An intrusion attempt was blocked.,Blocked,No Action Required,Web Attack: JSCoinminer Download 8,No Action Required,No Action Required, https: // www. top-password. com / firefox-password-recovery.html Network traffic was detected that matches the signature of a known attack.

OK 5935 seems to have solved it