Solved.
Kudos0

Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 4:57AM · Edited: 27-Jul-2022 | 7:40AM · 8 Replies ·

Daily, I experience attacks from the above URL while using LinkedIn. Has anyone else out there experienced this issue? 7/27/2022 7:00:05 AM,Medium,An intrusion attempt by 156.146.59.248 was blocked.,Blocked,No Action Required,Malicious Site: Malicious Domain Request 22,No Action Required,No Action Required,"156.146.59.248, 443",https : //iluhruhru . xyz Network traffic from https: // iluhruhru . xyz matches the signature of a known attack.

Labels: Google Chrome, Intrusion Prevention, Popup, Windows 10
Accepted Solution
Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 29-Jul-2022 | 5:31AM · Edited: 29-Jul-2022 | 6:25AM · Permalink

JohnPaulJones:

Yes.  I believe it's the SalesQL Extension for Chrome.  It's designed to work with LinkedIn.  The browser extension requires manual installation.

https://salesql.com/how-to-install-in-chrome
https://salesql.com/legal/terms
https://salesql.com/legal/privacy
https://salesql.com/legal/gdpr-compliance
https://blog.salesql.com/introducing-a-new-ui-for-our-google-chrome-extension
View Accepted Solution in Context

Replies

Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 5:10AM · Edited: 27-Jul-2022 | 5:22AM · Permalink 

https://iluhruhru.xyz

https://safeweb.norton.com/report/show?url=https://iluhruhru.xyz =Caution -> Potentially Unwanted Software

Potentially Unwanted Software
Sites that are not malicious sources but that host software with undesirable behavior or cause undesirable browser behavior such as intrusive adware, adware servers used exclusively by intrusive adware, and browser hijackers.

Malicious Site: Malicious Domain Request 22
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31350

Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 5:19AM · Edited: 27-Jul-2022 | 5:32AM · Permalink

Ads and redirects from Iluhruhru.xyz are possible because of its push notifications. Iluhruhru.xyz presents different methods to convince web users into subscribing alerts from this website. It usually contains intrusive ads promoting fake products and services, bogus updates, or dubious software downloads. Clicking these adverts can also voluntarily install potentially unwanted program (PUP), adware, or any kind of possible malware. Iluhruhru.xyz also generate pop-ups appearing anywhere on computer screen. It aims to redirect web visitor into various kinds of dubious websites such, which is very unsuitable and unexpected for online users.

How to install and run a scan with Malwarebytes (Guide)
https://malwaretips.com/blogs/scan-malwarebytes-anti-malware-2-0/

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

Malvertising
Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required.
https://www.malwarebytes.com/malvertising/

Adware
Adware is a form of malware that hides on your device and serves you advertisements. Some adware also monitors your behavior online so it can target you with specific ads.
https://www.malwarebytes.com/adware

Malwarebytes Browser Guard
Filters out annoying ads and scams while blocking trackers that spy on you.
https://www.malwarebytes.com/browserguard/

Browser push notifications: a feature asking to be abused
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Adware and PUPs families add push notifications as an attack vector
https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/

Remove Malicious Browser Ads from Windows, Mac, and Android
https://malwaretips.com/blogs/remove-adware-popup-ads/

Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 5:29AM · Permalink

Thank you. I’ve scanned my system and found no threats, and have cleared all my browser cookies. I don’t understand how these links or scripts are getting onto LinkedIn.
Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 5:34AM · Edited: 27-Jul-2022 | 5:37AM · Permalink

LinkedIn remains the most impersonated brand in phishing attacks - July 20, 2022
https://www.bleepingcomputer.com/news/security/linkedin-remains-the-most-impersonated-brand-in-phishing-attacks/

Watch out for this bump in LinkedIn phishing - May 16, 2022
https://blog.malwarebytes.com/scams/2022/02/watch-out-for-this-bump-in-linkedin-phishing/

Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 5:41AM · Edited: 27-Jul-2022 | 5:45AM · Permalink

JohnPaulJones:
Thank you. I’ve scanned my system and found no threats, and have cleared all my browser cookies. I don’t understand how these links or scripts are getting onto LinkedIn.

Reset your Permissions for:

https://www.linkedin.com

Have you recently added any programs &or browser extensions?

Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 27-Jul-2022 | 6:06AM · Permalink

Thank you very much for your help.

Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 29-Jul-2022 | 4:59AM · Permalink

Yes.  I believe it's the SalesQL Extension for Chrome.  It's designed to work with LinkedIn.  The browser extension requires manual installation.

Accepted Solution
Kudos0

Re: Attacks from https://iluhruhru.xyz/ on LinkedIn

Posted: 29-Jul-2022 | 5:31AM · Edited: 29-Jul-2022 | 6:25AM · Permalink

JohnPaulJones:

Yes.  I believe it's the SalesQL Extension for Chrome.  It's designed to work with LinkedIn.  The browser extension requires manual installation.

https://salesql.com/how-to-install-in-chrome
https://salesql.com/legal/terms
https://salesql.com/legal/privacy
https://salesql.com/legal/gdpr-compliance
https://blog.salesql.com/introducing-a-new-ui-for-our-google-chrome-extension

This thread is closed from further comment. Please visit the forum to start a new thread.