• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Please re-evaluate Radiomanga.net.

Hello,

I know it has been some time, however, wanted to alert the community on this one.  According to the search results, RM is determined SAFE by NSW:

However, upon visiting the site, my Norton program went into action:

Perhaps a Norton team member can look further into this and adjust the Safe Web rating - - just don't want people getting stung here. 

Regards,

H.B. 

Replies

Kudos1 Stats

Re: Please re-evaluate Radiomanga.net.

Hello HB, good seeing you again. The Safe Web full site report shows the website as clean here. It also appears the website, clicking "Learn Why" in the Google search results listing for the website, it appears the website itself isn't allowing itself to be probed by search engines such as Google.

Edited: Clicked the search results link as seen in your screenshot and immediately got the info popup below.

Norton Core detected nothing, no notifications but I also got your in product history notice as well for the same IP address. It appears there is a browser redirect happening.

Cheers 

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos1 Stats

Re: Please re-evaluate Radiomanga.net.

If you run into issues like this, it would be quicker to report directly to Norton using the False Positive reporting tool. It should also work to report false negatives as the report triggers a manual check of the page. You can report false positive indications here https://submit.symantec.com/false_positive/

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: Please re-evaluate Radiomanga.net.

Hello Soul,

Good seeing you as well, thank you for directly looking into that, however, did not want to place your system at risk!    I did decide to run the Power Eraser, but, as usual, it doesn't really turn up anything of merit.  I think in my case, it wanted to repair one reg. entry and found "malicious" a shortcut for Roller Coaster Tycoon which would not be relevant in this case.  Running a quick scan yielded nothing, and, i also performed a 'Hyper Scan' with MBAM which returned a clean report.  Since the occurrence, i have continued to monitor the Norton Security Logs and have not seen any further attacks.  Perhaps this was an instance where once you exited the website, that was all that needed to be done.  Overall, this is surprising as for the longest time i believed Radio Manga to be a reputable source.  Maybe they had a recent breach? 

Hello Peter,

I have taken the time to report the site right from the search results, however, in case something got lost in translation with that, wanted to raise broader awareness through this venue.

Thank you both for your time,

Sincerely,

H.B.   

Kudos1 Stats

Re: Please re-evaluate Radiomanga.net.

FWIW ~ sans Norton

radiomanga.net lands on hxxp: //meta2. domainname-error.com/search9870798707. php?keyword=radiomanga.net&type=meta_filter_radiomanga. net

YMMV

Kudos2 Stats

Re: Please re-evaluate Radiomanga.net.

Hello HB

Welcome back. I will let the Safe Web Team know about this thread. They should be able to take care of the issue on the Safe Web end. The redirect itself would have to be cleaned up by the site owner.

Please stay tuned to this thread for a response from the Safe Web Team on Sunday night after midnight EST.

Have a Good Night, Nice Day and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Please re-evaluate Radiomanga.net.

Thanks, Flo! :-)

Kudos1 Stats

Re: Please re-evaluate Radiomanga.net.

Submitted URL: radiomanga.net/
Suggested categories: Malicious Outbound Data/Botnets and Suspicious
Your comments: Web Attack: Malicious Redirection 21
Reviewed: March 4, 2019 3:27:13 AM UTC
Based on your recommendation and after careful evaluation of the Web content submitted, a Web Content Analyst has recategorized this URL as Entertainment, Audio/Video Clips, and Suspicious.

Thank you,
Blue Coat WebFilter

 https://sitereview.bluecoat.com/#/lookup-result/radiomanga.net

Kudos0

Re: Please re-evaluate Radiomanga.net.

Hi Hammer_Bro

We have manually analyzed the site 'radiomanga.net' and found it to be a Malicious Website. So we have modified its rating to red in safeweb.norton.com.
https://safeweb.norton.com/report/show?url=radiomanga.net

Cops

Kudos0

Re: Please re-evaluate Radiomanga.net.

Hello once again COPS,

Not sure if they didn't do what you told them to, however, the site is only reflecting the orange caution which would be synonymous with a lesser threat:

My feeling is that if this threat was so severe to the place where Norton desired me to run the 'Power Eraser' afterwards, this should absolutely be changed to the Red X.  The caution to me might be indicative of a pop-up flood, spam, not to the level of a malicious re-direct.  With the current status, people might still be tempted to chance a visit. 

Regards,

H.B. 

Kudos0

Re: Please re-evaluate Radiomanga.net.

Looking at what is detected, it is listed as a redirect. Not actual malware on that site. That may be why it is just orange instead of red.

Maybe @floplot can ask for another review/clarification?

FWIW

VirusTotal is all green.    https://www.virustotal.com/#/url/5b0057ec0921598f62d2d91daf85b07ef9aaad1...

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Please re-evaluate Radiomanga.net.

Hello All

This is what Cops said in his post.


We have manually analyzed the site 'radiomanga.net' and found it to be a Malicious Website. So we have modified its rating to red in safeweb.norton.com.


He said it is malicious and they modified it to red. I will tell him that Safe Web is showing an Orange warning and not the Red blockage. Let's see what he says about the discrepancy .

Please stay tuned to this thread for a response from the Safe Web Team on Monday night after midnight EST. He might not post and just change the blockage to Red.or he might send me the notice.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Please re-evaluate Radiomanga.net.

Kudos0

Re: Please re-evaluate Radiomanga.net.

Kudos0

Re: Please re-evaluate Radiomanga.net.

Hello All

I have asked Cops for some explanation for no red warning, but got no answers after a few attempts. I guess redirects to a survey site is not critical enough, In my opinion, it looks like Peter had the correct answer for the reason for a orange warning and not a red one.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Please re-evaluate Radiomanga.net.

FWIW ~

http://isithacked.com/check/radiomanga.net 
 


One of the most common HTTP status codes is HTTP 302. This status occurs when a resource or page you're attempting to load has been temporarily moved to a different location -- via a 302 redirect.

As opposed to 301 redirects -- which are used to permanently direct users from one location to another -- 302 redirects are temporary. You usually won't notice a 302 redirect if it's set up correctly. The web server serving up the 302 redirect should immediately indicate the new location of the page to your browser, and should send you there right away.

It's important to note that an HTTP 302 status code is caused by the web server you're attempting to reach. It's not an issue with your web browser, or anything you can control on your end of things.

https://blog.hubspot.com/marketing/http-302 

https://www.deepcrawl.com/blog/best-practice/the-abc-of-http-status-codes/


If you want to see when you've encountered a 302 redirect (or any type of redirect), consider using an application or Chrome extension (like this one, Redirect Path). This type of tool will show you directly in your browser when you run into a redirect.

Status Code	URL	IP	Page Type	Redirect Type	Redirect URL	
200	http://radiomanga.net/	207.244.67.139	client_redirect	javascript	http://radiomanga.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=a6704570-4102-11e9-94d0-bb03d1a55442
302	http://radiomanga.net/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=a6704570-4102-11e9-94d0-bb03d1a55442	207.244.67.139	server_redirect	temporary	http://api.quotes.com/eb97433a-4105-11e9-a0f9-52fbf788d81d
200	http://api.quotes.com/eb97433a-4105-11e9-a0f9-52fbf788d81d	95.211.196.120	client_redirect	meta	http://api.quotes.com/eb97433a-4105-11e9-a0f9-52fbf788d81d?hr=1
302	http://api.quotes.com/eb97433a-4105-11e9-a0f9-52fbf788d81d?hr=1	95.211.196.120	server_redirect	temporary	http://meta2.domainname-error.com/search9870798707.php?keyword=radiomanga.net&type=meta_filter_radiomanga.net
200	http://meta2.domainname-error.com/search9870798707.php?keyword=radiomanga.net&type=meta_filter_radiomanga.net	52.41.113.0	normal	none	none
Kudos0

Re: Please re-evaluate Radiomanga.net.

All: Note the URL's that are being offered up? IE ww1 / ww25 ? The site owner needs to remediate the js code on the site itself. Installing browser extensions is just an band-aid for the underlying issue which is with the website vice your browser.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Please re-evaluate Radiomanga.net.

Safe Web report is re domain.  No info re host n'or IP.


What is the difference between the domain prefix www as opposed to ww1?
the www or ww1 in this case is called the ‘host’ and a domain can have more than one host and they don’t have to start with ww, they could be anything. Like http: //host.domain. com or http: //host1.domain. com or http: //xyz.domain. com and you can point those host records with DNS to any server you want (or they can all go to the same server). You can setup different websites on each of those hosts or point one to a website and one to an ftp server www is popular for websites. sometimes you might see a host record called http: //mail.domain. com and it might point to a webmail server. Tools like nslookup can tell you if two hosts point to the same ip address which usually means they are on the same server.

Safe Web report is re domain 'radiomanga.net'.  As I see on my machine. 


www.radiomanga.net lands on http://meta2.domainname-error.com/search9870798707.php?keyword=radiomanga.net&type=meta_filter_radiomanga.net

ww1.radiomanga.net lands on http://ww1.radiomanga.net/

YMMV

Kudos0

Re: Please re-evaluate Radiomanga.net.

Hello

radiomanga. net probably doesn't even know he has a issue even if it's a orange warning. HB is the one who noticed that there was an issue when his Norton went crazy. It looks like none of the other site users have Norton installed. That site was evaluated without it being registered first. The site owner won't know unless site users who use Norton tell him since all the other security programs listed in Virus Total find the site clean. Maybe others will notice it since it does show as malicious on Virus Total even if just on Norton.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.