Solved.
Kudos0

PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 8:42AM · 17 Respuestas · · Translation:

Hello,

Thank You for taking the time to read my post! :o)

I am 83 years old and have recently moved into a Senior Citizen (Community) home, hence prior too I had to engage in a great deal of downsizing & belt-tightning...

I saved some money (short term), yet also had to put up with trade-offs...

For one, there is ONE ISP  provider for the entire building (basic cable) and all of us share the Wi-Fi which slows down internet speed (obvious when watching streaming movies which stall/refresh dozens of times).

My Room did not come with pre-installed (basic cable) box, hence I had to wait for a VERY, VERY, VERY, long time until my tv was hocked up to said basic cable box.

So, as not to die from boredom, I turned to internet tv (Tubi) as a substitute until I would, eventually, have my basic cable box installed.

I had my HP laptop hookedup to my flatscreen tv via USB cable thus this worked for a while.

Eventually I grew tired of tubi and was curious about other FREE online tv providers (streaming or VOD).

Via Google Search Engine (Google Chrome) I discovered goku.to. Norton Safe Search (Green dot with white checkmark next to google goku.to hyperlink). Norton Safe rating. Under full report TV/Video Streams (rather then saying piracy/malware).

So, I visited goku.to and, via their internal search engine, bookmarked movies & series to be watched at a latter date.

I was surprised by the "download" option below screen right which I did not make us off, yet had me suspicious all the same.

I watched goku.to for about 2-3 days when suddenly MBAM Security Pop-Up appeared warning of malvertising! (see below)

MBAM 

Website blocked due to malvertising

cstoeydbhdgrip.com
139.45.197.154
443
Outbound
C:\Program Files\Google\...e\Application\chrome.exe

This was not an isolated incident it happened again another 3 times (different letters before .com such as edncewvfadqrkr.com)

SO, LONG STORY SHORT, MY QUESTION IS IS FOLLOWING SUFFICIENT TO DEAL/UNCOVER MALVERTISING?

1.) I removed the goku.to bookmark within my Google Chrome Browser.

2.) I cleared Google Chrome History

3.) I ran MBAM Premium (offline) No Infections (0 threats).

4.) Updated Norton 360 (Live Update) and ran Quick Scan (0 threats), Full Scan (0 threats), Smart Scan (0 threats) and then ran Norton Power Eraser.

ANYTHING ELSE THAT I SHOULD DO?

Plus...

I also ran afoul via yet another google search (for series streaming) and received the ALL CLEAR from Norton Safe Search (green dot plus white checkmark next to hyperlink). (see below)

https://fmovies.to/series/the-girls-guide-to-depravity-vvwy6/2-5

I watched one episode of a series on fmovies.to (all okay) and later, when I returned to said website to watch episode two suddenly Norton made an appearance albeit late, "Dangerous Website." 

Okay, how come did I not get the warning upfront rather then later (delayed?). And suddenly there is an red dot with white X (Norton putting the cart in front of the horse?).

Norton ("Dangerous Website" Full Report) on fmovies.to was a privacy/id concern (phishing).  So, THEY have my IP address???

I removed the fmovies.to bookmark from my Google Chrome Browser and ran all the scans (0 threats) plus ran Norton Power Eraser..

WHAT ELSE SHOULD I DO?

I thank you in advance for all of your help and understanding & am looking forward to feedback from the "Good People" on these forums.
 

Labels: Google Chrome, LiveUpdate, Popup, Smart Scan
Solución aceptada
Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 6:14AM · Enlace permanente

david S.:

Good Evening bjm_,
Okay, I have uBlock and it is "ON" in my google browser extension, yet no notifications.

Again, Norton objected when I tested with uBlock Origin Off.   
Norton as I recall was quiet for the brief time I tested with uBlock Origin On. 
I simply reported as I observed regarding goku.to and fmovies.to ... for what it's worth.

If you have concerns.  Maybe, ask Malwarebytes Forum to check your machine.

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

View Accepted Solution in Context

Respuestas

Kudos2 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 9:35AM · Enlace permanente

As you have scanned with Norton and MBAM and no malware found, I am going to suggest that the blocked items were from ads on the sites you were visiting. 

Norton would not flag the site in the Google search because the site itself is safe. It appears that the ad service that site uses is malicious, or may have been compromised, allowing malicious items to be sent through the ad channel.

The good news is that Norton and/or MBAM blocked the attempts, so you are safe. Going forward, you could install an ad blocker extension in your browser that will help block the redirects from bad ads.

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 11:15AM · Edited: 07-Mayo-2023 | 11:31AM · Enlace permanente

david S.:

Via Google Search Engine (Google Chrome) I discovered goku.to. Norton Safe Search (Green dot with white checkmark next to google goku.to hyperlink). Norton Safe rating. Under full report TV/Video Streams (rather then saying piracy/malware).

on my machine goku.to redirects to goku.sx
goku.to is rated Norton Safe Web - Safe - TV/Video Streams
goku.sx is Norton Safe Web rated - Caution - Entertainment/Suspicious

at goku.sx with my ad blocker (uBlock Origin) On - Norton is quiet except for Safe Web rating: Caution
at goku.sx with my ad blocker (uBlock Origin) Off - Norton objects with Safe Web Malicious Site Blocked! - Intrusion Protection System (IPS) block & Norton 360 IPS Alert: intrusion attempt blocked

for example:

Malicious Site: Malicious Domain Request 22
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31350

Safe Web Report for: ookroush.com
https://safeweb.norton.com/report/show?url=https://ookroush.com 

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 11:35AM · Edited: 07-Mayo-2023 | 11:57AM · Enlace permanente

on my machine: fmovies.to with ad blocker Off resolves to Malicious Site Blocked!
fmoviews.to is rated Norton Safe Web - Safe - TV/Video Streams/Piracy/Copyright Concerns

https://banquetunarmedgrater.com/advertisers.js&blockPageType=IPS&IpsSignature=31349

Safe Web Report for: banquetunarmedgrater.com = Warning - Malicious Sources/Malnets
Safe Web Report for: souvenirsconsist.com = Caution - Suspicious

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 12:00PM · Edited: 07-Mayo-2023 | 12:12PM · Enlace permanente

on my machine: fmovies.to with ad blocker Off resolves to Malicious Site Blocked!


Safe Web Report for: friendshipmale.com = Warning - Malicious Sources/Malnets
Safe Web Report for: syringeitch.com = Caution - Suspicious
Safe Web Report for: necessaryescort.com = Caution - Suspicious

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 4:33PM · Enlace permanente

Hello peterweb,

Thank You for responding & so quickly (on a Sunday no less).  :o)

So, without going into why I felt let down by Norton Safe Search (Green Dot with white checkmark...SoulAsylum once told me not to rely too heavily on that Green dot with white checkmark...and yet I do).

I watched goku.to for 2-3 days (MBAM Pop-Up free initially), don't recall seeing any adds (just either a movie or episodes for a series).

Having watched "Wheel of Time" animated version, several episodes, at first no warning whatsoever (first one or two episodes) and then the MBAM Pop-Up (Malvertising).

Let "US" assume...namely that the MBAM Pop-Up occurred too late  (having already watched some/ALL episodes). Hmmm, what now?

So, in other words, the malvertising got through to my HP Laptop, yet all the scans came up clean (0 threats). What's the worst thing that could happen to me?

I have uBlock origin (as browser extension).

Once again THANK YOU for responding & the good input! :o)

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 4:38PM · Enlace permanente

As I suggested above, you are seeing MBAM blocking an attempt to redirect your browser through a malformed ad on that page. It is not connected to the video you are viewing, but something outside the video frame on the page where ads are displayed. The good news is that MBAM caught it and protected you.

From @bjm_'s testing, using an ad blocker stops these attempted intrusions before they even get sent to your system

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 4:56PM · Enlace permanente

Good Evening bjm_,

THANK YOU for responding & on a Sunday no less! :o)

Thank You for spelling it out for me in plain English (and for putting your back into it). :o)

"on my machine goku.to redirects to goku.sx
goku.to is rated Norton Safe Web - Safe - TV/Video Streams
goku.sx is Norton Safe Web rated - Caution - Entertainment/Suspicious

at goku.sx with my ad blocker (uBlock Origin) On - Norton is quiet except for Safe Web rating: Caution
at goku.sx with my ad blocker (uBlock Origin) Off - Norton objects with Safe Web Malicious Site Blocked! - Intrusion Protection System (IPS) block & Norton 360 IPS Alert: intrusion attempt blocked"

Interesting info...

I cannot recall a redirect happening (then again I'm not a Norton Guru).

So, what p@sses me off is that page one on Google Search results ("goku.to"), at very top of page, goku.to perfectly fine, however, when you browse longer pages 3 or 4 people start badmouthing goku.to website has malware & there is piracy going on (as in the "download" option bottom right below movie screen...next to settings icon). The badmouthing should be on page one (top of page) thereby people would be warned to stay away from said website.

If I had known, initially, about the malware & piracy issues I would not have touched that website with a ten foot pole! :o(

Okay, I have uBlock and it is "ON" in my google browser extension, yet no notifications.

The only warning I received was from MBAM (Malvertising).

I am, in hindsight, assuming, that some of the movies & series on goku.to are malware free, yet not all.

Thank You

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 4:59PM · Enlace permanente

Hello peterweb,

Really speedy response. :o)

Having watched "Wheel of Time" animated version, several episodes, at first no warning whatsoever (first one or two episodes) and then the MBAM Pop-Up (Malvertising).

Let "US" assume...namely that the MBAM Pop-Up occurred too late  (having already watched some/ALL episodes). Hmmm, what now?

So, in other words, the malvertising got through to my HP Laptop, yet all the scans came up clean (0 threats). What's the worst thing that could happen to me?

Thank You for humoring me. :o)

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 5:13PM · Enlace permanente

Hello again bjm_,

Of the two, separate, incidents one on goku.to and the other on fmovies.to...I am far more worried about fmovies.to (because I got a green dot plus white checkmark from Norton Safe Search, hence I watched episode one of "The Girl's Guide to Depravity" comedy starring Rebeca Blumhagen). No warnings whatsoever! :o(

Having bookmarked "The Girl's Guide to Depravity"/fmovies.to (in my google browser). I later came back clicked on fmovies.to bookmark in my browser  "The Girl's Guide to Depravity" episode two...and only then the Norton warning ("Dangerous Website") after I had already been on said website for an hour. :o(

All the Norton/MBAM scans came up (0 threats) plus Norton Power Eraser.

What if this is about phishing?

WORST CASE SCENARIO 'they" have my ip address???

Thank you for your  patience with me.

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 5:21PM · Enlace permanente

Hello bjm_,

So, my issue is...since the Norton "Dangerous Website" warning (regarding fmovies.to) came to late...after I had already spent an hour on their website minus ANY warnings whatsoever. What now?

I understand, "that train has left the trainstation,' "that ship has sailed," yet what to do about that whole hour I spent on that malicious website?

Kudos for your thoughts! :o)

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 07-Mayo-2023 | 5:22PM · Edited: 07-Mayo-2023 | 5:30PM · Enlace permanente

This can be the 'cost' of the free movies. These sites attract all kinds of people. I'm not familiar with the sites you mention. Are they sites where people upload these movies? If so, this kind of site is perfect for those wanting to infect your system. And if the movie is copyrighted, the company that has the rights for that movie has been known to infect the uploaded file so it does not view properly or may have malware to try to identify the user viewing it.

Best to try to go to the original source for TV and movies. The major networks have streaming available for TV shows and movies. That way you have no worries of malware.

EDIT

Norton allowing your first 2 hours is because that actual URL you were viewing was not dangerous. When something dangerous, either from another link you clicked on, or an attempt by an add to send you to a dangerous page, Norton and or MBAM kicked in and protected you. And this is verified by your Norton and MBAM scans coming up clean.

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 5:37AM · Edited: 08-Mayo-2023 | 5:52AM · Enlace permanente

david S.:

I cannot recall a redirect happening 

Maybe, goku.to page content changed from when you were on goku.to and when I was testing goku.to.  
I noticed goku.sx in my browser address bar.  

Sucuri also notes Redirects to: https: //goku. sx/
https://sitecheck.sucuri.net/results/goku.to

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 6:09AM · Enlace permanente

Good Morning peterweb,

Thank you, once again, for  responding and your valuable input! :o)

"This can be the 'cost' of the free movies. "

There are legitimate (non-major tv networks) sites such as tubi (I believe they are part of Newscorp/Fox) or Crackle, yet I have watched everything of interest they have to offer (which does NOT include low budget B movies or lame movies/series from Lifetime channel...my late wife watched those).

This industry is rapidly growing & expanding, yet not every website is legitimate (that's why I do the Norton Safe Search via Google). Both goku.to & fmovies.to = legitimate, hence I visited these two websites.

"Are they sites where people upload these movies?"

I believe, in hindsight, that goku.to is such a site.

"Norton allowing your first 2 hours is because that actual URL you were viewing was not dangerous. When something dangerous, either from another link you clicked on, or an attempt by an add to send you to a dangerous page, Norton and or MBAM kicked in and protected you. And this is verified by your Norton and MBAM scans coming up clean."

peterweb thank you for clarifying (in your edit).  :o)

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 6:14AM · Enlace permanente

Good Morning bjm_,

THANK YOU, once again, for all the testing that you did & for sharing (in plain English for those of us who are not Gurus).  :o)

"Sucuri also notes Redirects to:"

I cannot help my curiosity what's "Securi?" If you don't mind my asking.

Solución aceptada
Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 6:14AM · Enlace permanente

david S.:

Good Evening bjm_,
Okay, I have uBlock and it is "ON" in my google browser extension, yet no notifications.

Again, Norton objected when I tested with uBlock Origin Off.   
Norton as I recall was quiet for the brief time I tested with uBlock Origin On. 
I simply reported as I observed regarding goku.to and fmovies.to ... for what it's worth.

If you have concerns.  Maybe, ask Malwarebytes Forum to check your machine.

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

Kudos1 Estadisticas

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 6:18AM · Edited: 08-Mayo-2023 | 6:48AM · Enlace permanente

david S.:

Good Morning bjm_,
"Sucuri also notes Redirects to:"
I cannot help my curiosity what's "Securi?" If you don't mind my asking.

Sucuri offers a "website malware and security checker"...for what it's worth. 
https://sitecheck.sucuri.net/

Kudos0

Re: PLZ Help with Malvertising & a Phishing Website!

al corriente: 08-Mayo-2023 | 2:28PM · Enlace permanente

Good Afternoon bjm_,

Thank you, once again, for ALL the testing & comparison/good advice! :o)

Thank you also for explaining what "Sucuri."  :O)

I consider my post/problem resolved thanks to you & peterweb, Thanks a Bunch!

I shall close said thread/resolved.

This thread is closed from further comment. Please visit the forum to start a new thread.