Malicious Domain Request 22

Hello

I heard about website called "Twipu" and I from what I heard it basically site with Twitter statistics. And because of current world events I was curious about it.

When I typed "twipu" in google search Immediately Norton blocked "Malicious Site: Malicious Domain Request 22". Important thing is I did not click any link, but only typed "twipu" in google search

Do you think that was a real threat? 

It is coming because you might be visiting sites having ad,

try using AdBlock extension for your every browser. This will sort out your ongoing issue.

Having tested a different browser I am convinced that the problem originates in Google Chrome.

I have "muted" the notification by selecting "View Details" in the notification and then selecting "Stop Notifying Me" in the Advanced Details. 

This obviously does not stop the malicious attack but just stops me being told that Norton has blocked it multiple times per day.

Does this happen when you use any other browser? If not Chrome is the issue, Norton Safe Search is most likely the cause of the alert.

SA

from what little i could find seems it could be norton safe web notice about a malicious site or or issue

with my content blocker off

png_5480.png

Afraid not, couldn't reproduce that here. Even with my ad blocker fully disabled. So it was probably just a passing issue, like the link/site that was detected as bad no longer exists.

n the Privacy and security section it's called either Use a prediction service to load pages more quickly or Preload pages for faster browsing and searching.​

.....and do you see Norton popup immediately after you type "twipu" in Google search? with Preload pages on?

 

In the Privacy and security section it's called either Use a prediction service to load pages more quickly or Preload pages for faster browsing and searching.​

Chrome can look up the IP addresses of all a page's links and cache the ones it thinks you are most likely to navigate to next. With this setting on, websites and any embedded content that are pre-loaded may set and read their own cookies, etc. as if you had visited them, even if you never do. So when Chrome loads search results, it's possible it pre-loads a few pages from those results as a prediction of where you may go next (and therefore setting off Norton if it's bad). Turning this setting off will prevent all the unnecessary background transfer Chrome does as you browse. The perception of any speed gain or loss with this setting is pretty much nil.

 

Cheers

Perhaps then it was just the browser pre-caching the site. There's a setting for that in Chrome, for example.

Whats the setting in Chrome?  

"I did not expect any block like this at all just by looking for things."

Perhaps then it was just the browser pre-caching the site. There's a setting for that in Chrome, for example.

 I fully scanned my pc with Norton full scan, NPE and Malwarebytes free version, nothing found so far

Okay. 

 

Just like this and Norton blocked it.

I did not expect any block like this at all just by looking for things.  Day after I fully scanned my pc with Norton full scan, NPE and Malwarebytes free version, nothing found so far

 

Like I said I got Norton popup immediately after I typed twipu in google search and I did not click the actual link to the website.

Okay.  I'm not seeing Norton popup with twipu in Google search.

Is it possible I downloaded something without going to this site somehow?

Maybe, run Norton scan and second opinion Malwarebytes scan -
For Chrome browser - run Chrome Cleanup Tool -
 

Thanks for replay

Like I said I got Norton popup immediately after I typed twipu in google search and I did not click the actual link to the website. Is it possible I downloaded something without going to this site somehow?

 

Do you think that was a real threat? 

Yes


for example: with Intrusion Prevention Off + my content blocker Off 

http://www.tetilot-cesah.com/ybaf2qhbn>5gx/Reuters.exe
Downloaded File  from tetilot-cesah.com
File Thumbprint - SHA:
015284bae744f3988fa279274e02f0b9702ee061755b4ad0a1dc932199a75aa2
File Thumbprint - MD5:
71ebbc2d020de7b7b16060b2a7d2b189

https://www.twipu.com/

twipu.com appears ad supported with popup ads and embedded ad-mal links
 with my uBlock Origin Off

    with my uBlock Origin On
https://safeweb.norton.com/report/show?url=https://www.twipu.com/ = SAFE

 

You may have picked up a PUP, a Possibly Unwanted Program. While they are annoying, they do not cause damage to your system. Some people actually want the 'Features' offered by these programs. They are usually downloaded alongside a legitimate download when you do not uncheck the option for the additional download.

Norton products concentrate on malware that can damage your system, that is why some PUPs are not detected.

As noted in my post above, this issue is probably some malicious code on a web site you are visiting. Possibly in malformed ads. You can try installing an ad blocker extension in your browser to help protect against this type of redirect/attack.

 

The instruction to remove Lulachu might have worked, using malwarebytes.  I reserve judgement as the attack seem to be at random time.  What I really ask myself now, is why I am paying high fee to use Norton and it can't remove malaware that a simple free program can. Why is that not included in Norton? Anyway thanks for your help.

If your web browser is constantly being redirected to the Lulachu.com site, then it is possible that you have adware installed on your computer.
Lulachu.com is part of an advertising service that website publishers use to generate revenue on their sites. Unfortunately, there are some malicious programs that are injecting these Lulachu.com ads on websites you visit without the permission of the publisher in order to generate revenue.
When Lulachu.com redirects a browser to an advertisement, the ads are typically for unwanted chrome extensions, surveys, adult sites, online web games, fake software updates, and unwanted programs.

How to remove Lulachu.com redirect (Virus Removal Guide)
https://malwaretips.com/blogs/remove-lulachu-com/