A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Virus on page?



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old March 17th 19, 11:15 PM posted to alt.comp.os.windows-10,alt.computer.workshop
Commander Kinsey
external usenet poster
 
Posts: 195
Default Virus on page?

WARNING! Do not click the misspelt link below (between asterisks) unless you know your computer is protected.

On Stirling Council's parking page https://my.stirling.gov.uk/media/442...park-guide.pdf
There is a link to the thistle centre car park, which they have misspelt as **** http://www.thethsitles.com/ **** instead of http://www.thethistles.com/

Question 1) Is this a virus? It just bleeps very loudly through the speakers and asks me to click to update something.
Question 2) Can this be reported to someone? The company they rent the domain name from perhaps?

(I've already advised Stirling Council to correct their spelling error)
Ads
  #2  
Old March 18th 19, 01:01 AM posted to alt.comp.os.windows-10,alt.computer.workshop
Mayayana
external usenet poster
 
Posts: 5,327
Default Virus on page?

"Commander Kinsey" wrote

| There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/
|

Redirects to d-h.st, owned by
Jared Caliendo
tech-name: Jared (STR52541AD6B8680)
tech-street: 4850 Galendo St.
tech-city: Woodland Hills
tech-state:
tech-zip: 91364
tech-country: US I'm not certain, but it looks like a page that's
nothing more
than a Google adsense ad. In other words, Mr. Caliendo
seems to be trying to make a few dollars by buying near
miss domains and redirecting visitors to an ad.

But it's possible that it' more sneaky than that. The
script is obfuscated.

| Question 2) Can this be reported to someone? The company they rent the
domain name from perhaps?
|
What you can do is stop enabling javascript willy nilly.
Use something like NoScript and only allow script to run
when necessary, and then only from specific domains
that need to use it.

I would never click something like that if I just had
anti-virus or other "protection". The only protection is
to disable script, Flash, Java, or anything else executable
online.


  #3  
Old March 18th 19, 01:51 AM posted to alt.comp.os.windows-10,alt.computer.workshop
Commander Kinsey
external usenet poster
 
Posts: 195
Default Virus on page?

On Mon, 18 Mar 2019 01:01:24 -0000, Mayayana wrote:

"Commander Kinsey" wrote

| There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/
|

Redirects to d-h.st, owned by
Jared Caliendo
tech-name: Jared (STR52541AD6B8680)
tech-street: 4850 Galendo St.
tech-city: Woodland Hills
tech-state:
tech-zip: 91364
tech-country: US


His surname is rather similar to his street name. Probably faked. I used to have three domain names, all with fake names and addresses, mainly to stop people finding out my real life identity.

I'm not certain, but it looks like a page that's
nothing more
than a Google adsense ad. In other words, Mr. Caliendo
seems to be trying to make a few dollars by buying near
miss domains and redirecting visitors to an ad.


If it's Google adsense, you'd think Google would remove it after a complaint.

But it's possible that it' more sneaky than that. The
script is obfuscated.

| Question 2) Can this be reported to someone? The company they rent the
domain name from perhaps?
|
What you can do is stop enabling javascript willy nilly.
Use something like NoScript and only allow script to run
when necessary, and then only from specific domains
that need to use it.


I've never actually had anything nasty happen to my computer. I think between my browser, AV, firewall, adblockers, malware protection program, something always stops it. And usually such a site is only clicked on if you're daft enough to click a link in a dodgy email, which I don't. This was very unusual, in that my local council had misspelt something.

I would never click something like that if I just had
anti-virus or other "protection". The only protection is
to disable script, Flash, Java, or anything else executable
online.


But don't loads of legitimate sites need those? I'd end up with constant pestering "do you want to enable Java" notices. Youtube uses Flash for example. Many pages use Flash.
  #4  
Old March 18th 19, 02:04 AM posted to alt.comp.os.windows-10,alt.computer.workshop
Commander Kinsey
external usenet poster
 
Posts: 195
Default Virus on page?

On Mon, 18 Mar 2019 01:01:24 -0000, Mayayana wrote:

"Commander Kinsey" wrote

| There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/
|

Redirects to d-h.st, owned by
Jared Caliendo
tech-name: Jared (STR52541AD6B8680)
tech-street: 4850 Galendo St.
tech-city: Woodland Hills
tech-state:
tech-zip: 91364
tech-country: US


Is it not possible to report it to whoever he bought the domain from? If I buy a domain name, I get it from a registrar. If I did naughty things on that site, surely the registrar could delete my account?
  #5  
Old March 18th 19, 02:14 AM posted to alt.comp.os.windows-10,alt.computer.workshop
Mayayana
external usenet poster
 
Posts: 5,327
Default Virus on page?

"Commander Kinsey" wrote

| But don't loads of legitimate sites need those? I'd end up with constant
pestering "do you want to enable Java" notices. Youtube uses Flash for
example. Many pages use Flash.
|

Suit yourself. I've never needed Flash. I doubt youtube
requires Flash. It's being phased out. Even Adobe, who
make it, are phasing it out -- at the end of next year.

2015. 8 of the top ten online exploits used Flash:
https://www.recordedfuture.com/top-v...bilities-2015/

2016. 6 for Flash. 2 for IE. 1 Silverlight. 1 Windows:
https://www.recordedfuture.com/top-v...bilities-2016/

Flash probably isn't exploited as much now, only because
less people have it. Other big exploits are Wordpress hacks,
jquery vulnerabilities, etc. Virtually all possible attacks
require script.


  #6  
Old March 18th 19, 02:39 AM posted to alt.comp.os.windows-10,alt.computer.workshop
nospam
external usenet poster
 
Posts: 2,824
Default Virus on page?

In article , Commander Kinsey
wrote:

I used to
have three domain names, all with fake names and addresses, mainly to stop
people finding out my real life identity.


that's against the rules. if you want to hide your true identity, use a
privacy service, which nearly all registrars offer.
  #7  
Old March 18th 19, 03:26 AM posted to alt.comp.os.windows-10,alt.computer.workshop
Carlos E.R.[_3_]
external usenet poster
 
Posts: 317
Default Virus on page?

On 18/03/2019 00.15, Commander Kinsey wrote:
WARNING!* Do not click the misspelt link below (between asterisks)
unless you know your computer is protected.

On Stirling Council's parking page
https://my.stirling.gov.uk/media/442...park-guide.pdf
There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/

Question 1) Is this a virus?* It just bleeps very loudly through the
speakers and asks me to click to update something.
Question 2) Can this be reported to someone?* The company they rent the
domain name from perhaps?

(I've already advised Stirling Council to correct their spelling error)


The first page is a PDF, not a web page; and looking at the properties
it was generated on 2014. It is possible that the link is outdated and
now points to somewhere else than intended, because of a typing error or
no maintenance of the site.

That second link displays nothing in my machine (Linux). But it does
load something.

Disabling the addblocker, it goes to http://mediadiscovery.net/, and
just reads "Sponsored content". Disabling addblocker on on that, then I
get a page full of adds, surely different than those you get. Possibly
one of those adds you get triggered the blast (maybe from your
antivirus?). I have heard that blast on a friend's laptop once, and
scared me ****less. I must say that you guys on Windows get more fun
that us poor lads on Linux :-P

A reload of http://ww1.thethsitles.com/ displays content typical of a
parked domain. Something about Albania and fraud protection.


So what you should do is tell the people of
https://my.stirling.gov.uk/media/4425/9824-final-new-car-park-guide.pdf to
correct the spelling - and if there is no spelling error, remove the
link altogether, as the parking lot "The Thistles" doesn't own the link
they point people to, it has been parked (http://www.thethsitles.com/).

Or whatever the correct wording in English is :-)


--
Cheers, Carlos.
  #8  
Old March 18th 19, 03:51 AM posted to alt.comp.os.windows-10,alt.computer.workshop
nospam
external usenet poster
 
Posts: 2,824
Default Virus on page?

In article , Carlos E.R.
wrote:

The correct thing nowdays would be to have flash disabled, or have
setting to "always ask". And if asked, say "no" unless you really want
to see that box and trust the site.


the correct thing to do is not have flash installed at all.
  #9  
Old March 18th 19, 11:22 AM posted to alt.comp.os.windows-10,alt.computer.workshop
Carlos E.R.[_3_]
external usenet poster
 
Posts: 317
Default Virus on page?

On 18/03/2019 04.51, nospam wrote:
In article , Carlos E.R.
wrote:

The correct thing nowdays would be to have flash disabled, or have
setting to "always ask". And if asked, say "no" unless you really want
to see that box and trust the site.


the correct thing to do is not have flash installed at all.


Unless your bank uses it :-P

--
Cheers, Carlos.
  #10  
Old March 18th 19, 12:40 PM posted to alt.comp.os.windows-10,alt.computer.workshop
Commander Kinsey
external usenet poster
 
Posts: 195
Default Virus on page?

On Mon, 18 Mar 2019 03:26:19 -0000, Carlos E.R. wrote:

On 18/03/2019 00.15, Commander Kinsey wrote:
WARNING! Do not click the misspelt link below (between asterisks)
unless you know your computer is protected.

On Stirling Council's parking page
https://my.stirling.gov.uk/media/442...park-guide.pdf
There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/

Question 1) Is this a virus? It just bleeps very loudly through the
speakers and asks me to click to update something.
Question 2) Can this be reported to someone? The company they rent the
domain name from perhaps?

(I've already advised Stirling Council to correct their spelling error)


The first page is a PDF, not a web page


Technically yes, but the PDF is displayed in my browser and has links to click just like a webpage.

and looking at the properties
it was generated on 2014. It is possible that the link is outdated and
now points to somewhere else than intended, because of a typing error or
no maintenance of the site.


It must be a typing error, it would never have been spelt thsitle.

Anyway hopefully they will update it now I've warned them. I'm surprised nobody else came across it before, parking in Stirling is so bad you have to research first! Even if you pay, hardly anywhere allows more than a 2 hour stay.

That second link displays nothing in my machine (Linux). But it does
load something.


You mean http://www.thethistles.com/ ? It should redirect to https://www.thistlesstirling.com

Disabling the addblocker, it goes to http://mediadiscovery.net/, and
just reads "Sponsored content". Disabling addblocker on on that, then I
get a page full of adds, surely different than those you get.


I have a couple of adblockers and see no ads there at all. Just a page about the shopping centre with moving graphics saying what they sell.

Or did you mean the dodgy link? I got a loud bleep, and a dialog box saying click to update, your windows is out of date and you have a nasty virus or something. I closed it before reading it fully!

Possibly
one of those adds you get triggered the blast (maybe from your
antivirus?). I have heard that blast on a friend's laptop once, and
scared me ****less. I must say that you guys on Windows get more fun
that us poor lads on Linux :-P


I've never had a bleep like that before. It sounds like the BBC2 test signal.

A reload of http://ww1.thethsitles.com/ displays content typical of a
parked domain. Something about Albania and fraud protection.


So what you should do is tell the people of
https://my.stirling.gov.uk/media/4425/9824-final-new-car-park-guide.pdf to
correct the spelling - and if there is no spelling error, remove the
link altogether, as the parking lot "The Thistles" doesn't own the link
they point people to, it has been parked (http://www.thethsitles.com/).

Or whatever the correct wording in English is :-)


A parked parking lot :-)
  #11  
Old March 18th 19, 12:55 PM posted to alt.comp.os.windows-10,alt.computer.workshop
David in Devon
external usenet poster
 
Posts: 58
Default Virus on page?

On 18/03/2019 11:22, Carlos E.R. wrote:
On 18/03/2019 04.51, nospam wrote:
In article , Carlos E.R.
wrote:

The correct thing nowdays would be to have flash disabled, or have
setting to "always ask". And if asked, say "no" unless you really want
to see that box and trust the site.


the correct thing to do is not have flash installed at all.


Unless your bank uses it :-P


This is an aside query, Carlos!

If I look here https://www.mywot.com/en/scorecard/pcbutts1.com

I appear to read Page 1 of 2 pages of comments. If I move on to page 2
there are no comment. I cannot, though, get back to page 1.

Have you any thoughts as to why that might be so?


--
David B.
Devon, UK
  #12  
Old March 18th 19, 01:08 PM posted to alt.comp.os.windows-10,alt.computer.workshop
Carlos E.R.[_3_]
external usenet poster
 
Posts: 317
Default Virus on page?

On 18/03/2019 13.40, Commander Kinsey wrote:
On Mon, 18 Mar 2019 03:26:19 -0000, Carlos E.R.
wrote:

On 18/03/2019 00.15, Commander Kinsey wrote:
WARNING!* Do not click the misspelt link below (between asterisks)
unless you know your computer is protected.

On Stirling Council's parking page
https://my.stirling.gov.uk/media/442...park-guide.pdf
There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/

Question 1) Is this a virus?* It just bleeps very loudly through the
speakers and asks me to click to update something.
Question 2) Can this be reported to someone?* The company they rent the
domain name from perhaps?

(I've already advised Stirling Council to correct their spelling error)


The first page is a PDF, not a web page


Technically yes, but the PDF is displayed in my browser and has links to
click just like a webpage.


Depends on the local configuration - in my machine it doesn't :-)

and looking at the properties
it was generated on 2014. It is possible that the link is outdated and
now points to somewhere else than intended, because of a typing error or
no maintenance of the site.


It must be a typing error, it would never have been spelt thsitle.

Anyway hopefully they will update it now I've warned them.* I'm
surprised nobody else came across it before, parking in Stirling is so
bad you have to research first!* Even if you pay, hardly anywhere allows
more than a 2 hour stay.


Wow. I have never seen something like that here - well, thinking, there
have been days in Madrid that I was not able to go to the place I wanted
at all, no parking or collapsed roads. Popular events. I have not heard
of reserving in advance a parking slot, but maybe possible.


That second link displays nothing in my machine (Linux). But it does
load something.


You mean http://www.thethistles.com/ ?* It should redirect to
https://www.thistlesstirling.com


I mean http://www.thethsitles.com/


Disabling the addblocker, it goes to http://mediadiscovery.net/, and
just reads "Sponsored content". Disabling addblocker on on that, then I
get a page full of adds, surely different than those you get.


I have a couple of adblockers and see no ads there at all.* Just a page
about the shopping centre with moving graphics saying what they sell.

Or did you mean the dodgy link?*


Yes.

I got a loud bleep, and a dialog box
saying click to update, your windows is out of date and you have a nasty
virus or something.* I closed it before reading it fully!


I have seen that on somebody else's computer. I think it was an
unfiltered advert. And clicking there would be dangerous.


Possibly
one of those adds you get triggered the blast (maybe from your
antivirus?). I have heard that blast on a friend's laptop once, and
scared me ****less. I must say that you guys on Windows get more fun
that us poor lads on Linux :-P


I've never had a bleep like that before.* It sounds like the BBC2 test
signal.


Yep. I jumped off the sofa when I heard that. The other person was
accustomed to it and just clicked away.


A reload of http://ww1.thethsitles.com/ displays content typical of a
parked domain. Something about Albania and fraud protection.


So what you should do is tell the people of
https://my.stirling.gov.uk/media/4425/9824-final-new-car-park-guide.pdf
to
correct the spelling - and if there is no spelling error, remove the
link altogether, as the parking lot "The Thistles" doesn't own the link
they point people to, it has been parked (http://www.thethsitles.com/).

Or whatever the correct wording in English is :-)


A parked parking lot :-)


:-D

--
Cheers, Carlos.
  #13  
Old March 18th 19, 01:11 PM posted to alt.comp.os.windows-10,alt.computer.workshop
David in Devon
external usenet poster
 
Posts: 58
Default Virus on page?

On 18/03/2019 12:55, David in Devon wrote:
On 18/03/2019 11:22, Carlos E.R. wrote:
On 18/03/2019 04.51, nospam wrote:
In article , Carlos E.R.
wrote:

The correct thing nowdays would be to have flash disabled, or have
setting to "always ask". And if asked, say "no" unless you really want
to see that box and trust the site.

the correct thing to do is not have flash installed at all.


Unless your bank uses it :-P


This is an aside query, Carlos!

If I look here https://www.mywot.com/en/scorecard/pcbutts1.com

I appear to read Page 1 of 2 pages of comments. If I move on to page 2
there are no comment. I cannot, though, get back to page 1.

Have you any thoughts as to why that might be so?


Oops! I should have mentioned where I found the link! He-

https://groups.google.com/forum/#!to...SH1A%5B1-25%5D

--
David B.
Devon, UK
  #14  
Old March 18th 19, 01:19 PM posted to alt.comp.os.windows-10,alt.computer.workshop
Carlos E.R.[_3_]
external usenet poster
 
Posts: 317
Default Virus on page?

On 18/03/2019 13.55, David in Devon wrote:
On 18/03/2019 11:22, Carlos E.R. wrote:
On 18/03/2019 04.51, nospam wrote:
In article , Carlos E.R.
wrote:

The correct thing nowdays would be to have flash disabled, or have
setting to "always ask". And if asked, say "no" unless you really want
to see that box and trust the site.

the correct thing to do is not have flash installed at all.


Unless your bank uses it :-P


This is an aside query, Carlos!

If I look here https://www.mywot.com/en/scorecard/pcbutts1.com

I appear to read Page 1 of 2 pages of comments. If I move on to page 2
there are no comment. I cannot, though, get back to page 1.

Have you any thoughts as to why that might be so?


Let me see. As I load that page, I get a popup to:

Protect yourself from bad websites
Award winning security extension for your browser

Add to Firefox - It's Free

(100% Free. No in-app payments or subscriptions)
7,033 reviews in Google Chrome
7,033 users have installed WOT and are browsing safetly




Of course, getting such a popup makes me suspicious. Maybe just
aggresive marketing, though.

The second page of comments has nothing, and there is no link to go
back. That's bad programming of the page. I had to click six times on
the "back" button of Firefox to actually go back to the first page.
Well, no, the comments have disappeared.

I think it is lousy programming. Maybe they fiddled altering the browser
history, I read recently about some browser adding protection against this.

I have to click shift-reload to see again the comments. The comments say
it is a bad site and tool...


--
Cheers, Carlos.
  #15  
Old March 18th 19, 01:22 PM posted to alt.comp.os.windows-10,alt.computer.workshop
Commander Kinsey
external usenet poster
 
Posts: 195
Default Virus on page?

On Mon, 18 Mar 2019 13:08:57 -0000, Carlos E.R. wrote:

On 18/03/2019 13.40, Commander Kinsey wrote:
On Mon, 18 Mar 2019 03:26:19 -0000, Carlos E.R.
wrote:

On 18/03/2019 00.15, Commander Kinsey wrote:
WARNING! Do not click the misspelt link below (between asterisks)
unless you know your computer is protected.

On Stirling Council's parking page
https://my.stirling.gov.uk/media/442...park-guide.pdf
There is a link to the thistle centre car park, which they have misspelt
as **** http://www.thethsitles.com/ **** instead of
http://www.thethistles.com/

Question 1) Is this a virus? It just bleeps very loudly through the
speakers and asks me to click to update something.
Question 2) Can this be reported to someone? The company they rent the
domain name from perhaps?

(I've already advised Stirling Council to correct their spelling error)

The first page is a PDF, not a web page


Technically yes, but the PDF is displayed in my browser and has links to
click just like a webpage.


Depends on the local configuration - in my machine it doesn't :-)


I don't like pointless opening of new programs and windows. If I'm viewing some tourist info in a PDF, I'd rather it was just like another web page.

and looking at the properties
it was generated on 2014. It is possible that the link is outdated and
now points to somewhere else than intended, because of a typing error or
no maintenance of the site.


It must be a typing error, it would never have been spelt thsitle.

Anyway hopefully they will update it now I've warned them. I'm
surprised nobody else came across it before, parking in Stirling is so
bad you have to research first! Even if you pay, hardly anywhere allows
more than a 2 hour stay.


Wow. I have never seen something like that here - well, thinking, there
have been days in Madrid that I was not able to go to the place I wanted
at all, no parking or collapsed roads. Popular events. I have not heard
of reserving in advance a parking slot, but maybe possible.


The UK is vastly overpopulated. The large cities like Edinburgh and London are ridiculous, they've actually banned cars altogether in a lot of places, contrary to the wishes of all the high street shops which have lost most of their business due to government cluelessness.

That second link displays nothing in my machine (Linux). But it does
load something.


You mean http://www.thethistles.com/ ? It should redirect to
https://www.thistlesstirling.com


I mean http://www.thethsitles.com/


I wasn't sure if you started counting at the PDF link or the links from the PDF :-)

Disabling the addblocker, it goes to http://mediadiscovery.net/, and
just reads "Sponsored content". Disabling addblocker on on that, then I
get a page full of adds, surely different than those you get.


I have a couple of adblockers and see no ads there at all. Just a page
about the shopping centre with moving graphics saying what they sell.

Or did you mean the dodgy link?


Yes.

I got a loud bleep, and a dialog box
saying click to update, your windows is out of date and you have a nasty
virus or something. I closed it before reading it fully!


I have seen that on somebody else's computer. I think it was an
unfiltered advert. And clicking there would be dangerous.


I did not click, and I would like to think Opera would never load anything without a click. Also AVG does block dodgy sites.

Possibly
one of those adds you get triggered the blast (maybe from your
antivirus?). I have heard that blast on a friend's laptop once, and
scared me ****less. I must say that you guys on Windows get more fun
that us poor lads on Linux :-P


I've never had a bleep like that before. It sounds like the BBC2 test
signal.


Yep. I jumped off the sofa when I heard that. The other person was
accustomed to it and just clicked away.


Try them with one of those scary monster pages that growls and jumps about when you're watching closely. Youtube is full of folk falling off their chairs.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 06:59 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2004-2019 PCbanter.
The comments are property of their posters.