Ixquick

Security_Wiz
Сообщения: 53
Зарегистрирован: Сб июн 28, 2008 7:46 pm

Ixquick

Сообщение Security_Wiz » Сб сен 13, 2008 1:51 am

Hi,

I have started using the search engine Ixquick. However, I notice that this website uses many domains (us.ixquick.com, us2.ixquick.com, etc.). I keep stumbling upon real Ixquick domains that seem fine to me that seem to be rated dangerous for some reason.

This is one: s2-us2.ixquick.com/

I see no problem with this. It's user confidence rating is low, but I'd still like to know why it is rated so badly.

Аватара пользователя
Sami
Сообщения: 3506
Зарегистрирован: Сб окт 07, 2006 11:43 am

Re: Ixquick

Сообщение Sami » Сб сен 13, 2008 8:44 am

It was only recently removed from PhishTank.

Аватара пользователя
phantazm
Сообщения: 2486
Зарегистрирован: Чт янв 03, 2008 1:46 pm

SE in PT?

Сообщение phantazm » Сб сен 13, 2008 9:19 am

Why would a search engine end up in the PhishTank?

Аватара пользователя
AnonymousSpecial
Сообщения: 109
Зарегистрирован: Вс фев 17, 2008 1:20 pm

Most likely someone thought

Сообщение AnonymousSpecial » Сб сен 13, 2008 9:28 am

Most likely someone thought the URL looked like it was trying to spoof a bank or something.

Аватара пользователя
Sami
Сообщения: 3506
Зарегистрирован: Сб окт 07, 2006 11:43 am

Re: SE in PT?

Сообщение Sami » Сб сен 13, 2008 9:28 am

Not sure, but there it was, verified by six users.

Аватара пользователя
phantazm
Сообщения: 2486
Зарегистрирован: Чт янв 03, 2008 1:46 pm

Or maybe this...

Сообщение phantazm » Сб сен 13, 2008 10:51 am

Maybe it could be a case of search engine abuse.
I found this short text that describes a google-example:

"Google abuse - Who feels lucky here?

Today I got this spam mail, that at first looked too simple.
But when I looked twice, I noticed it was actually opposite:

"Check it out - I just found the best casino website! It has great games, tournaments, daily promotions and high bonuses. If you go there now you'll get a free beginners bonus of $555 - so you can start playing right away! Have fun!"

Casino spam is not news at all, but the deceptive link was.
Instead of linking directly to casino-games-pro.com it used this:

google.com/search?q=inurl%3Agames-pro+intext%3Awon1+million
+megabet+from+casino+online&btnI=Lucky target="_blank"

(This query searches for sites with "games-pro" in the url
+ "won1 million megabet from casino online" somewhere in the text.)

This combination of words is found on only one website.
And then Googles 'Feel lucky button' is abused to go directly to the site...

Result: the scam-site avoids naming itself in the spam mail,
thus making it harder for spam-filters to scan for names of known scam-sites.."

Аватара пользователя
phantazm
Сообщения: 2486
Зарегистрирован: Чт янв 03, 2008 1:46 pm

Or maybe that...

Сообщение phantazm » Сб сен 13, 2008 10:58 am

phantazm: Why would a search engine end up in the PhishTank?

Sami: Not sure, but there it was, verified by six users.

phantazm: I looked at the phishtank entry (http://www.phishtank.com/phish_detail.p ... _id=477086) and saw this url:

hxxp://s1-us2.ixquick.com/do/show_picture.pl?c=bottom_frame&u=http://cgi.ebay.com.my/ws/eBayISAPI.dll ... Message-Id:

The first part is the searchengine, but...
The second part contains "cgi.ebay.com.my",
and that does look phishy to me...

Аватара пользователя
Sami
Сообщения: 3506
Зарегистрирован: Сб окт 07, 2006 11:43 am

Re: Or maybe that...

Сообщение Sami » Сб сен 13, 2008 11:05 am

The second part contains "cgi.ebay.com.my", and that does look phishy to me...

That's eBay Malaysia, it's not a phishing site either.

Аватара пользователя
phantazm
Сообщения: 2486
Зарегистрирован: Чт янв 03, 2008 1:46 pm

Ooops!

Сообщение phantazm » Сб сен 13, 2008 11:10 am

Okay, I didn't know that (mea culpa). Thanks for the correction!
But then again, I'm neither malysian nor an eBay-customer...

Security_Wiz
Сообщения: 53
Зарегистрирован: Сб июн 28, 2008 7:46 pm

Ixquick

Сообщение Security_Wiz » Сб сен 13, 2008 2:04 pm

So, basically, it was flagged by PhishTank as phising because it had a phising link in their search results. That just doesn't seem very likely. Google has thousands of phising links and malware links, but they are not rated badly by sources because of it.

Thanks though! As long as I know that Ixquick has no malware, I'm going to continue using it.

I like that the WOT community is very active.

Ответить

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 4 гостя