Anyone Get the Google warning?
Sent from my MB860 using xda premium
foxrivertrekker said:
Anyone Get the Google warning?
Sent from my MB860 using xda premium
Click to expand...
Click to collapse
Chrome just gave me the alert:
"Danger: Malware Ahead!
Google Chrome has blocked access to this page on forum.xda-developers.com.
Content from security.rltk.us, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more..."
Is it an ad that's causing it or ...?
i posted somewheres else about this as well ...... any mods have an answer ?
Same here. Sure like to hear from someone in charge around here
nukebreath said:
Same here. Sure like to hear from someone in charge around here
Click to expand...
Click to collapse
Seems to have cleared up. I haven't searched yet for other threads/responses, but just did a little more digging on security.rltk.us. Appears Google Safe browsing has the originating site as blacklisted due to being categorized as "Adult & Pornographic content". Per Sucuri SiteCheck it's been blacklisted but clean, but provided a clean security report (warnings found):
Blacklisted: Yes
Malware: No
Malicious javascript: No
Malicious iFrames: No
Drive-By Downloads: No
Anomaly detection: No
IE-only attacks: No
Suspicious redirections: No
Spam: No
Plus it lists other sites that checked the domain and cleared it:
* Domain blacklisted by Google Safe Browsing: security.rltk.us - reference
* Domain clean by Norton Safe Web: security.rltk.us - reference
* Domain clean on Phish tank: security.rltk.us - reference
* Domain clean on the Opera browser: security.rltk.us - reference
* Domain clean by SiteAdvisor: security.rltk.us - reference
* Domain clean on Sucuri IP/URL malware blacklist: security.rltk.us - reference
* Domain clean by the Sucuri Malware Labs blacklist: security.rltk.us - reference
* Domain clean on Yandex (via Sophos): security.rltk.us - reference
Not going to dig much further, but possibly an ad originating from this domain and the message triggered because of the blacklist?
Related
I have checked several of the major Host ad blocking files available on the web and none reference Medialets & Zestadz Ad Server locations. Lookouts "Ad Network Detector" app found several apps using these companies to host ads and I want to block them via the host file.
I was using AdFree until I found AdAway, which has far more options, including using several host file update locations and manually entering ad servers to block. AdAway uses the same host file source, as well as several others but none of these reference Medialets & Zestadz. Apparently Medialets is now the worst of the bunch, with ads that can collect anything and everything on your phone.
This article in PC Magazine references the Medialet bstards but they don't list the ad server location like they do with several other ad services.
http://www.pcmag.com/article2/0,2817,2383261,00.asp
AdMob which seems to be the most common is just as bad, though their servers are at least known and are included in my host blocking.
"Veracode then drilled down to see what type of data each network was collecting. AdMob accessed GPS location, application package name, and application version information, and "there were variable references within the ad library that appear to transmit the user's birthday, gender, and postal code information," Veracode said."
Unfortunately, as I stated above Medialet's servers don't seem to be known to the public and were not listed in the article. A Google search comes back with nothing.
"Medialets library accesses the device's GPS location, bearing, altitude, android_id, connection status, network information, device brand, model, release revision, and current IP address."
Zestadz is also an unknown. I can't seem to find any info on their ad servers, and they are not referenced in any of the major host files so I can only assume they are not being blocked.
Spyware in PAID Apps!
The obnoxious thing is that Weather Bug Elite uses Medialet even though the app is the paid version. They say that its disabled in the paid "elite" version and is only active in Weather Bug Free, but I don't trust those Medialet a-holes and want to block them at the host level.
Zestadz are used in Flight View Elite, another paid app I own. Same situation above applies. I also found AdMob, AdWhirl and Millennial also embedded in the paid app.
Unfortunately, I can't just go DroidWall these apps as they both need network access so host blocking the ad servers is the only other way I know to prevent them from spying. Anyone know the ad servers for these two companies?
UPDATE: I contacted the parent company who owns WeatherBug and just started entering extensions until I got someone on the phone. I told them I wanted to speak to their legal department regarding a potential lawsuit, and they immediately forwarded me to someone who after some hold time told me "Medialet is NOT suppose to be part of the paid WeatherBug [IE: WeatherBug Elite], and if its showing up then our engineers need to remove it from the application." He said he would be getting back to me on the matter. Does anyone here actually believe this was a legitimate oversight? I am so tired of this privacy invasion crap. Companies think they can do whatever they want until they get caught and just play dumb when it happens.
On to whoever makes FlightView. Going to raise some hell them next. Will update. Still trying to figure out Medialets & Zestadz ad server info. If I can pry it out of these two companies I will post the information as well.
UPDATE 2: The "Office Manager" of Flightview is out of the office until Monday and the tech support department is in a meeting. I will try back later (or Monday) but even though I was [or at least started off] extremely polite, the rep I talked to was a total *itch and tried to dodge my questions on in-app spyware every way possible. Will update when I have more info.
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
Yea, it's just a unique identifier for these networks to add to their list so those IDs never get served ads.
truste.com/developer/?p=86
cLin407 said:
Yea, it's just a unique identifier for these networks to add to their list so those IDs never get served ads.
truste.com/developer/?p=86
Click to expand...
Click to collapse
Cool. Your thanks meter just went from 0 to 1 =)
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
I don't know who Leadbolt is, but that aside if you are wondering about whether they (or anyone for that matter) are or not. I would suggest researching about them first via third party reviews, and/or whois domaintools, wikipedia, types of resources. The reviews that are not generated by sites that do not bias their reviews due to being erm bribed for want of a better word will obviously be more accurate as to their legitimacy so sticking to well known and trusted review sites is a good start. I use WOT (web of trust ff addon) to help weed out the bad sites, it's not perfect, however it is far better than using nothing at all. This way you can get an idea if they are trustworthy or not. And if they are new new new I would be more careful as malicious groups start again with new names etc... once their old ones are burned out and no longer provide the gains they are looking for. Hope this helps
Generally speaking, you should never give out your IMEI to anyone.....especially an ad company asking for your IMEI tempting you with not receiving anymore ads? Sounds extremely fishy to me.
Unfortunately I did give my number before seeing other posts.
I do have a problem that may be a result of the foolish move or it may be unrelated. So far I see the problem with one particular website.
If I go to the a particular restaurant's website Eclipse D Luna found by google search, it is hosted by dudamobile. I believe the website is legit as it looks legit from a computer and I think dudamobile is a legit site that transform peoples websites for mobile phones. However when I navigate to the restaurants menu the page is filled with spam (i.e levitra, viagra ads) ?
Leadbolt is a notification ads provider (they also do banners and others). They use IMEI not to show you the notification ads. They are legit, you can give them your IMEI.
'ad.leadboltads.net' is Malware
JeffATL said:
Leadbolt is provides ads in the notification of andoid similar to airpush. In order to opt out you go to their website where they request your mei imei id. Is it safe to provide this?
Thanks
Click to expand...
Click to collapse
LEADBOLTADS IS MALWARE! DO NOT GIVE THEM ANYTHING!
My browser started popping open on reboot/start up to their page with advertising.
This behaviour is known as malware.
Lookout Security & Antivirus found mine in ChargeBar Free Edition,
ChargeBar came embedded in the NottachTrix 2.3.0 ROM.
I installed it (NottachTrix) and it (ChargeBar) didn't update for 3 months, then, BANG.
I've deleted ChargeBar's update, moved it from system apps to apps, deleted it, and the browser pop open 'ad.leadboltads.net' still persists.
Lookout Security & Antivirus can not find the new location of the malware, they do not have a forum.
By the very definition and behaviour, this is malware, and, ChargeBar (Asgard Casino Apps) is involved in the distribution of malware.
Asgard Casino Apps distributes 34 apps that behave this way.
They are using Google Play Store to distribute this malware, abet, that app is benign in its origin, its a pipeline, or conduit for malware.
Sneaky F##kers aren`t they.........
#1) I would like to get this crap off my phone.
#2) I need to bring this to Google's attention, and have the developer and apps banned from the Play store.
Sooo, starting with #1,,,how do I get this crap off my phone!
NOTE:
I will be linking to this post in the NottachTrix post, I'm asking the developers to to move ChargeBar from the ROM zip.
My MBAM forum post: https://forums.malwarebytes.org/inde...06#entry764184
Beginning with 2016 we will not longer support the coexistence with EYEO's AdBlocker.
This tool is an advertising gateway and they will pass more and more advertising.
keweonDNS
THE FIRST ADBLOCKER WORLDWIDE
WHICH RUNS ON
EVERY OPERATION SYSTEM
EVERY BROWSER
EVERY SYSTEM
without any Software Installation
Tested & working on:
WinXP to Win10 - Windows Mobile - Linux - UNIX - Android - iPhone - iPad - MacOS - BeOS - BLACKBERRY - JavaOS - XBOX - PLAYSTATION - APPLE WATCH - WebOS - Microsoft EDGE - RASBERRY - NAS DEVICES - SmartTV's
Click to expand...
Click to collapse
I'm proud to present a brand new ad-block and security solution. I hope to find some supporter here to check, test and optimize the system.
The name of this system is keweon which is a short form from the German words "keine werbung online". Translated to English this would be "no advertising online"
Unfortunately every online presence is within German language because my English is not longer the best.
The idea and very first solution was born in year 2003. In the year 2013 I decided to launch the system as an online based system and we have tested this system almost on every device. AdBlocking is just only one of the many features but at the moment it's only important if the black and white lists are usable and what to change.
keweon is also the only adblock solution world wide which is not possible to block. If you find a web page where you receive the message "Blocked because you are using an adblocker" let me know this link here or post it on our facebook page and we will change this.
Now it's up to you to decide what you want to think about it.
How can you use it?
The big advantage is that you don't need to install any software. Just point your device to the keweonDNS Server and - that's it!
You can use it on your device or on your SOHO Router or you can use it just on your PC to test and see how does it work.
It's working on EVERY operation system, on EVERY device. Even on IPhone, PlayStation, XBOX and if you want it will even run on the Apple Watch.
Here are the keweonDNS Server list and where they are located:
DNS Server IPv4
GERMANY 01 (*) 46.101.208.121
GERMANY 02 (**) 46.101.187.194
UNITED KINGDOM 01 (*) 178.62.117.240
USA - Dallas (TX) (**) 45.32.198.153
DNS Server IPv6
GERMANY 01 (*) 2a03:b0c0:3:d0::3c:7001
GERMANY 02 (**) 2a03:b0c0:3:d0::b0:8001
UNITED KINGDOM 01 (*) 2a03:b0c0:1:d0::28:8001
USA - Dallas (TX) (**) 2001:19f0:6400:8945:5400:00ff:fe17:5dba
(*) = only available for Germany, Austria, Switzerland and Liechtenstein
(**) = global available
Our DNS Server are not pointing to Google server at the other end. We want to have a clean DNS solution. The DNS servers points to root-server.net infrastructure only.
This might cause some troubles e.g. with MarkMonitor URL's and Domains. I don't care because this company is anyway block at 99,999% via keweonDNS
HTTPS Advertising - no more chance
This is also a big advantage that keweon is able to cover also this crap. We know the current solution is not the best but it is the cheapest.
If you want get rid of the HTTPS advertising error message than you need to install the keweon Adblock Root Certificate on your Computer or on your device.
I know that there are better solutions but the problem is that keweon is currently just a hobby and to buy a public certificate and spending 800 Euro just for fun would be a big financial pain.
You don't need the certificate to use the keweon Adblock but if you want to get rid of the https nags you need to use is.
Browser example without keweon Root Certificate:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Browser example with keweon Root Certificate:
If you want to see what is inside this certificate than browse to the keweon HTTPS Sniper Server and take a look inside the SSL Certificate. You can see what URL's we will take over for ad-blocking reason.
How does keweonDNS work?
It's not a big secret because EVERYTHING is working on 100% pure native DNS technologies. The only thing you need is a FreeBSD Server, a LINUX Server and - YES, it is REQUIRED - a Windows Server. You need to build your own operation system based on UNIX and some special kernel things.
That's all!
I also have had a contact to a big AdBlock Company and the CEO still think this solution is a Proxy solution. I don't want to make a big discussion but keweon is running on 100% native DNS.
The only exception for this is currently YouTube. We have unlocked YouTube that you will not longer get stupid messages "Is blocked because...".
In non other country of the world are more Videos blocked than in Germany. Don't ask for the secret of the YouTube solution. It's working and we will not send the traffic over the keweon systems. That's the reason why we can offer this solution to nearly half a million users.
Check this and see:
https://apps.opendatacity.de/gema-vs-youtube/en/
Currently we have the problem that YouTube unblocker will not run 100% on iOS devices. If you want to see EVERY Video you need to uninstall the YouTube App from your device and watch the videos within the browser.
Therefore I would need additional help to sort out where the hell this app will take the GEO location information's. At the moment it seems it will use the iOS API for this but my knowledge about the iOS API is very limited.
Here are the important links:
On Facebook: https://www.facebook.com/keweonNetwork
On Twitter: https://www.twitter.com/keweonNetwork
Because of legal reason the web site is still offline. One little error on the page could cost a lot of money in Germany.
The Web: http://www.keweon.de
The keweon Root Certificate.
Keep in mind it is not required to use the certificate. If you want to get rid of the HTTPS error messages u can use it but for the basic Ad-blocking it is NOT REQUIRED.
Here is the list of the current entries within our certificate. You can double check this within our HTTPS sniper server: https://adblock.keweon.center
http://forum.keweon.de/viewtopic.php?f=9&t=8
For Windows Systeme (MSI File)
The certificate is working for IE, Edge and Chrome Browser.
http://pki.keweon.center/certs/keweonAdBlockCertificate.msi
MSI within a ZIP file:
http://pki.keweon.center/certs/keweonAdBlockCertificate-MSI.zip
For Android and iOS devices, also for Firefox and Mozilla Browser:
http://pki.keweon.center/certs/keweonAdBlockCertificate.crt
CRT within a ZIP file:
http://pki.keweon.center/certs/keweonAdBlockCertificate-CRT.zip
For Admins to use it within Active Directory as REG file:
http://pki.keweon.center/certs/keweonAdblockCertificate.reg
REG within a ZIP file:
http://pki.keweon.center/certs/keweonAdblockCertificate-REG.zip
If you want to have a "AllInOne Package" use this link please:
http://pki.keweon.center/certs/keweonAdblockCertificate.zip
What will this cost?
It will cost nothing. You can use it where ever you want to use it.
Why it's free?
Because we can do it.
We are unknown.
We don't know what you think about this solution.
That's the reason why this will be free of charge. But keep in mind that this system is only a demo system because we don't have the money to do what we want to do.
The only thing what we expect:
Like, Share and Promote us here by XDA (hit the Thanks Button), on Facebook and Twitter. That's all we want to have from you.
And now?
Now it's your turn.
Read it, use it and decide if you want to have the Internet in a newer Version. Take a look and see.
Hope you enjoy it!
How you can support keweon?
If you have found an address which is blocked that needs to be unblocked or if you have found additional critical address then just send this via email.
At the moment we need to cross check everything manually but we hope that we can automated this process within a few weeks. For this it is important how you send the email. Let's give a short example.
BLACKLIST EXAMPLE:
You have found the URL www.ads-terror.com. But this address is a Popup from the site www.cool-site.com
Now create a text file as like as a hosts file and add the bad URL. Use the Hash sign (#) to seperate the comment. As comment you should use the source URL where you have found the Popup.
www.ads-terror.com # www.cool-site.com
If you have found a malware site or address or something like the "Flashplayer Update" which is in real a malware or spyware trash than comment this with what it is. Just one or two words that we know what it is. You can also combine this or write a few more words. It's up to you.
www.ads-terror.com # fake flashplayer
WHITELIST EXAMPLE:
We know that 7 million entries will not be 100% safe and clean. So don't worry, if you find an address which is blocked which should be not blocked than let's whitelist this.
Also write this into a TXT File and comment this with some self spelling infos that we know why.
bit.ly # Twitter URL shortener
That's all. Please don't send any screenshot or PDF or anything else than a TXT file. Keep in mind that we only will work with the attachments. It does not make sence to send the information within the email body. Whatever you write in the mail this will be ignored because this is an half automated process.
Where to send?
It's easy.
If you have an request and attachment for white listing send this to:
[email protected]
If you have an request and attachment for black listing send this to:
[email protected]
Anything else?
Yes. If you have seen a website where you will receive the Message "this website is blocked because you are using an adblocker" than we also want this to know.
Sometimes it will take a few hours, sometimes this can take up to 3 days until whe are able to break this. But we keep you updated on twitter if we are able to remove this crap.
If you have found an address please copy this address also into a TXT file and send this to:
[email protected]
A few of our blocked URL's might cause some HTTPS errors. For this we have the Root Certificate and because of this we are able to manage this errors within a few minutes.
If you are using the keweon Adblock Root Certificate and find an error on a web page than make a screenshot OR send a TXT file with the URL.
We will double check this and if we see that this address needs to be placed in our HTTPS certficate we will do this. If something wents wrong we will remove this address from our blacklist.
If you see or find an error within the HTTPS certificate than we also need this to know. Send the screenshot or the TXT file to this address and we will take action.
[email protected]
Update of white and black lists
Currently we have a job, we have family and we can not offer 24x7 support for this. This system is just a damn small system, it's a hobby and this update procedure can cause a timeout for round about 60 sec. when we do an update on our DNS Servers. We know how to solve this but we don't have the money currently for this.
This update has only impact to NEW site and URL requests.
If you are playing an online game, stay on facebook or doing work on the same site you will see no interruption. If you do a new site request and you will see that this request runs into a time out take a smoke or move away for a new cup of coffee.
I hope you enjoy this and if you have any recommendations please let me know this.
What is keweonDNS?
keweonDNS is more than just a simple adblocker system. keweon is a solution which offers a lot of cute things.
privacy Protection
protection by Virus and Trojan infection (prevent the download of additional files)
protection against spying (blocking the source address)
Internet without Ads and Popups
real time online ad-blocking
domain address based
working with ipv4 and ipv6
tracking protection
malware protection
spyware protection
trojan protection
fake security filter
fake software filter
phishing protection
advantage because of all of this: up to 50% faster internet on all devices
We also have found a solution where we are able to block even IP Addresses and filter single websites or a picture. But currently it is to expensive to release this for public usage.
We need your support!
The keweonDNS phishing protection is a beta solution at the moment because we have the idea. We know what to do. We know where to do.
But we have no email with a phishing address or URL. We hope someone of you is able to support us and send us a few URL's.
If you receive a phishing mail than copy the content of the mail into a TXT file. Please make sure that you will copy the PHISHING address into this TXT file and then send the TXT file as attachment to:
[email protected]
!!! ATTENTION !!!
IF YOU DON'T KNOW WHAT TO DO - NEVER CLICK ON A LINK WITHIN A PHISHING MAIL.
ASK A FRIEND OF YOU OR SOMEONE WHO KNOWS WHAT TO DO!
Click to expand...
Click to collapse
If you are not sure than you can forward and send the complete mail to us. Please send this mail to:
[email protected]
The problem is that our mail provider might filter this mail. That is the reason why we are asking for the source and destination address within a text file.
It will not help if you only send a screenshot because the LINK and the LINK REFERENCE are completely different. It's also an idea if you are able to save the message and send the message as ZIP file.
If we have this mail we will take action and prevent phishing attacks when you are using the keweonDNS Servers.
Currently we have not a real solution how you can send the information's within a secure way. You can do what you want as long as you are safe and can make sure that you will be not infected.
If you have any idea how to send the complete mail your welcome to keep us informed.
It seems no one is using this System because of my self signed Root Certificate.
I want to get rid of the Certificate installation.
Does someone know if there are some provider who offers free public web server certificates?
Currently I only know Comondo.
Thanks in advance!
(2015/12/11 - 12:15) EDIT:
Click to expand...
Click to collapse
We have done a Certificate request with public domains entries within the SAN field.
After this the certificate request was catched by fraud detection and they denied the certificate.
Bad luck for us. But we don't give up.
If someone knows a different solution than our Root Certificate please let me know.
At the moment it is only possible to get rid of the HTTPS trash with our Root Certificate.
Thanks in advance!
Over 500 Hits and no one seems to be interessted?
Can someone explain to me why there is a problem to give it a try and test this System?
Would be a great thing. Thanks in advance.
I'll give it a try, i already promoted it over my friends, i thank you for your work
Inviato dal mio Nexus 4 con Tapatalk 2
jacomail95 said:
I'll give it a try, i already promoted it over my friends, i thank you for your work
Inviato dal mio Nexus 4 con Tapatalk 2
Click to expand...
Click to collapse
That's good to know.I will Update this Thread with more options.
I have no exerience with Italy and ads, Malware and Spyware.
Hope you will give some feedback to optimize it. Infos and how2 will follow within this Thread the next few hours.
Thanks and I hope you enjoy this system
Now you can help us with update and clean up the white and black lists.
http://forum.xda-developers.com/showpost.php?p=64055856&postcount=2
Best regards!
Hello , thanks for this dns. Could you provide server & net provider information?
Please take a look at dnscrypt.org , usage would be great.
Your website isnt loading , what happened
Sent from my GT-I9505 using XDA Free mobile app
HeathenMan said:
Hello , thanks for this dns. Could you provide server & net provider information?
Please take a look at dnscrypt.org , usage would be great.
Your website isnt loading , what happened
Sent from my GT-I9505 using XDA Free mobile app
Click to expand...
Click to collapse
At this point DNS encryption is not a thing we Plan to implement.
This System is comlete VPS based and a real smal system.
We are using some overloaded security on the servers. If we have success to establish this as an commercial system we will use DNS encryption.
But at the moment we only want to clean up the Black and white lists and for this DNS encryption will cause more troubles than security.
Best regards!
Technical Focus:
It seems that adblock blocking will become the "Advertising Surprise XXL Feature" for 2016.
May be for all other Adblockers. But this will not work with the keweon System.
We cross the fingers and we wil see :fingers-crossed:
Blocking Adblocker which blocking ads to make sure that ads will never blocked
If you see any Website which is blocked when you will use an ad-blocker please test this also with the keweon System.
Yahoo is working on this to prevent ad-blocker usage.
We are working on this problem too and for a well-balanced result we take the other side.
Help and let us know when you find such a site!
Tell us what you think about this:
kinox.to and movie2k.to are now 98% ad free.
We also removed the abo traps when you use this sites on your mobile phone.
Best regards and we hope you enjoy this!
What are you doing with all the user data you are collecting with this?
Gesendet von meinem HTC One mit Tapatalk
flummi3000 said:
What are you doing with all the user data you are collecting with this?
Gesendet von meinem HTC One mit Tapatalk
Click to expand...
Click to collapse
Collecting data? From users? Or any connections?
I guess you are german because that's typically german bull****!
Who the hell told you that we collecting data? Collecting user data via DNS Server? Did you saw any data collection?
Do you realy belive that we break the communication to nearly everywhere and than we collect data for what?
Oh damn!! Almost idiots only here in germany!
Sprint
Anyone know how to change the DNS on android KK?
Sent from my N9515 using XDA Forums Pro.
brad65807 said:
Sprint
Anyone know how to change the DNS on android KK?
Sent from my N9515 using XDA Forums Pro.
Click to expand...
Click to collapse
Check the Playstore and search "RomToolBox". But this tool requires root.
Unfortunately I'm using currently an iPhone but with this Tool I have had the best experience on android.
With higher versions than KK (4.4) I have no clue how to change the DNS Servers because HTC OneMax with 4.4 was my last android device.
I just use the DNS changer from Playstore. Works fine so far. Thanks for your effort!:good:
Shockwave71 said:
I just use the DNS changer from Playstore. Works fine so far. Thanks for your effort!:good:
Click to expand...
Click to collapse
Good to know. thanks for the Feedback :good:
bencozzy said:
I have to agree this is not open source so only security conscious conclusion is that you are data sniffing.
Click to expand...
Click to collapse
Hmmm... Data sniffing with DNS? How? And why?
Everyone is claiming that it is not possible to protect data. I have found years ago a solution and after 10 years I decided to launch this as an online solution.
Let's assume that I will data sniffing. What can I get?
Compare DNS as a phone book. You have the option to look inside where the Webserver or the destination exists. You are searching only a phone number or IP Address.
If you take data from the webserver this will not served and offered by the DNS Servers because this will be done from the webserver which you are browsing to. DNS is only telling your browser, hey go there and there you will find the rest.
The only thing I would get is which IP address is seeking for what address. So what data I should sniff? I only will get the information which IP address is searching xyz.com. Based on this information what should I do with this?
If I would like to have this Data that makes no sence because I have a account to statista.com where I can get more and detailed informations about this. Therefore is no need to launch such a tool.
I decided to build this project DNS based because in no country of the world it is requrired to log DNS request. May be China is an exception but especially in germany where it is required by law to log EVERY web server access DNS will be an exception.
Everyone is claiming that it is not possible to filter dangerous things within the Internet or web sites. Also the site and user tracking. If you use my DNS you can browse to Amazon do a search any you will get not "stalking result" when you visit ebay after your amazon visit.
I have disabled this online tracking which a lot of people say this it not possible. I'm working with this keweonDNS solution since years and also a lot of other people. This was finally the reason why I decided to launch this system as a public system. I'm specialist for Active Directoy since 2000 and I promises to you I will and I can do things with DNS where others will never dream of.
And yes. The system is closed source. And it will stay closed source.
On the one hand I have spend years of work into this system and if you ask someone who has experience with DNS this guy will confirm that this will not work what I do. I heard this so many times - but it's working. On the other handy I keep this closed because I will give no one the chance to break my system or doing some evil things.
If this system will have success than hey, I will find an Investor and I'm able to implement all the security features and launch this as an global system. Yes, this is what I want to do with this.
At the moment you will see only 20% of it's power because all other things would make this system damn expensive when I would release this as public system.
Big companies better pray that this never will happens because for them this system will become an evil nightmare.
If it's no success and everyone has concerns to use it than I will put everything back into the drawer and that's it. At the moment it is fun, fun, fun and more fun. Nothing more.
The same is with my Adblock Root Certificate. I was searching a solution. I found it and it's working. Within a Windows System you will see 42 root certificates. Do you know what they will do? Do you know what they are responsible for? I guess you will not know this but you trust them by default.
I will open and release my complete certificate if you want.
I can not take the fear away which you might have with my system, it's up to you to use it. But the main reason is I want to keep my data on my machine. I don't like if someone try to spy me, my machine and everything what I do.
At the moment I only want to know if the Black and White Lists are OK. To launch the system as a public system there is a lot of additional work required which is not possible that one or two guys can handle this.
I have a solution. I offer the solution as a public system and I will never say that this is the master solution. But with keweon you have more security and options than every other system.
It is absolut O.K. that someone thinks twice bevor he use this system. It is absolut O.K. when someone do not trust the certificate. And it's absolut OK when someone think that this is a big peace of sh**t.
I expected a lot of complains and I'm prepared for nearly everything.
But to think that I'm collecting data?
That's a hard pain because this is what I hate and that is something what this system prevent.
If you will not trust this solution it's O.K. for me. If you have any recommendations how can I achieve more trust into this system than let me know this because I'm open to anything.
Best regards!
bencozzy said:
I have to agree this is not open source so only security conscious conclusion is that you are data sniffing.
Click to expand...
Click to collapse
Just shut-up for godsake if you want to use it use it, or if you don't leave it, why so many complaints, go learn computer networks DNS stuffs and then talk, its just a solution, there are many other adblocking solutions out there. If you are concerned with too much privacy why use Google or xda there's trackers everywhere, its inevitable to avoid. Grow up please.
Firstly some little rant about keweon which is the most hypocrite security service I've ever seen:
[
The mentioned bet was with me. PM for details or public if you make me care enough.
>Copypasting all the elaborate posts from the Telegram sphere as I cant bother to spend much time on it.
I mostly agree with whats written there.
Seriously I dont care about Thorsten (MrT69) personally or in any other way.
I am actually quite sick of this topic. Even mad that I have to deal with basic **** like that. These people managed to trigger a hermit into logging on to tracking heavy XDA.
Why I do this? It needs to be done.
I could have never imagined that such a blatant scam could gain enough traction that it regularly annoys me.
]
<<< A little bit of ranting about keweon >>>
"
Evidence and proof of concept that keweon Online Security is not as secure as claimed by its developer.
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
http://https-interception.info.tm/, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
"
<<< /rant >>>
<<< Explanation of some DNS and TLS/HTTPS basics for noobs >>>
DNS And Root Certificates - What You Need To Know
e8aebe8eb8b24035ae75260ca0ea80a7 / 20190205
Due to recent events we felt compelled to write an impromptu article on this matter. It's intended for all audiences so it will be kept simple - technical details may be posted later.
1. What Is DNS And Why Does It Concern You?
DNS stands for Domain Name System and you encounter it daily. Whenever your web browser or any other application connects to the internet it will most likely do so using a domain. A domain is simply the address you type: i.e. duckduckgo.com. Your computer needs to know where this leads to and will ask a DNS resolver for help. It will return an IP like 176.34.155.23; the public network address you need to know to connect. This process is called a DNS lookup.
There are certain implications for both your privacy and your security as well as your liberty:
- Privacy
Since you ask the resolver for an IP for a domain name, it knows exactly which sites you're visiting and, thanks to the "Internet Of Things", often abbreviated as IoT, even which appliances you use at home.
- Security
You're trusting the resolver that the IP it returns is correct. There are certain checks to ensure it is so, under normal circumstances, that is not a common source of issues. These can be undermined though and that's why this article is important. If the IP is not correct, you can be fooled into connecting to malicious 3rd parties - even without ever noticing any difference. In this case, your privacy is in much greater danger because, not only are the sites you visit tracked, but the contents as well. 3rd parties can see exactly what you're looking at, collect personal information you enter (such as password), and a lot more. Your whole identity can be taken over with ease.
- Liberty
Censorship is commonly enforced via DNS. It's not the most effective way to do so but it is extremely widespread. Even in western countries, it's routinely used by corporations and governments. They use the same methods as potential attackers; they will not return the correct IP when you ask. They could act as if the domain doesn't exist or direct you elsewhere entirely.
2. Ways DNS lookups can happen
2.1 3rd Party DNS Resolvers Hosted By Your ISP
Most people are using 3rd party resolvers hosted by their internet service provider. When you connect your modem, they will automatically be fetched and you might never bother with it at all.
2.2 3rd Party DNS Resolver Of Your Choice
If you already knew what DNS means then you might have decided to use another DNS resolver of your choice. This might improve the situation since it makes it harder for your ISP to track you and you can avoid some forms of censorship. Both are still possible though, but the methods required are not as widely used.
2.3 Your Own (local) DNS Resolver
You can run your own and avoid some of the possible perils of using others'. If you're interested in more information drop us a line.
3. Root Certificates
3.1 What Is A Root Certificate?
Whenever you visit a website starting with https, you communicate with it using a certificate it sends. It enables your browser to encrypt the communication and ensures that nobody listening in can snoop. That's why everybody has been told to look out for the https (rather than http) when logging into websites. The certificate itself only verifies that it has been generated for a certain domain. There's more though:
That's where the root certificate comes in. Think of it as the next higher level that makes sure the levels below are correct. It verifies that the certificate sent to you has been authorized by a certificate authority. This authority ensures that the person creating the certificate is actually the real operator.
This is also referred to as the chain of trust. Your operating system includes a set of these root certificates by default so that the chain of trust can be guaranteed.
3.2 Abuse
We now know that:
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has https in the URL and, if you click it, it will say verified. All just like you learned, right? No!
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the https.
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: http://keweonbet.info.tm/
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
For more information/feedback/corrections visit our chat linked in the pinned post. (Search ID 0728e516cf2446e7b25af7622c26d8d + 5 in case you hid it.)
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has https in the URL and, if you click it, it will say verified. All just like you learned, right? No!
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the https.
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: http://https-interception.info.tm
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
For more information/feedback/corrections visit just PM the poster here.
He activated Mail forwarding.
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
I appreciate you taking the time to write this up.
After reading this, im a bit scared because yesterday i installed both the dns and cert from keweon and since then i logged into bank accounts and several important sites (apps and browser).
Is this really that bad? Is keweon creator really capable of stealing users data just by using a custom dns and cert?
2 yrs later the same s**t again?
I'm honored about the fact that you try to fight against keweon. It seems you are someone from the advertising industries and this statement is almost the same as you have started the big ****storm against me 2 yrs ago.
Did you ever talk about the 46 Root Certificates within Windows which are responsible to share Ransomware, Malware, Spyware and other crap? No.
Did you ever talks about all the Apps which are using hidden root certificates to spy user data? No.
Did you ever talk about custom ROMS which contains hidden Root Certificates? No.
But you are still fighting against me? What will ever happens when I would shut down keweon?
keweonDNS is cleaning up the internet for various threats and of cause advertising. Because of blocking this it's causing HTTPS errors. To suppress this errors I have developed this Root Certificate. At the moment everything is still just for testing and when I launch the "real Infrastructure" there will be definitely a different Root Certificate.
You can use the DNS even without the certificate. Where is the problem? It's not a need or a must to use it but then Adblock detection is possible and a lot of other things. All addresses outside are working via HTTPS and the only reason for this certificate is to prevent HTTPS errors caused by Adblocking. I was asking you for a better Idea - no answer. Even various data protection agreed to me that this is a good Idea to protect against data collections.
I'm 100% sure you are someone from the advertising industries because until today you are only talking about common things that "might" happens or that "can" happens or "possibilities". In the meantime a lot of companies are using keweonDNS and there are some big Companies and this will definitely show that you have no idea about HTTPS and how it is working.
I repeat again. Using keweonDNS is cleaing up the internet within an incredible way. If you want to have everything faster or if you want to suppress the upcomming HTTPS errors cause by Adblocking YOU CAN USE the Certificate. It's not a MUST HAVE. But if you ever have a better Idea to fight against data collection and privacy violation without a certificate then any idea is welcome. That's the reason why it's still a TEST SYSTEM.
This certificate suppress all Adblock detections and data collections. Why you don't talk about this? Why you only talk about this is possible and that is possible? Why you don't write about the actual facts? Why you don't write about the things which are possible with the certificate?
In the meantime there are worldwide 32 million users who are using keweonDNS. Do you honestly think I didn't expect someone to try a ****storm against me or keweon? keweonDNS is a war declaration against Google, Facebook, Microsoft, Yahoo and the entire worldwide ads industry and you are talking about evil things what "might" happens? But hey, it's OK for me
I still offer to you - if you have a better idea let's do it together. I'm open for any idea or help. If you still want to fight against me then this shows me you support Google, data collection and privacy violation.
I discovered a massive mobile advertising fraud campaign that pushes fake virus warnings that trick novice Android users into installing questionable apps.
The advertiser uses JavaScript hosted on Amazon's CloudFront that uses various techniques to fingerprint the users web browser and if and Android device is discovered a fake media player or fake Captcha will pop up on the users mobile device to try and trick the user into accepting push notifications.
Once the push notifications are pushed to the mobile web browser the phone will start to vibrate and beep or in some cases play loud sirens or even spoken words along with fake virus warnings claiming the device is infected with multiple non-existent viruses that lead the user to the Google Play store to install questionable apps.
Many of the infected websites are geared towards a younger audience such as popular games and anime but also pirated software and movies and porn sites are also infected with this advertisers script.
The advertiser boasts that they are able to bypass adblockers and one of the infected websites "wallpaperaccess(.)com" has also been seen to download a malicious Android app disquised as an AdBlock app.
MD5 sum of AdBlock.apk 6f1fd359a382348b3307ed9d64eeebaa
The advertiser behind the browser fingerprinting script hosted on CloudFront is "AdMaven" out of Tel Aviv.
Near the bottom of the script and hidden using Base64 encoding using a custom alphabet hides the domain names of the websites that do the push notifications from anther company out of Tel Aviv called "moviesupdates(.)com"
In some of the AdMaven scripts I've examined is the name of another advertiser out of Tel Aviv called "Taboola" and their name is also obfuscated in the script using Base64 and the custom alphabet: abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/
Almost all the domains are registred to DynaDot and NameCheap.
*Edited to add that NameCheap has turned over a new leaf and is now actively removing reported content.
Here is just a very small sample of the hundreds of infected websites:
deportivo-la-coruna(.)com/page(.)php
mr2(.)com
acampante(.)com
10lance(.)com
russisk(.)org
www(.)e-jurnal(.)com
formodessa(.)com
hdwallsbox(.)com
brightways(.)org
tvshows4mobile(.)com
freehottip(.)com
www.dlmania(.)com
hdmp4mania1(.)net
streamcr7(.)com
123moviesfun(.)is
downace(.)com
watchmoviestream(.)me
customsdutyfree(.)com
allsp(.)ch
www(.)rarbgtorrent(.)com
cmacapps(.)com
speed-new(.)com
blogqpot(.)com
www(.)themetalup(.)com
cutewallpaper(.)org
o2tvseries(.)com
music(.)com(.)bd
manillenials(.)com
luchoedu(.)org
bosscast(.)net
kingdesi(.)com
www.legendofkorra(.)tv
deseneledublate(.)com
repack-games(.)com
amongushacks(.)com
wallpaperaccess(.)com
www.macappstores(.)com
softnspot.blogspot(.)com
btorrent(.)xyz
www(.)frkmusicx(.)com
www.()books-share(.)com
dbanimes(.)com
downloadpc-software.blogspot(.)com
apunkagameslinks.blogspot(.)com
naijatunez(.)com
freegogpcgames(.)com
venenosas(.)com(.)br
www.tumbral(.)com
www.twugi(.)com
gamemox(.)com
egyupgamer.blogspot(.)com
I have emailed AdMaven and Celebsupdates/Moviesupdates and several of the infected websites regarding this fraud but did not get any response.
I'm hoping a reputable security company or ad fraud company will expose this fraud further.
**UPDATE**
It appears the researchers at Bitdefender Labs are tracking the fake adBlock app as "Teabot and Flubot" but they seem unsure as to how the fake adblock app is being propagated.
I have tried to email Bitdefender to give them additional info regarding the malware and how its being spread through malvertising on the sites I listed above but Bitdefender's contact site is complete rubbish.
Bitdefender's article on the malware:
Bitdefender Labs
Daily source of cyber-threat information. Established 2001.
labs.bitdefender.com
Attached is a screenshot showing the malicious AdBlock.apk being advertised by the AdMaven script hosted on CloudFront:
One of the Android applications that people are frightened into downloading by the fake virus warnings is Psafe's DFNDR Antivirus/Cleaner.
Users have been tricked into installing DFNDR through fake virus warnings since 2013.
The developers claim that they do not condone these fraudulent ads and go so far as to ask users to send in screenshots of the fake virus warnings and the URL.
But this is just a ruse. It would be impossible to report on a single URL and the sites that push the fake virus warnings are created automatically.
The only way to truley stop the fake virus warnings is to go to the source of the fraudulent ads which is the AdMaven scripts hosted on Amazon's Cloudfront.
I have shared all this information with the representatives at Psafe about the fraudulent ads and how to stop it.
Psafe even requested I hold off on reporting of the fraud for 30 days which I granted but as you can see from these screenshots Android users are still being sent to the DFNDR app on the Google Play store through these scare tactics.
I have contacted Amazon to report the fraudulent ads and the drive-by downloads of the Android malware but they refuse to do anything about it.
Check the Play Store user reviews for yourself:
hxxps://play.google.com/store/apps/details?id=com.psafe.msuite&hl=en_US&gl=US
Security researcher Lukas Stefanko from ESET is now also tracking this mobile ad fraud and malicious AdBlock app.
Some URL shortener services distribute Android malware, including banking or SMS trojans | WeLiveSecurity
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
www.welivesecurity.com
The link shortners being used in recent scareware campaigns are on Adf.ly
It is unfortunate that the true sources of all these fake virus warnings and mobile malware and calendar spam are not being revealed in this latest report.
No mention of the CloudFront scripts or the latest script that is pushing these scareware ads and malware:
hxxps://iclickcdn(.)com/tag.min.js which is being hosted on CloudFlare servers.
While searching for websites infected with the iclickcdn script I discovered that a federal government website frequented by members of congress had also been infected.
I notified the hostmaster and several other agencies and the script was purged from the site.
A link to URL scan that shows the heavily obfuscated iclickcdn JavaScript:
https://urlscan.io/responses/04a1722238c2eb4055efcf3123981dc1cfa9a48e49be8154e4f9d6d66a1e51a6/
sloshnmosh said:
The link shortners being used in recent scareware campaigns are on Adf.ly
Click to expand...
Click to collapse
Thanks for the interesting information.
I'd just like to inform you that Adf.ly is not welcomed and accepted already for years on this forum, and as soon as we recognise or get notified about such a link it gets removed immediately.
Remark: I've deleted the 5 duplicates of your post that suddenly popped up.
Regards
Oswald Boelcke
Oswald Boelcke said:
Thanks for the interesting information.
I'd just like to inform you that Adf.ly is not welcomed and accepted already for years on this forum, and as soon as we recognise or get notified about such a link it gets removed immediately.
Remark: I've deleted the 5 duplicates of your post that suddenly popped up.
Regards
Oswald Boelcke
Click to expand...
Click to collapse
Okay, thanks so much! I should have put cursors around the DOT of adfly so it wasn't a link.
Also, thank you so much for removing the duplicates, I was receiving errors so I was panicked when I saw I made multiple duplicate posts.