Project

General

Profile

Actions

Support #3214

closed

suspicious domains when googling for suricata information.

Added by Brian Jones about 5 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Affected Versions:
Label:

Description

Has anyone noticed suspicious domains when you google for suricata info? Of the 3 that I clicked on, all of them have asked me to allow notifications to see the content. My last search was ebpf suricata and I limited the results to the last week. The domains names are always odd.

For example visathanhloi[]com, https://lamusicanosune[]net, and https://sowetobleeze[]com.

Actions #1

Updated by Andreas Herz about 5 years ago

  • Assignee set to Community Ticket
  • Target version set to Support

I can't confirm that. Did you try it on another machine as well? This can also be caused by malware on the system itself.

Actions #2

Updated by Brian Jones about 5 years ago

Andreas Herz wrote:

I can't confirm that. Did you try it on another machine as well? This can also be caused by malware on the system itself.

It is probably nothing, but sharing in case they are malicious. The domains created in the last few months have a higher chance of being malicious in my experience.

I still see odd domains when googling from different browsers, devices and VMS. 2 tests logged into gmail, most tests from browsers and VMs that I never have logged into.

Searching just now for suricata ebpf on google and clicking the tools tab to select results from "past week". I see femfitnessr[]com, homesickpromotions[]com, sandsbrand[]com ,shakshihimmatramka[]com, titanesque[]net, The other results are from the usual legit sites.

whois info
https://www.whois.com/whois/femfitnessr.com
https://www.whois.com/whois/homesickpromotions.com
https://www.whois.com/whois/sandsbrand.com
https://www.whois.com/whois/shakshihimmatramka.com
https://www.whois.com/whois/titanesque.net

Actions #3

Updated by Andreas Herz about 5 years ago

It's interesting that I only see them when I reduce it even further instead of week. But that's not much we can do about, I guess even google will have a hard time with that.

Actions #4

Updated by Andreas Herz about 4 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions

Also available in: Atom PDF