Malware Bytes flagging on some part of the STH site

[Dev_Mgr]

Anyone else use Malware Bytes Premium and getting pop-ups from it about stay.decentralappps.com (triple p in there) when they pull up STH or the page auto-refreshes?

Malware Bytes is pointing to an IP address that looks to be in the Ukraine.

I do use Ghostery to help my security and privacy as well.

 

[DavidWJohnston]

I don't use MalwareBytes, but I can confirm in the last 6 months, I do see some traffic to that host from my main workstation and laptop between 9-Sep and 15-Sep. (The ones on the 19th were intentional) Data volume is not large.

It's situations like this where I think maybe I should use a TLS inspection proxy.

 

[ghost792]

I’ve encountered some malicious redirects from the main page this week. I’m not sure if they trigger when I click on a site element or if they are drive bys.

 

[NablaSquaredG]

I’ve encountered some malicious redirects from the main page this week. I’m not sure if they trigger when I click on a site element or if they are drive bys.

yep I can confirm

 

[chinesestunna]

confirmed, started yesterday for me malicious redirects from homepage

 

[NablaSquaredG]

@Patrick

 

[Patrick]

Sorry replied to the other thread. Summary: Ads turned off. The entire site is being rebuilt by the team from scratch and will be tested and deployed by tomorrow morning.

 

[Stephan]

As foretold in https://forums.servethehome.com/ind...cts-all-amd-zen-cpus-yikes.41067/#post-388344 that this would happen (again).

Another item to consider is that STH may be a worthwile target for a watering hole style attack. Because the student serving a petabyte out of this dorm room and the defense contractor employee with access to sensitive information share one thing, they visit STH. Today it was a hijacked ad service redirecting into Ukraine, tomorrow it will be a Chromium zero-click zero-day sandbox exploit that someone bought for 100k. If you look, there is a serious RCE CVE every couple of weeks for Chromium. This is the next MOVEit and SolarWinds in the making.

If you can, don't use Windows, or the "evil triplet" Windows plus Office plus Active Directory, keep browser current, keep OS current to hinder privilege escalation, use uMatrix to limit javascript execution, block ads (yes, I know about the ramifications for site operator), audit your network traffic every week, do not use or auto-update any browser extensions. And when you're done with that, plug any holes in your email system. If I can send you a zipped ISO file or Office document with macros as an attachment, something is wrong.