Does anyone knows this site?

Hello.
I'm a Bitdefender Antivirus Free user.
I use Honeygain, hoping that I'll gather some bucks. The Honeygain installed on my PC tried multiple times to access this address: https://tracking.tarsanmedia.in/
Bitdefender Antivirus Free saw it as a pishing page and blocked the attempts (until now there were around 15 attempts). I have contacted the Honeygain staff, and I got a surprising reply - to whitelist the Honeygain app in the antivirus software (which I didn't, because something doesn't smell right). A later reply from them says ,, the team is already trying to lift this block directly with the antivirus software".


Can anyone tell me anything about this?

Thank you

Answers

  • Scott
    Scott ✭✭✭✭✭
    edited August 2

    Hello @Corvus

    Confirmed on my end as well, Bitdefender Antivirus Plus. It was also flagged by 10 other sites on VirusTotal.

    My opinion, is let them work it out as they said they would, and do not add it into Exceptions (whitelist). You were wise to be suspicious and ask.

    Otherwise, you could also report it the Bitdefender labs, as a possible (but for now, probably not) false positive.

    https://www.bitdefender.com/consumer/support/answer/29358/

    @Flexx who is also very good at these sort of things, may have some additional insights as well.

    Kind regards.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/ Using BD Antivirus Plus along with Glasswire free.

  • Corvus
    Corvus Mr.

    Thank you, @Scott 😉
    I am writing to Bitdefender now.

  • Corvus
    Corvus Mr.

    Thank you, @Scott 😉
    I just contacted Bitdefender, made an URL submission.
    I am curious what they have to say about it.
    Have a nice day 😁

  • I have no idea why the website is blocked. Upon checking SSL, its certificate seems to be valid. Well, let's wait for the response from the malware research team.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Alexandru_BD
    Alexandru_BD admin
    edited August 2

    @Corvus I also made an inquiry about this and despite the fact that on virustotal it appears as being flagged for phishing by several vendors, in urlinfo we don't see any detection on the URL and according to Honeygain, the URL is legit. However, detection will stay for now, until the URL can be thoroughly analized, because at the moment it appears down, its identity is hidden and less than a year has passed since its registration, so it raises some concerns and I think that more checks are needed to be able to pronounce on its safety.

    Thanks!

    Premium Security & Bitdefender Endpoint Security Tools user

  • Scott
    Scott ✭✭✭✭✭
    edited August 2

    Can certificates ever be hacked or faked? Is it better for AV's like BD who verify sites with their certificate authentication?

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/ Using BD Antivirus Plus along with Glasswire free.

  • Yes, website certificates can be hacked or faked, although it is a rare and difficult process.

    Certificate Authorities are trusted entities that issue digital certificates. If a CA's systems are compromised, an attacker could issue fraudulent certificates. This happened in the DigiNotar incident in 2011.

    In some cases, attackers can intercept communication between a user and a website (MitM), presenting a fake certificate to the user while maintaining a legitimate connection with the website. This can be mitigated by features like Certificate Pinning. Also, older cryptographic algorithms, such as MD5, have known vulnerabilities that could be exploited to create fraudulent certificates.

    An antivirus software can check the validity of certificates by comparing them against a list of trusted Certificate Authorities and verifying their chain of trust. If a certificate is not issued by a trusted CA or if the chain of trust is broken, the antivirus can flag it. Heuristic techniques can be used to analyze certificates and their properties. If a certificate looks suspicious (e.g., unusually short validity period, unexpected issuer, etc.), the software can flag it for further inspection. Since modern security solutions rely on cloud-based threat intelligence, they can quickly detect and block connections to websites known to have used compromised or fraudulent certificates.

    Also, when monitoring the behavior of websites and applications, if a site behaves unusually or tries to establish connections that are inconsistent with its usual pattern, the security software might trigger an alert.

    The general rule of thumb is, if a website’s certificate is invalid or untrusted, it’s best to avoid entering sensitive information.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Scott
    Scott ✭✭✭✭✭

    Thank you, Alex. A very insightful and helpful post :)

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/ Using BD Antivirus Plus along with Glasswire free.

  • Corvus
    Corvus Mr.

    Thank you, @Flexx, @Alexandru_BD and @Scott for your replies.

  • The best way to check for certificate errors or any JavaScript issues on a website is to check them on https://www.sslshopper.com/ssl-checker.html & https://sitecheck.sucuri.net/

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Scott
    Scott ✭✭✭✭✭

    Excellent links, buddy. Thanks, I appreciate it 👍️👍️

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/ Using BD Antivirus Plus along with Glasswire free.

  • Corvus
    Corvus Mr.

    Well, if you can believe it, this is the reply I got from Honeygain:
    ,,The team responsible for investigating this issue has confirmed that it is a false positive. Appropriate actions have been taken, and the matter has been addressed accordingly." I wonder what team is that…
    In the mean time, Bitdefender changed the way it shows the problem, from "Pishing attempt detected" to "Infected web resource detected".
    I'm somewhere between laughing and being angry.


  • Flexx
    Flexx mod
    edited August 8

    If you believe that a website or file has been incorrectly blocked by Bitdefender, you can share the details with our malware researchers by filling out the form at the link provided below:

    https://www.bitdefender.com/consumer/support/answer/29358/

    If the website or file is indeed incorrectly blocked, the detection will be removed within a maximum of 72 hours. However, if the detection still persists after 72 hours, please consider the website or file as malicious, as determined by our malware researchers, and the detection will remain.

    By the way, it's not only Bitdefender blocking your website; Kaspersky, Sophos, and others are also blocking it as phishing, malware, or malicious. Have a look at the VirusTotal link below.

    https://www.virustotal.com/gui/domain/tracking.tarsanmedia.in?nocache=1

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Corvus
    Corvus Mr.
    edited August 8

    Thank you, @Flexx
    I believe that something is indeed wrong with that web page and the Honeygain staff tries to sweep it under the rug.

    Have a nice day, everyone 🙂