Every once in a while, roughly once per half hour I spend on CF, a new browser tab pops up over the CF tab. That new page has a large Chrome logo in the center and above it, it says, "Important Chrome Update." There's a button to press to download the update, but the link attached to the button is never an actual Google domain. Obviously, someone's trying to get me to download malware of some kind. I'm wondering why I'm only seeing this when I'm on CF. Has anyone else gotten this?
If you've checked that your version of Chrome is actually up to date by typing chrome://help in your address bar, then you're probably correct in suspecting a malware/phishing tab. It's normal for 'chrome' or 'GoogleUpdate' to connect to servers in the '1e100.net' domain. Read - Google Help: What is 1e100.net? You could consider using uBlock Origin -or- uMatrix extensions for Chrome to restrict content loading.
I wish I could remember the domains I was presented with. It could very well have been 1e100.net, which I would have interpreted as being a non-Google domain and therefore suspicious. Anyway, I just checked, and my Chrome was indeed an update behind. Now that I've updated it, I'll see if I get that tab popping up again. Thanks for the help, craguin.
That site/domain in J.R.'s spoilered image resolves to IP address 108.61.71.204 [ReliableSite.Net LLC]. Someone has reported this type of issue to their FB page before... You may want to run a scan: Chrome Help: Scan a Windows computer with the Chrome Cleanup Tool Malwarebytes (free download)
I'm getting the same thing. What makes me suspicious is that the URL for these pages have nothing to do with Google and often appear to be non US. I've been presuming these are fishing scams so I just close the page everytime they pop up and reload a new CF page.
Just got that page again, and I'm certain my Chrome is up to date. The domain the page was located on was oocaegeriroute.com. A whois search doesn't reveal the owner because they've registered through a service that keeps such things secret, but their primary DNS server is NS1.EUROPEDNS.NET, which is in the UK. Something's flaky somewhere.
oocaegeriroute.com - one of 81 domains (currently) registered by same individual through publicdomainregistry.com Reports of similar issues with Firefox: [mozilla support] Is there a way to report the scammer responsible for the phony Firefox update redirect? [mozilla support] Firefox redirects to a page that says important firefox update, it then starts to downloading a virus.
It is definitely malware. I've gotten chrome update notices before, but they never popup over existing tabs, they always open new tabs. And as others have noted, the domain name has no relation AT ALL with google.
Why does it only happen when I'm on Clutchfans, though? If it were any other site, I'd just quit going there, but there's no way I can live without CF.
I had been getting the "Urgent Firefox Update" version of this which, obviously, is the Firefox version of the same scam. It was specific to Cutchfans for me, too. It's malvertising - a script embedded in the banner ads that are loading with Clutchfans. I'm not sure what ability a website owner has to control what ads are shown, as I've never run banner ads on a website. I do know that he doesn't have direct control - the ads are generated in large part by cookies and your browsing history. Obviously he has some, but I have know idea how difficult it would be to block only the bad banners without screwing up the whole advertising setup. It is absolutely much more difficult for Clutch to control than it would be if, for instance, if the actual website were infected with malicious code. The website owner can't just edit his own files to remove it. It is coming from a third party and isn't actually infecting the website itself. I installed an ad-blocker for my Firefox and it has stopped occurring on my desktop. I don't like to do that, as ads make money for the website, but it seems to me that protecting my computer from malicious code outweighs whatever unspoken contract there is with Clutch allowing him to generate revenue in exchange for using his site. It has started up on my phone, though, so I'm going to have to figure out how to ad block there. Edit: Just spoke with my wife who does websites and SEO and what-not for a living. If Clutch is using Google AdSense to pick the banner ads that are being shown (which is pretty much the standard), then he has absolutely no control over what ads Google chooses to display on Clutchfans.
I get this as soon as I click on a thread for the first time that browsing session. On Chrome as well as Firefox.
Yeah I got a few weird-ass, obviously bad pop ups from this new site. For that reason I never log on through my work computer anymore and only my home computer sparingly. I keep my phone bare-bones so I'm not as worried on here (plus I haven't had this problem on mobile).
