![]() ![]() Looking at one of these requests leads us to a chain with 2 lines. Among those in the IE log, a lot of them are initiated by ":/2393(xxx)", a reference a line in the website index code. Inspect Element logger on bato.to, also limited to blocked requests. ![]() UBlockOrigin Logger on bato.to, limited to blocked requests. tracker \ jomtingi - malware \ denetsuk - malware \ unpkg - owned by CloudFlare, pot. UBlockOrigin, on its part, requires 9 of 15 domains be blocked in order to remove the visible malware,įor posterity and information, here are imgur links to VirusTotal analysis of the predominant ones: oakoubs - malware \ whoutsog - phishing \ baidu - malware/pot. For example, by visiting a whole 2 pages on the site, MalwareBytes blocked 14 trackers and 7 malware attempts. The malware redirects are hidden in a website level script/website call by my guess, and as such the only way to circumvent them browser-side is by using a malware extension, or by blacklisting them all through something like UBlockOrigin - the latter of which requires you to know they already exist, and the former requiring you to pay for anything reputable. To start us off, this is simply baked into the website by now, and is virtually undetectable until you actually get hit by it. Well, let's just say it's a bit worse than that. This post will be rather technical, but I'll try my best to tl dr it at the last paragraph.Ī few days ago on this subreddit, there was a post regarding Bato.to's new habit of click-jacking users to malware sites under the guise of "needed advertisement revenue". ![]() Note for the careful: ALL LINKS IN THIS POST ARE IMGUR LINKS, NOT LINKS TO ANY MALWARE SITES. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |