Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

A website "http: // supportfirefox .perl .sh/" designed just like Mozilla Firefox site, is driving users to download fake browser. Please check.

  • 8 replies
  • 68 have this problem
  • 8 views
  • Last reply by baddestiny

more options

I was browsing for image of "Miss Universe" in Google images in Firefox and somehow got a prompt to download firefox_update.exe. As I know that this is not the way Firefox prompts the user for upgradation, I checked the website. It has been designed to fake Mozilla Firefox website and driving users to download their own executable resembling with Mozilla Firefox setup.

http: // supportfirefox .perl .sh

Edited to de-activate the links - TonyE

I was browsing for image of "Miss Universe" in Google images in Firefox and somehow got a prompt to download firefox_update.exe. As I know that this is not the way Firefox prompts the user for upgradation, I checked the website. It has been designed to fake Mozilla Firefox website and driving users to download their own executable resembling with Mozilla Firefox setup. http: // supportfirefox .perl .sh ''Edited to de-activate the links - TonyE''

Modified by TonyE

Chosen solution

It is a known web forgery which is trying to install malware. You can report these sites using the "Report web forgery" option in the Help menu. I have reported this site.

Read this answer in context 👍 5

All Replies (8)

more options

Chosen Solution

It is a known web forgery which is trying to install malware. You can report these sites using the "Report web forgery" option in the Help menu. I have reported this site.

more options

vinaypatki,

Good catch, realizing that Mozilla doesn't deliver updates in that manner. If you ever see something like that again, report it yourself as TonyE did - using the Help > Report Web Forgery menu item. You will be helping other user's who aren't as alert as you were by spotting that as a fake Firefox web page. The quicker an alert Firefox user reports those "fakes", the faster they are added to the WebForgery data base and sent to all Firefox users who have the SafeBrowsing feature activated (some users turn it off after they install Firefox).

more options

Thanks guys! I wasn't aware of this feature. will use it whenever required...

more options

What I'd really like to do is block them with "Adblock Plus" extension. I made up filters for them as follows but while it seems to work for .co.cc they do not work for .perl.sh as in the one in this thread. Reporting them is fine but they spring up so fast that I'd like to just tell people how they can block them even at the expense of some legitimate sites since they are so out of control.
  ||dnsever.com
  |*.perl.sh^
  |*.co.cc^

I also block these in the hosts file
  127.0.0.1 www.dnsever.com #cc.co, perl.sh,
  127.0.0.1 dnsever.com #cc.co, perl.sh,

From the Adblock Plus Help menu --
  Writing Adblock Plus filters
  https://adblockplus.org/en/filters

more options

I found one like that and someone who was redirecting one of their pages on their domain to: http://firefox.perl.sh/

I had found a link to: http://www.atmalikasanli.com/Dc3/index.php?news=wordpress-outage

Now if you put the link in your address bar it doesnt redirect which is weird, but in the Google results if you go to google and type:

www.atmalikasanli.com wordpress outage ( i think its the 4th result, look at the matching url in the result). Then it will redirect to the fake firefox page!


Here is the information: Updated: 1 second ago Registrant: Individual Flat 35A Rixon House, Barnfield Road London, SE18 3TX GB

Domain name: ATMALIKASANLI.COM


Administrative Contact:

   Adiguzel, Keles  Email Masking [email protected]
   Flat 35A Rixon House, Barnfield Road
   London,  SE18 3TX
   GB
   +44.7786955950

Technical Contact:

   Adiguzel, Keles  Email Masking [email protected]
   Flat 35A Rixon House, Barnfield Road
   London,  SE18 3TX
   GB
   +44.7786955950


Registration Service Provider:

   Servage.net Hosting, Email Masking [email protected]
   +49 46116098359 (fax)
   http://www.servage.net/
   This company may be contacted for domain login/passwords,
   DNS/Nameserver changes, and general domain support questions.
more options

Forgive my obvious ignorance but I haven't found the Safebrowsing feature. Could you please tell me where it is to be found? Thank you.

more options

By default the safer browsing feature is turned on.

In the Tools menus select Options (on the Mac the equivalent is Preferences > Firefox, and on Linux it is Edit > Preferences on Linux), this will open the Options/Preferences dialog.

Select the Security panel. The 2 safer browsing options are "Block reported attack sites" and "Block reported web forgeries". The first option will block sites that are known to have installed malware/viruses, as well as sites that set out to try to get people to install malware this can also happen on legitimate sites that have been hacked. The second is useful for blocking phishing sites.

more options

hi can you remove my details on this site please.