A website "http: // supportfirefox .perl .sh/" designed just like Mozilla Firefox site, is driving users to download fake browser. Please check.
I was browsing for image of "Miss Universe" in Google images in Firefox and somehow got a prompt to download firefox_update.exe. As I know that this is not the way Firefox prompts the user for upgradation, I checked the website. It has been designed to fake Mozilla Firefox website and driving users to download their own executable resembling with Mozilla Firefox setup.
http: // supportfirefox .perl .sh
Edited to de-activate the links - TonyE
Modified
Chosen solution
It is a known web forgery which is trying to install malware. You can report these sites using the "Report web forgery" option in the Help menu. I have reported this site.
Read this answer in context 👍 5All Replies (8)
Chosen Solution
It is a known web forgery which is trying to install malware. You can report these sites using the "Report web forgery" option in the Help menu. I have reported this site.
vinaypatki,
Good catch, realizing that Mozilla doesn't deliver updates in that manner. If you ever see something like that again, report it yourself as TonyE did - using the Help > Report Web Forgery menu item. You will be helping other user's who aren't as alert as you were by spotting that as a fake Firefox web page. The quicker an alert Firefox user reports those "fakes", the faster they are added to the WebForgery data base and sent to all Firefox users who have the SafeBrowsing feature activated (some users turn it off after they install Firefox).
Thanks guys! I wasn't aware of this feature. will use it whenever required...
What I'd really like to do is block them with "Adblock Plus" extension. I made up filters for them as follows but while it seems to work for .co.cc they do not work for .perl.sh as in the one in this thread. Reporting them is fine but they spring up so fast that I'd like to just tell people how they can block them even at the expense of some legitimate sites since they are so out of control.
||dnsever.com
|*.perl.sh^
|*.co.cc^
I also block these in the hosts file
127.0.0.1 www.dnsever.com #cc.co, perl.sh,
127.0.0.1 dnsever.com #cc.co, perl.sh,
From the Adblock Plus Help menu --
Writing Adblock Plus filters
https://adblockplus.org/en/filters
I found one like that and someone who was redirecting one of their pages on their domain to: http://firefox.perl.sh/
I had found a link to: http://www.atmalikasanli.com/Dc3/index.php?news=wordpress-outage
Now if you put the link in your address bar it doesnt redirect which is weird, but in the Google results if you go to google and type:
www.atmalikasanli.com wordpress outage ( i think its the 4th result, look at the matching url in the result). Then it will redirect to the fake firefox page!
Here is the information:
Updated: 1 second ago
Registrant:
Individual
Flat 35A Rixon House, Barnfield Road
London, SE18 3TX
GB
Domain name: ATMALIKASANLI.COM
Administrative Contact:
Adiguzel, Keles Email Masking [email protected] Flat 35A Rixon House, Barnfield Road London, SE18 3TX GB +44.7786955950
Technical Contact:
Adiguzel, Keles Email Masking [email protected] Flat 35A Rixon House, Barnfield Road London, SE18 3TX GB +44.7786955950
Registration Service Provider:
Servage.net Hosting, Email Masking [email protected] +49 46116098359 (fax) http://www.servage.net/ This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions.
Forgive my obvious ignorance but I haven't found the Safebrowsing feature. Could you please tell me where it is to be found? Thank you.
By default the safer browsing feature is turned on.
In the Tools menus select Options (on the Mac the equivalent is Preferences > Firefox, and on Linux it is Edit > Preferences on Linux), this will open the Options/Preferences dialog.
Select the Security panel. The 2 safer browsing options are "Block reported attack sites" and "Block reported web forgeries". The first option will block sites that are known to have installed malware/viruses, as well as sites that set out to try to get people to install malware this can also happen on legitimate sites that have been hacked. The second is useful for blocking phishing sites.
hi can you remove my details on this site please.