Closed AnthillSudoku closed 2 years ago
DDL56x
commented
2 years ago Be that as it may, the following is a search engine hijacker and I have blocked it at my OS (Win 11 Home) firewall:
151.101.121.194 [http://www.goto-searchitnow.global.ssl.fastly(dot)net]
AnthillSudoku
commented
2 years ago @DDL56x please edit your last post writing the malicious link between code tags, so users cannot access it directly.
Opening that link from a safe environment like tails results in a page with only "nothing there", even after turning off NoScript (firefox extensions)
A quick search of your link shows articles starting from late 2018 to 2021, such as
https://malwaretips.com/blogs/remove-goto-searchitnow-global-ssl-fastly-net https://www.pcrisk.com/removal-guides/13072-searchitnow-info-redirect-mac
I have no idea if this malware works only from a Mac or if fastly shut them down.
However, these type of issues must be reported to their ISP, or who provides the services, such as fastly. Fastly does not seems to have a bad reputation for malware or viruses, I can find very few old ones such as
https://duckduckgo.com/?t=ffsb&q=adverrd.global.ssl.fastly.net&ia=web
Even cloudflare sometimes has phishing issue but Energized is not blocking cloudflare entirely. I reported one a month ago and they shut it down in few hours,
So fastly must not be blocked, except if they are willingly ignoring malware, viruses and phising issues. However a block can be put on single malicious urls until they are shut down
DDL56x
commented
2 years ago Was search jacked late last year while using the browser Vivaldi, but it was on a fully security patched Win 7 Ultimate x64 OS. The browser became completely compromised, so I uninstalled it using Revo in safe mode. Noticed that more and more websites since then are or have Fastly as a CDN, and was viewing a Chrome extension homepage with uBO, Ghostery. and Malwarebytes active when it occurred. I have scoured the web, but found very little info about the malware anywhere. Maybe fastly(dot)net has shut them down, but until I know for sure, tend to avoid whitelisting that CDN unless necessary. The malware also created two entries in my User local and roaming named Epic(dot)net but I could not delete them permanently, and could not find if or where they might be located in Windows Registry. So I finally gave in and bought a new laptop in December, not going to reinstall Win 7 when this is the last of its 3 year security patched afterlife.
AnthillSudoku
commented
2 years ago whitelist
adobe-aem.map.fastly.net
fixed by 1hosts https://github.com/badmojr/1Hosts/issues/531
Energized Protection - block ⚡
Issue Submit Form
Issue(s):
Type
xin between[ ]and make sure there isn't any space between brackets. Example; for Your Selected Issue(s), type like this -[x]You can select more than one category of issues if you need to!Pack(s):
Write the name of the pack(s) you are using.
Extension(s):
Also name the extension(s) if you are using any. If you don't then leave it blank.
Domain(s):
If you are submitting this issue for whitelist/blacklist issue, send us the domain(s) for whitelisting/blacklisting here. Kindly use the Code Tag to prevent tracking.
Your Config:
Just to ensure there is no issues or conflicts with other app/software/magisk module/extension/source list. Make sure you are running Energized Protection Service only.
Detail:
Write us a lil bit more about your issue or query. You can attach any screen shot or log of the issue or advert, this will help to highlight it.
fastly.net is a CDN sites such as coopvoce.it do not work without it, in this single case to manually fix only this one I added this on my filters
Thank you for making Energized Protection great, with your kind help!
A project by Ador with ❤