Browser-Based Threat Report: Jan 8
Browser-Based Threat Report
Week of January 8th, 2024
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and other Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of January 8th, 2024, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: e64f0fe9e6a80807640b81600c168af3e335a12d91b1dc2e2df20d2ae04fed8a
ConcealBrowse first detected this URL on January 8th, 2024. Only one other vendor annotated the URL on the 8th, and only 2 total vendors are reporting it as phishing at the time of this report. Conceal prevented this new threat, further assigning a 14% risk and highlighting the importance of real-time analysis.
Despite several vendors not identifying this page as malicious, it has been shown to download a phishing HTML to visitors, leverage hidden URLs and JavaScript, and the server where this site is hosted is also hosting cc, ru, and .ws domains. Adversaries commonly use these TLDs.
_____________
SHA-256: bb4cd8d523d0ce1ee335b18573829db74b8ccca8d386e0badcb7d75aa1c2dedc
ConcealBrowse detected this URL on January 8th, 2024. It was first identified by 7 security vendors on August 24th, 2023. ConcealBrowse intervened as the webpage loaded to the endpoint, assigning the page a 38% risk.
The webpage uses a redirect, which loads a blank page currently. However, it was historically loading the screenshot pictured below. The webpage prompts the users to allow notifications that, once enabled, execute numerous JavaScripts found embedded within the webpage’s HTML source code. The body hash (annotated above) has been flagged by over 10 security vendors. These vendors classified the page as a known adware distributor. The domain listed above and the redirected domain should be avoided, as most of their subdomains have also been annotated as such.
_____________
SHA-256: fd2f020c87981687a1a05917e1e0f2f672533b29bf0d58d5ab6f945f7bdab389
The URL was detected by ConcealBrowse on January 3rd, 2024. It was detected by various security vendors on January 2nd, 2024, and is currently flagged by 15 vendors. Classified as malicious and phishing, this newly registered domain and subsequent webpage were further analyzed and deemed proximal by ConcealBrowse, meaning it is cohosted with other malicious domains.
Since the delivered webpage now has no content, it may appear safe. However, there is a lingering threat. ConcealBrowse flagged this webpage with our in-house indicator known as “proximity.” This means that the page is hosted on a server that hosts other sites known to deliver malware or phishing campaigns. After further analysis, the server has been seen to be hosting malicious sites. Some of these sites are delivering encoded files to their victims that enable them to bypass traditional antivirus products, exhibiting MITRE ATT&CK tactics such as defense evasion. Due to the affiliation with this enabling server, ConcealBrowse intervened.
_____________
Valuable Outcomes
As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.