WhyNotWin11.com is not owned by Me #66
Comments
rcmaehl
added
critical
|
This website is not owned, operated, or affiliated with me. I'll see if I can get contact information via WHOIS or another means but definitely sketch. It's my fault for not buying the domain |
rcmaehl
changed the title
|
Hopefully this is someone trying to be helpful but I'll be reaching out to legal council and will make a case if this becomes an issue. |
|
Maybe some hosts project ban page: https://github.com/StevenBlack/hosts#list-of-all-hosts-file-variants then may no load with NextDNS on default setup. |
|
@Yuki2718 can by marked as badware risk this commercial domain? like these: uBlockOrigin/uAssets#1738 uBlockOrigin/uAssets#3060 @spirillen fyi |
|
The Reddit Account of the site owner has been found but has been inactive for a couple hours. The situation will be updated as it progresses. |
|
@krystian3w Need evidence the site is actually malicious or dangerous for us to block. |
|
@Yuki2718 I believe it's evening time for the current owner, however I've contacted them via several methods and are awaiting a reply. I'll keep you informed if anything changes. |
|
Thanks for your consideration @krystian3w However, I do not currently see any threats from the domain, however I do believe there are missing a very very important disclaimer about the non-relation to @rcmaehl If we are scouting the site source code we will find that it yet another wp site and the biggest threat is google, facebook and nocookie.net When all this said, yes it is ort that all traces of who owns this domain end in a closed reddit account My conclusionIf things on the site change, yes it would be added, as there currently are nothing dangerous on the site, i would leave it as it is. HTML decoded<link rel='dns-prefetch' href='//fonts.googleapis.com' />
<link rel='stylesheet' id='wp-block-library-css' href='https://www.whynotwin11.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2' type='text/css' media='all' />
<link rel='stylesheet' id='yasrcss-css' href='https://www.whynotwin11.com/wp-content/plugins/yet-another-stars-rating/includes/css/yasr.css?ver=2.8.1' type='text/css' media='all' />
<link rel='stylesheet' id='google-fonts-style-css' href='https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.8' type='text/css' media='all' />
</div></div></div><div id="pgc-gb14-60d86a683a89c-1-1" class="panel-grid-cell" ><div id="panel-gb14-60d86a683a89c-1-1-0" class="widget_text so-panel widget widget_custom_html panel-first-child panel-last-child" data-index="2" ><div class="textwidget custom-html-widget"><blockquote class="twitter-tweet"><p lang="en" dir="ltr">WhyNotWin11 is a better replacement for Windows 11's PC Health Check – <a href="https://twitter.com/LawrenceAbrams?ref_src=twsrc%5Etfw">@LawrenceAbrams</a><a href="https://t.co/d5UbPNrzgV">https://t.co/d5UbPNrzgV</a></p>— BleepingComputer (@BleepinComputer) <a href="https://twitter.com/BleepinComputer/status/1408861525939531778?ref_src=twsrc%5Etfw">June 26, 2021</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></div></div></div></div></div><script type="application/ld+json">{"@context":"https:\/\/schema.org\/","@type":"Product","name":"WhyNotWin11","description":"WhyNotWin11 Detection Script to help identify why your PC isn’t Windows 11 ready Download Version 2.2.2 \u2022 1 MB [Total: 1 Average: 5] What is the WhyNotWin11 Tool? WhyNotWin11 is a tool that allows us to check whatever our Computer or Laptop can run Windows 11 or not. Unlike Microsoft’s Health Check Tool, This WhyNotWin11 Tool...","image":{"@type":"ImageObject","url":"","width":0,"height":0},"Review":null,"aggregateRating":{"@type":"AggregateRating","ratingValue":5,"ratingCount":1,"bestRating":5,"worstRating":1},"brand":"","sku":"","":""}</script> </div>
</div>
.game-preloader-thumbnail {
background-image: url(https://static.wikia.nocookie.net/fridaynightfunkin/images/7/70/FNF_Logo_ba-bumps.gif);
} |
|
Since it's not mentioned by anyone yet... The link to the .exe is no longer pointing to this repo's releases. The .exe that the website offers does not have the same sha256 signature as the one found in releases (site says it's 2.2.2, i've compared only to this one). https://www.virustotal.com/gui/ did not find anything. |
|
True... a class="maxbutton-1 maxbutton maxbutton-download" href="https://www.whynotwin11.com/WhyNotWin11.exe"><span class='mb-text'>Download</span></a></div>This makes it a malicious site., Thanks for the update @pixeye33 |
|
This is a comment to provide verification of the @WhyNotWin11 twitter account |
|
Correction : exe metadata says its 2.2.4 and the sha256 actually matches the one on the repo... (for now, is what i implied) |
Still, it makes no sense to rehost file (with wrong release number) It probably mirrors the link from readme |
Closes https://mypdns.org/my-privacy-dns/matrix/-/issues/1835 See also: - rcmaehl/WhyNotWin11#66 Signed by @spirillen Changes to be committed: modified: source/malicious/wildcard.list
|
@Yuki2718 situation has changed a bit. I can understand if you're still hesitant, and I'll tag you in any additional changes, but it appears they're specifically trying to hide the fact of the .com banner warning. (Which is gonna be a bit hard to do if anyone checks for updates on the app.) |
|
Yep, the guy purged information about the owner and the placeholder pages where I had attempted to contact him. I'd rather not involve council butttttttttttt |
|
Going through the persons reddit posts (if I am looking at the correct person that is), it looks like they have done this type of stuff before with other things as well, so I wouldn't expect much from them as it looks like they are just up to no good and just taking advantage again of a popular application. |
They have a few accounts ranging between 5-7 years old. All Generic Middle East names. |
Ah the only one I've run across so far that has any mention of the website so far is an account named "chardasyaal", but makes sense that they would have multiple accounts. Hopefully you can get the site shut down :/ |
|
i contacted namecheap via a ticket to report abuse. hope this is solved soon! |
|
I'll be surprised if you can get the domain down. But what I can't understand... Why are they putting up that domain, hosting an exe (Currently same sha256/md5). What is there attempted gain here?? there are no banners/ads or severe tracking/spyware (Yet) But what confuses me more is there usage of a complete WP setup for one page which could be written with have the bits for the frontpage, and not to mention the entire backend (db/wp-code, etc). |
All I really needed from them was "Hey, I'm X. I'll be sure to keep it the latest build and note that I'm not affiliated somewhere on the page". I would have grabbed the .org anyway (and now have, DNS please propagate) |
|
how did this turn into a talk about racism |
|
Open source is very political. |
👀 Linux Kernel Email threads |
|
I tried to access it & I got this error: |
|
God damned.... chrome can be true about itself!!!!
😏 👿 😮 |
What do you mean? |
google anti-privacy policy, where nothing is private to them, but all about them is private 😏 You know...
|
Ok. I think there is a typo in that filter though. |
Nope, it's recent addition. |
rcmaehl
changed the title
LGTM. |
|
their download doesn't even work anymore, just goes back to the home page |
|
I'm going to go ahead and close this out. While some people may be confused still, I am happy with the disclaimer. I wish they would have replied via the forwarding service and other contact methods, but I'll continue to keep an eye on the situation. |
|
We got a good ending (hopefully it stays that way). Good the situation got resolved. |
|
I think we all (BlackList maintainers) should remember to REMOVE whynotwin11.com from our blacklists.... right? |
Closes https://mypdns.org/my-privacy-dns/matrix/-/issues/1835 See also: - rcmaehl/WhyNotWin11#66 (comment) Signed by @spirillen Changes to be committed: modified: source/malicious/combined.txt modified: source/malicious/wildcard.list
|
Should we report FPs to the AV detections on VirusTotal? (there is now 4) |
VT is only operating a collection of list / results from external sources, such as @mitchellkrogza's https://github.com/mitchellkrogza/Phishing.Database. Requesting removal from these lists become the site/domain owners own headache. |
If they are legit, that should not be hard & they might want to |
|
They admit the program isn't theirs, they might be expecting you to buy the domain from them for a 'reasonable sum'... |
|
The ads and the articles at the bottom of the page make it look like the domain was obtained for free. |
|
More likely, someone is trying to recoup the cash for paying for the hosting/domain. |
You mean the 3€/month webhosting + 10€ domain/year ? |
|
Yeah ...in Poland ~60-300 zł (13,50-66,50 €) at year if we found good chip hosting/domain renew. |
|
re: waiting for you to buy the domain (for a reasonable fee) |
and others
https://www.whynotwin11.comhttps://i.imgur.com/6Rlz443.png
I haven't seen this mentioned anywhere. Is this from you @rcmaehl? The download link currently points to this repo's releases, but they might be trying to lay low for a while before switching it out 👀
The text was updated successfully, but these errors were encountered: