Deceptive site ahead: unanalytics.com

109

9

I am getting strange warning on almost all the websites since morning, including unanalytics.com.

Deceptive site warning

I am pretty much sure that it's a issue in google chrome only. The reason for being sure is, I am getting this on http://localhost too.

I want to know how can we remove this warning. is someone trying to steal the data?

Here are the Extension list I have installed

  • AdBlock
  • Better History
  • Copy All Urls
  • Google Dictionary (by Google)
  • Google Docs Offline
  • Google Translate
  • MakkhiChoose
  • Pushbullet
  • Tab Snooze
  • Tabbie

Google chrome version: Version 66.0.3359.139 (Official Build) (64-bit)

OS: Ubuntu 14.04

Manthan Tripathi

Posted 2018-05-08T11:11:06.930

Reputation: 867

Can you try it in Incognito mode? Do you get the same error? What URL are you trying to access when you see this error? What do you see when you click on the "Details" button on the Warning? – None – 2018-05-08T11:27:43.747

1Let me check. Basically the problem occurs when we open some page and keep that page idle for some mins by opening the new page. – None – 2018-05-08T11:29:56.027

@PrateekParanjpe: Following is what I am getting when I open the Details button

Google Safe Browsing recently detected phishing on unanalytics.com. Phishing sites pretend to be other websites to trick you.

You can report a detection problem or, if you understand the risks to your security, visit this unsafe site.

But I am not opening the unanalytics.com, It happened on stackoverflow.com too. – None – 2018-05-08T11:31:49.837

7Yeah I've been getting this intermittently. Turned off Better History and hasn't happened again yet. – None – 2018-05-08T11:43:36.357

Experiencing the same issue with same Chrome version on both Windows 7 and Mac OS X. – Frédéric – 2018-05-08T11:45:45.637

1

More details about the "malice" being spread via that domain -

https://gist.github.com/DrewDennison/bf661461c88cdfe959810811b32676f1

– None – 2018-05-08T11:50:50.577

Happened to me few months back. But was resolved after deleting browsing history and data since beginning. – Sandeep – 2018-05-08T12:08:13.447

I'm voting to close this question as off-topic because this question would be better suited for security.stackexchange.com – Tschallacka – 2018-05-08T12:41:56.350

Im not sure if this helps, but its possible they got "started" early https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl

– None – 2018-05-08T13:25:00.107

Beware spyhunter seems to be targeting this with there product - I've asked about it here https://security.stackexchange.com/q/185557/8120 – KCD – 2018-05-10T06:31:05.170

FYI, "Enhanced History" (a substitute for "Better History") has just been withdrawn from the Chrome Web Store (don't know the details) – ptim – 2018-10-16T00:26:30.753

Answers

122

I had the extension "Better History" installed also and have just removed it and tried visiting and browsing multiple sites without the warning appearing again.

I will comment again if it does but seems to be a quick fix.

Andy Hughes

Posted 2018-05-08T11:11:06.930

Reputation:

12Seems this extension causing the issues. – None – 2018-05-08T11:47:29.363

6I just deactivated it myself and it seems to fix the issue. – Tony Vlcek – 2018-05-08T13:06:59.543

Same here. I think this is the cause. – None – 2018-05-08T18:13:09.027

This is what was causing it for me as well. – Styledev – 2018-05-08T22:15:36.383

17

In case you're all interested. There is a fork of better history

https://chrome.google.com/webstore/detail/enhanced-history/blpnkmdkoapbdhpmemnaikpbhajknmdb

– uLan – 2018-05-09T04:03:27.357

Monitoring my network traffic I've been seeing this site (unanalytics) for a long time now and always with Better History enable. – yannisalexiou – 2018-05-09T06:15:32.740

Same here, you know something's not right when you get a security error on a Google page. – Rayner – 2018-05-09T12:12:29.913

same here, also better history, time for some reports in the app store and get that sh** kicked out. edit tried to report the app, but it seems it's already out of the store. Is there a way to get notified of an app that was removed due to such issues? – MushyPeas – 2018-05-09T19:20:45.333

14Sound likes Better History died in history for the better. Now history should be better without Better History. – wha7ever – 2018-05-09T20:19:13.660

Same I am also using it, will post it review after uninstalling it. – Dhaval Panchal – 2018-05-10T05:26:27.813

@AlexL History without Better History should be dying better. Oh wait is this not Reddit? – Michael Fulton – 2018-05-11T18:51:22.640

88

Now I'm reading why Better History is no longer available in the Chrome Web Store:

Better History Chrome extension goes rogue, hijacks browsers and displays ads

A third-party Chrome extension, supposed to make management of your browsing history simpler, has been kicked out of the Chrome web store after users accused it of hijacking their browsing, fiddling with links and opening webpages displaying ads. [...]

lstulajter

Posted 2018-05-08T11:11:06.930

Reputation: 611

22Yes, indeed it's not there anymore... Would be nice if Chrome warned users "The extension X has been removed from the web store due to Z motives"... I just removed it from my extensions. – brasofilo – 2018-05-08T22:34:21.353

@brasofilo i can still find it in the chrome web store – Jungkook – 2018-05-09T10:43:34.060

2

@SEGod, yesterday I googled the extension and the results were going to a 404 Google page. I tried to search for the extension ID and same results. I searched within the Web Store right now and a similar named extension appears -it's not the same- Chrome Better History. Reviews there are accusing the extension of being rogue too... (edit) The Github repo cited on the article linked in the answer was removed.

– brasofilo – 2018-05-09T19:38:18.227

3Whats sad is that the original author ended up selling it (presumably because of financial issues), which caused the new changes by the new owner. Either he had this plugin that he cherished and continued to develop, and was forced to sell it for more important needs, or he just wanted to cash in on the plugin, not caring for the users. – Mercury Platinum – 2018-05-10T20:06:16.520

3

I added 'Unanalytics.com' to the 'My Filters' list in uBlock Origin to block it. This seems to have resolved the problem for me. This should work in any other ad-blocking plugin too, such as Adblock Plus.

Here is the rule text:

! ...for Google Unsafe Browsing meassage...
||unanalytics.com/*

UPDATE:

As mentioned in the comments attached below this solution, this is merely a bandage on the problem. The extension still exists and may or may not be malicious.

spinjector

Posted 2018-05-08T11:11:06.930

Reputation: 131

This is at best a bandaid for the actual problem, which appears to be a malicious extension. If the extension is behaving badly now, it's likely to continue to do so in the future. By leaving it installed, you'll be open to attack again from whenever it changes to a different domain, until that domain generates enough negative attention to get blocked too. The proper fix is to dump Better History for something not attempting to spy on you. – Dan is Fiddling by Firelight – 2018-05-09T17:16:19.663

This is all entirely true. After reading through the thread again, and seeing where someone mentioned another fork of the Better History extension, it seems the original has either purposely or inadvertently become a conduit for that Croatian domain. So...better to kill the one I have and install the new fork from the Chrome store. I've updated my solution to echo this comment. – spinjector – 2018-05-09T17:30:43.183

Asked: 2018-05-08T11:11:06.930

Viewed: 20 990 times

Active: 2018-06-19T00:27:02.333