(The quickest way to register)

Forum

  1. User picture
    • Security_Wiz on Sat 13 Sep 2008
    • 01:51:50 AM UTC

    Ixquick

    Hi,

    I have started using the search engine Ixquick. However, I notice that this website uses many domains (us.ixquick.com, us2.ixquick.com, etc.). I keep stumbling upon real Ixquick domains that seem fine to me that seem to be rated dangerous for some reason.

    This is one: s2-us2.ixquick.com/

    I see no problem with this. It's user confidence rating is low, but I'd still like to know why it is rated so badly.

Comments:

  1. User picture
    • Sami on Sat 13 Sep 2008
    • 08:44:10 AM UTC

    Re: Ixquick

    It was only recently removed from PhishTank.

  2. User picture
    • phantazm on Sat 13 Sep 2008
    • 09:19:11 AM UTC

    SE in PT?

    Why would a search engine end up in the PhishTank?

  3. User picture
    • AnonymousSpecial on Sat 13 Sep 2008
    • 09:28:06 AM UTC

    Most likely someone thought

    Most likely someone thought the URL looked like it was trying to spoof a bank or something.

  4. User picture
    • phantazm on Sat 13 Sep 2008
    • 10:51:54 AM UTC

    Or maybe this...

    Maybe it could be a case of search engine abuse.
    I found this short text that describes a google-example:

    "Google abuse - Who feels lucky here?

    Today I got this spam mail, that at first looked too simple.
    But when I looked twice, I noticed it was actually opposite:

    "Check it out - I just found the best casino website! It has great games, tournaments, daily promotions and high bonuses. If you go there now you'll get a free beginners bonus of $555 - so you can start playing right away! Have fun!"

    Casino spam is not news at all, but the deceptive link was.
    Instead of linking directly to casino-games-pro.com it used this:

    google.com/search?q=inurl%3Agames-pro+intext%3Awon1+million
    +megabet+from+casino+online&btnI=Lucky target="_blank"

    (This query searches for sites with "games-pro" in the url
    + "won1 million megabet from casino online" somewhere in the text.)

    This combination of words is found on only one website.
    And then Googles 'Feel lucky button' is abused to go directly to the site...

    Result: the scam-site avoids naming itself in the spam mail,
    thus making it harder for spam-filters to scan for names of known scam-sites.."

  5. User picture
    • phantazm on Sat 13 Sep 2008
    • 10:58:34 AM UTC

    Or maybe that...

    phantazm: Why would a search engine end up in the PhishTank?

    Sami: Not sure, but there it was, verified by six users.

    phantazm: I looked at the phishtank entry (http://www.phishtank.com/phish_detail.php?phish_id... and saw this url:

    hxxp://s1-us2.ixquick.com/do/show_picture.pl?c=bottom_frame&u=http://cgi.ebay.com.my/ws/eBayISAPI.dll?ViewItem&item=350022273334&indexURLMessage-Id:

    The first part is the searchengine, but...
    The second part contains "cgi.ebay.com.my",
    and that does look phishy to me...

    • User picture
      • Sami on Sat 13 Sep 2008
      • 11:05:34 AM UTC

      Re: Or maybe that...

      The second part contains "cgi.ebay.com.my", and that does look phishy to me...

      That's eBay Malaysia, it's not a phishing site either.

  6. User picture
    • phantazm on Sat 13 Sep 2008
    • 11:10:16 AM UTC

    Ooops!

    Okay, I didn't know that (mea culpa). Thanks for the correction!
    But then again, I'm neither malysian nor an eBay-customer...

  7. User picture
    • Security_Wiz on Sat 13 Sep 2008
    • 02:04:46 PM UTC

    Ixquick

    So, basically, it was flagged by PhishTank as phising because it had a phising link in their search results. That just doesn't seem very likely. Google has thousands of phising links and malware links, but they are not rated badly by sources because of it.

    Thanks though! As long as I know that Ixquick has no malware, I'm going to continue using it.

    I like that the WOT community is very active.

  8. User picture
    • logicman on Sat 13 Sep 2008
    • 02:31:11 PM UTC

    I see no phish.

    I'm still a bit puzzled, but I hope to figure out how this one got tanked..

    Meanwhile, this Professor:
    http://www.londonmet.ac.uk/research-units/hrsj/sta...
    is an advisor to:
    http://www.european-privacy-seal.eu/
    who have this year awarded the first ever european privacy seal to:
    Ixquick(tm) meta-search engine
    as reported here:
    http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=...

    :-)

    Footnote: I just found out that Ixquick had a contract with Overture.
    Overture was bought out by Yahoo - it's a sponsored links (paid ads) feature.
    Maybe someone found a malware / phish sponsored link and laid it at Ixquick's door?

  9. User picture
    • Security_Wiz on Sat 13 Sep 2008
    • 02:40:26 PM UTC

    Overture Ad Service

    So, basically, you're saying that in Ixquick search results there might have been an infected ad which would lead to a phising website?

    That's probably true, but why would they rate Ixquick badly, why not just rate the phising website bad?

    Also, Yahoo! does use Overture, because GoodSearch.com powered by Yahoo! does.

    Thanks for doing all this research! Personally, I think that PhishTank has a false positive, but I'm curious to find out more.

    One question: If WOT only uses Google Adsense (ratings do not show for text ads in Yahoo!), then how do sponsor results get rated in Ixquick if they use Overture like Yahoo!? Also, I believe that about a month ago WOT did rate Yahoo! sponsored results.

    • User picture
      • Sami on Sat 13 Sep 2008
      • 04:23:33 PM UTC

      Re: Overture

      The add-on shows you a rating only if it can figure out where the link goes. Ixquick seems to have Google ads where the target link is visible.

  10. User picture
    • logicman on Sun 14 Sep 2008
    • 12:06:17 AM UTC

    Re: Thanks for doing all this research!

    My pleasure! :-)