Is llnwd.net Safe?

CRDF just send a warning: CRDF.Malware-Generic.2140413873 44 minutes ago

https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=llnwd.net Google’s Safe Browsing Site Status Current status: Partially dangerous Some pages on llnwd.net are not safe to visit right now. Site Safety Details ***** Some pages on this website send visitors to dangerous websites. ***** Some pages on this website install malware on visitors' computers. ***** Dangerous websites have been sending visitors to this website, including: xrosmate.com. --------------------------------------- http://www.avgthreatlabs.com/ww-en/website-safety-reports/domain/llnwd.net/ 30-day safety report for: llnwd.net No current active malware appears on this website. However, during the last 30 days potentially active threats did appear on a subdomain. (updated Jan 05, 2016 GMT) Types of Malware Found 1 ***** Script/Exploit Compromised Pages 1 Script/Exploit Summary Script/Exploit is a malicious software that once it is executed has the capability of replicating itself and infect other files and programs. These type of malware, called Viruses, can steal hard disk space and memory that slows down or completely halts your PC. It can also corrupt or delete data, erase your hard drive, steal personal information, hijack your screen and spam your contacts to spread itself to other users. Usually, a Virus is received as an attachment on an email or instant message. --------------------------------------- http://www.urlvoid.com/scan/llnwd.net ***** Blacklisted by ***** Both of the following security scanners are blocked by this site. Suspicious. ***** http://quttera.com/detailed_report/llnwd.net ***** https://sitecheck.sucuri.net/results/llnwd.net

Not easy to find information on this site. However a WHOIS lookup for llnwd shows that it is registered to "Limelight Networks Inc.". Limelight Networks do appear to simply be a video and content streaming service, with nothing obvious to suggest that they're heavily involved in advertising, tracking or data collection. Their own summary from their website. "Limelight is a top tier content delivery network (CDN) offering superior performance and high availability, featuring a massive network footprint, an object-based global file system that provides policy controlled cloud storage and replication, with powerful cloud-based software that enables organizations to deliver faster websites, more responsive web applications, the highest quality video for both on demand and live streaming, while operating at the scale needed to deliver software downloads and games updates to any device, mobile or fixed, anywhere in the world." I'm allowing the site, but with some caution.

Ad/Tracking domain http://hosts-file.net/?s=www.llnwd.net Note: Some websites hosted on this domain are malicious. https://www.google.com/safebrowsing/diagnostic?site=llnwd.net *****

My Bank has this on their site. However I looked again at Google Safe Browsing and thier latest report is not pretty: Safe Browsing Diagnostic page for llnwd.net What is the current listing status for llnwd.net? This site is not currently listed as suspicious. What happened when Google visited this site? Of the 58646 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-12-19, and the last time suspicious content was found on this site was on ***** Malicious software includes 6 trojan(s), 4 exploit(s). This site was hosted on 2 network(s) including AS22822 (LLNW), AS38621 (LLNW-SG). Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, llnwd.net did not appear to function as an intermediary for the infection of any sites. Has this site hosted malware? Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including . I think I will leave it forbidden!

From Google's Safe Browsing site Information: What happened when Google visited this site? Of the 53902 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-09-23, and the last time suspicious content was found on this site was on ***** Malicious software includes 3 exploit(s). This site was hosted on 2 network(s) including AS22822 (LLNW), AS15169 (GOOGLE). Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, llnwd.net did not appear to function as an intermediary for the infection of any sites. [THIS MAKES NO SENSE -- HMR] Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. [THIS MAKES NO SENSE -- HMR] Another reviewer reports crashes possibly attributable to llnwd.net or a site(s) requiring it.

According to Google's Safe Browsing Diagnostic page for llnwd.net: What happened when Google visited this site? Of the 4499 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-02-06, and the last time suspicious content was found on this site was on ***** Malicious software includes 2 exploit(s). http://www.google.com/safebrowsing/diagnostic?site=llnwd.net

Came across llnwd.net while accessing the main DirecTV website (www.directv.com). Luckily, NoScript caught it and blocked it. Unlike you, mikeclarkusa, I had no issue logging in to my DirecTV account—even with ***** completely blocked. Unfortunately there's just not much data on this site, but URLVoid shows a clean report (reference: www.urlvoid.com/scan/llnwd.net); however, Google Safe Browsing gives a more suspect analysis: "What is the current listing status for llnwd.net? This site is not currently listed as suspicious. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. What happened when Google visited this site? Of the 2063 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-11-02, and the last time suspicious content was found on this site was on ***** Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, llnwd.net did not appear to function as an intermediary for the infection of any sites. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days." Reference: https://www.google.com/safebrowsing/diagnostic?site=llnwd.net Personally, I chose to just block llnwd.net permanently rather than take any unnecessary risks; as I stated originally, it does not seem to have affected the functionality of DirecTV's website in any way.

I had to allow ***** to run on my PC (I use Firefox and NoScript addon to control what can run). 3 times in the past 1/2 hour while watching a Vanguard (mutual fund company) video that required LLNWD, the whole thing crashed. Is it the video? Is it LLNWD? I don't know. But I will be careful.