Bitcoin Forum

just curious, why does it show me a "your connection is not private" but when I decided to proceed to the website it directed me to the actual earnbet.io website which is secure, unlike the "game.earnbet.io" link? I even thought the link provided by Cryptoangel01(photo below for reference) was a phishing site but after being directed to the actual earnbet.io website I got confused about whether the game.earnbet.io is a phishing site or not.

thanks in advance to those who'll clear it up.

https://i.imgur.com/ihxh6O4.jpg


post of Cryptoangel01 on this thread What do you think about adult citizens of El Salvador getting bitcoins for free? (https://bitcointalk.org/index.php?topic=5348004.0)
https://i.imgur.com/qOWB8pE.jpg

I have zero knowledge on earnbet.io so I can't comment on that, but when you see that error, it doesn't always automatically mean that the website is a phishing site. It could just mean that they have a problem in the domain level, specifically with SSL.

Phishing is usually when you want to visit a legitimate site called for example "foo.com" but the attacker sends you a fake link pretending to be that site but it is actually "foobar.com". https://en.wikipedia.org/wiki/Phishing#Link_manipulation

In this case the NET::ERR_CERT_DATE_INVALID is telling you what the problem is, it is the certificate of that website that has been expired since it was valid until 2021-07-06. Whether this itself is a fake website or not I can not tell.

If the url is the exact one you are looking for browse, then it’s certainly not a phishing attempt. In case of phishing, you will see a same page as of your desired website but different url. For example, for a phishing attempt to steal your password on facebook would require you to enter your facebook email and password on a page which is exactly the same page of original facebook but the url will be different.
In this case, they don't have the SSL certificate. It’s risky to enter credentials here though. Your data isn't secured in such case.

Earnbet is a legit site operating here from 2019- https://bitcointalk.org/index.php?topic=5103576.0

Edit- They have SSL certificate, I just have checked and the link shared by user is also the original one. Not sure why it's saying privacy error.

Phishing links are not that easy and the browser always tells you because they are an attempt to imitate the original site by using a similar domain name or trying to redirect requests to the scam site.
The message that the browser gives you is a warning and therefore you must double-check the address and then decide whether you decide to visit it or not.

Identifying phishing links is often done using a database where the browser compares the site to that database before it connects to the IP address of that site.

It does not seem to be related to a phishing site, despite it being "fishy" on the surface …

The SSL certificate being used by http[colon]//game[dot]earnbet[dot]io/ has been expired for over a month, thus the message, since whatever you type will be in clear text on the internet, and can be captured by a sniffer.

Nevertheless, what really seems to be going on is that the site is used as a redirect, to capture traffic, and have it taken to earnbet[dot]io with a, guess what, referral/bonus along the way. 

See: https://wheregoes.com/trace/20214719198/

Not phishing but that account is definitely spamming the forum with those messages, all his posts are really about earnbet, not about the subject.
https://bitcointalk.org/index.php?action=profile;u=1763475;sa=showPosts


Since the main domain is still theirs and the redirect is just from the subdomain to the main domain I assume it was used in some old promotion and now they are simply tracking the amount that still comes from old links with the affiliate program they have in place.
I used to do so for some of the domains I parked, added a redirect with ref=1,2,3 to see what kind of traffic they still have and if I can use some of it.

I tend to agree with this because there could be a different reason why there's an SSL connection error.  It could certificate was expired, or another reason is your browser have used isn't updated.  If the reason was due to their server problem, you need to wait until they will be fixed it and now, upon posting this I didn't encounter the same as OP, everything works fine, which means this isn't a phishing site.

If you trust the site and don't want to encounter this again, you can disable the SSL scan in your anti-virus used or in the firewall setting on your PC.  But still, be careful on this, there might a phishing site that you may encounter, at least you're aware.

Usually subdomains are not phishing links unless the main site gets compromised, which also leads you to some strange URL such as earnbet.io/78dJhdnf098

Just accessed game.earnbet.io and it redirects me to the main webpage. Perhaps the owner might be planning on adding some sub-sections.

I believe the website admin added a rule in the .htaccess file to redirect visitors to the new link. If this is the case then the new link isn't really a referral link but rather a trucking link to know how many users visited the game sub-domain.

As said above, most likely the SSL certificate has expired and the website owner didn't renew it yet. I would stay away from this website until everything get resolved. You should never connect to an insecure website as you never know who might be listening to your communication!

Thanks for properly explaining it which cleared things up for me and thanks to everybody's Input regarding my confusion about the topic.  :)

I noticed that too when I visited his post history I just forgot to add it to the end of the thread. thanks for bringing it up.

Would posting that site to the virustotal be enough to see if its a fake site?

Not in general terms, and not in this specific case (which is certificate related to begin with, but likely more). Legit or fake sites are often not related to malware patterns or heuristics, but rather to the intent of the site’s developer. I’ve checked hundreds of fake sites without getting so much as a hint from my antivirus (nor would I expect it), and what’s more efficient in terms of detection is being aware and cautious of the links you follow and the sites you visit themselves.

Really ...

I don't see any traces of phishing but that still looks suspicious to me, is that even a secured link? If my browser shows such warning I will leave immediately because there are tons of things we don't know that bad people on the internet knows, you shouldn't be ready to find out.

You are getting that warning because the connection is not secured, that website is using unsecured connection http instead of https, I won't continue surfing such website if I were you until the team fix that up.

^^
The topic is eight months old but someone just bumped it. It looks like the website owner renewed the ssl certificate and the problem has been resolved.

https doesn't mean the website is safer or doesn't contain malicious content. It only means that the communication between your browser and the website's server will be encrypted. You should avoid http websites when you have to send/receive sensitive data.

But what if the owner of a site or others who are reputable tells you that the site that is

http


tells you its legit though?  Then no issue right?  But if you visit a site that is http, can you catch malware?  Or you have to still download something and run it in order for malware to activate?