Hi Team - A client of mine is getting popups from Eset on their own website. I've run Every URL scanner I can find and none of them find anything malicious.
The URL in question is www.studypass.com
Which of these do you think is most likely?
1) Outright False positive
2) Positive based on code on their site using obfuscation that is often used by malware?
3) They are actually infected?
Visiting their site on other machines doesn't show any unsual behaviour - I've had a client whose wordpress site was hacked (Not sure how, handed off to webhost/developer) but they had code injected that made it redirect to a third party site (ad revenue probably) but only on the first visit - So most people just scratched their head, tried again and put it down to a typo or a popup from another tab or something. I haven't been able to find popups and I even used the same browser on the same operating system (Windows 7) to make sure it wasn't only activating when the Client system was something it felt it could exploit. The browser session doesn't use any CPU time once loaded so it doesn't appear to be running any background processes (Bitcoin mining etc) so I'm really unsure if there is anything here without having access to the bare files on the webserver. I've forwarded information to the business for them to forward to their web dev but I've had people call themselves developers before when all they really did was use a Wordpress host and templates to bang up sites with no technical understanding of the underlying files etc.
Regards,
Matt