knicks_fan 1 Posted September 25, 2013 Share Posted September 25, 2013 While surfing WTOP.com, a legitimate website for an all news station located in Washington, DC, ESET is complainng about a blocked address from time to time when the page reloads. The log records are all the same, a sample follows: 9/25/2013 6:33:01 AM hxxp://delivery.globalcdnnode.com/7f01baa99716452bda5bba0572c58be9/afr-zone.php Blocked by internal blacklist C:\Program Files\Internet Explorer\iexplore.exe <company>\<userid> I have had no luck contacting the webmasters of WTOP.com. Can someone at ESET doublecheck and see what is so offensive at the website listed in the log record above? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted September 25, 2013 Share Posted September 25, 2013 https://www.virustotal.com/en/url/38b4c272d4aa4b278ee832b75cc5429e3cc61346c2206b5a8713809c7e915a96/analysis/ knicks , it seems the host of the domain is the trigger, not the website itself. The host was subjected to threat Mal/HTMLGen-A at some point or another, which is possibly a short term for malicious html coding virus/trojan. One company mentions Phishing. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted September 25, 2013 Administrators Share Posted September 25, 2013 It's blocked because of a Java exploit present on the domain. Link to comment Share on other sites More sharing options...
knicks_fan 1 Posted September 26, 2013 Author Share Posted September 26, 2013 Thanks. I switched to Firefox to visit the news website and have not gotten any alerts. I have e-mailed WTOP's webmasters again to look into this. Probably won't hear from them. Link to comment Share on other sites More sharing options...
Recommended Posts