Jump to content

JS/Adware.Agent.AF application


Recommended Posts

We're trying to test a website for a client of ours but we're getting the following block message from ESET. We've contacted the client and they've confirmed no malicious JS on the website. What can we do in this instance? I don't want to whitelist if it is malicious, but it's holding up production. I can provide links if required.

esetjs.PNG

Edited by DaveB-Opt
spelling
Link to comment
Share on other sites

  • Administrators

Please post the url which is detected in an obfuscated form so that the link is non-clickable.

Link to comment
Share on other sites

27 minutes ago, Marcos said:

Please post the url which is detected in an obfuscated form so that the link is non-clickable.

https   zonestor dot com fec9c24dca291d2000/adv12628/test/link

Edited by DaveB-Opt
Link to comment
Share on other sites

  • Most Valued Members

According to VirusTotal , the URL scanned is marked malicious by CRDF only.

Link to comment
Share on other sites

Ok so that zonestor URL redirects to a.net-dag34.stream - which appears to be the malicious url

It redirects to

a.net-dag34.stream     /iwxb/rimnc/index-en-c-xs.html?td=www.watervilleireland.com&browser=Chrome&country=United%20Kingdom&city=Islington&os=Windows&pr=$999&yp=$1&cep=aZSUB41JfS1fP6UO41IiKF9rubuwVLziFs1m2U8_gN0JnFBE2VtEOExzRbMVub1gZo_xS6A18PxQifQHCZdZTJ6qB18tVidF9aIdIdiSOdCPhRE4kDFZ1njq5aGgkwWzExqb5bFnnILAedgwek7vG8iPQtmzzY_RYdiY2tBkH8o_JqBHah2OtLoC2LV4inGhlWMfa1UHmmezP1ZxkknPVYSmLcIxfGkqCqBGL1cgMGI&4=&3=&5=&6=&7=&8=470001&2=&1=824532983&s1=470001&s0=824532983# 

Edited by DaveB-Opt
Link to comment
Share on other sites

  • Most Valued Members

It might be some kind of ad in the website that redirects to that url , or the page is infected with malicious code.

Link to comment
Share on other sites

Ok so what do we do in this instance? 

The choices are effectively:

1. Allow the URL and hope for the best

2. Tell our client they are malicious and lose business

Thanks

Link to comment
Share on other sites

  • Most Valued Members
9 minutes ago, DaveB-Opt said:

Ok so what do we do in this instance? 

The choices are effectively:

1. Allow the URL and hope for the best

2. Tell our client they are malicious and lose business

Thanks

You shouldn't allow the URL because it might infect your machines or cause some damage to you incase ESET didn't detect it , you shouldn't turn off the protection , it's trying to protect you from malicious codes

You should inform the people who are responsible for this website that their website redirects to a malicious website.

Link to comment
Share on other sites

4 minutes ago, Rami said:

You shouldn't allow the URL because it might infect your machines or cause some damage to you incase ESET didn't detect it , you shouldn't turn off the protection , it's trying to protect you from malicious codes

You should inform the people who are responsible for this website that their website redirects to a malicious website.

Thanks Rami - thought I would double check

Link to comment
Share on other sites

  • Most Valued Members
7 minutes ago, DaveB-Opt said:

Thanks Rami - thought I would double check

You are welcome :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...