DaveB-Opt 0 Posted May 1, 2019 Share Posted May 1, 2019 (edited) We're trying to test a website for a client of ours but we're getting the following block message from ESET. We've contacted the client and they've confirmed no malicious JS on the website. What can we do in this instance? I don't want to whitelist if it is malicious, but it's holding up production. I can provide links if required. Edited May 1, 2019 by DaveB-Opt spelling Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted May 1, 2019 Administrators Share Posted May 1, 2019 Please post the url which is detected in an obfuscated form so that the link is non-clickable. Link to comment Share on other sites More sharing options...
DaveB-Opt 0 Posted May 1, 2019 Author Share Posted May 1, 2019 (edited) 27 minutes ago, Marcos said: Please post the url which is detected in an obfuscated form so that the link is non-clickable. https zonestor dot com fec9c24dca291d2000/adv12628/test/link Edited May 1, 2019 by DaveB-Opt Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 1, 2019 Most Valued Members Share Posted May 1, 2019 According to VirusTotal , the URL scanned is marked malicious by CRDF only. Link to comment Share on other sites More sharing options...
DaveB-Opt 0 Posted May 1, 2019 Author Share Posted May 1, 2019 (edited) Ok so that zonestor URL redirects to a.net-dag34.stream - which appears to be the malicious url It redirects to a.net-dag34.stream /iwxb/rimnc/index-en-c-xs.html?td=www.watervilleireland.com&browser=Chrome&country=United%20Kingdom&city=Islington&os=Windows&pr=$999&yp=$1&cep=aZSUB41JfS1fP6UO41IiKF9rubuwVLziFs1m2U8_gN0JnFBE2VtEOExzRbMVub1gZo_xS6A18PxQifQHCZdZTJ6qB18tVidF9aIdIdiSOdCPhRE4kDFZ1njq5aGgkwWzExqb5bFnnILAedgwek7vG8iPQtmzzY_RYdiY2tBkH8o_JqBHah2OtLoC2LV4inGhlWMfa1UHmmezP1ZxkknPVYSmLcIxfGkqCqBGL1cgMGI&4=&3=&5=&6=&7=&8=470001&2=&1=824532983&s1=470001&s0=824532983# Edited May 1, 2019 by DaveB-Opt Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 1, 2019 Most Valued Members Share Posted May 1, 2019 It might be some kind of ad in the website that redirects to that url , or the page is infected with malicious code. Link to comment Share on other sites More sharing options...
DaveB-Opt 0 Posted May 1, 2019 Author Share Posted May 1, 2019 Ok so what do we do in this instance? The choices are effectively: 1. Allow the URL and hope for the best 2. Tell our client they are malicious and lose business Thanks Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 1, 2019 Most Valued Members Share Posted May 1, 2019 9 minutes ago, DaveB-Opt said: Ok so what do we do in this instance? The choices are effectively: 1. Allow the URL and hope for the best 2. Tell our client they are malicious and lose business Thanks You shouldn't allow the URL because it might infect your machines or cause some damage to you incase ESET didn't detect it , you shouldn't turn off the protection , it's trying to protect you from malicious codes You should inform the people who are responsible for this website that their website redirects to a malicious website. Link to comment Share on other sites More sharing options...
DaveB-Opt 0 Posted May 1, 2019 Author Share Posted May 1, 2019 4 minutes ago, Rami said: You shouldn't allow the URL because it might infect your machines or cause some damage to you incase ESET didn't detect it , you shouldn't turn off the protection , it's trying to protect you from malicious codes You should inform the people who are responsible for this website that their website redirects to a malicious website. Thanks Rami - thought I would double check Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 1, 2019 Most Valued Members Share Posted May 1, 2019 7 minutes ago, DaveB-Opt said: Thanks Rami - thought I would double check You are welcome Link to comment Share on other sites More sharing options...
Recommended Posts