Jump to content
DaveB-Opt

JS/Adware.Agent.AF application

Recommended Posts

Posted (edited)

We're trying to test a website for a client of ours but we're getting the following block message from ESET. We've contacted the client and they've confirmed no malicious JS on the website. What can we do in this instance? I don't want to whitelist if it is malicious, but it's holding up production. I can provide links if required.

esetjs.PNG

Edited by DaveB-Opt
spelling

Share this post


Link to post
Share on other sites

Please post the url which is detected in an obfuscated form so that the link is non-clickable.

Share this post


Link to post
Share on other sites
Posted (edited)
27 minutes ago, Marcos said:

Please post the url which is detected in an obfuscated form so that the link is non-clickable.

https   zonestor dot com fec9c24dca291d2000/adv12628/test/link

Edited by DaveB-Opt

Share this post


Link to post
Share on other sites

According to VirusTotal , the URL scanned is marked malicious by CRDF only.

Share this post


Link to post
Share on other sites
Posted (edited)

Ok so that zonestor URL redirects to a.net-dag34.stream - which appears to be the malicious url

It redirects to

a.net-dag34.stream     /iwxb/rimnc/index-en-c-xs.html?td=www.watervilleireland.com&browser=Chrome&country=United%20Kingdom&city=Islington&os=Windows&pr=$999&yp=$1&cep=aZSUB41JfS1fP6UO41IiKF9rubuwVLziFs1m2U8_gN0JnFBE2VtEOExzRbMVub1gZo_xS6A18PxQifQHCZdZTJ6qB18tVidF9aIdIdiSOdCPhRE4kDFZ1njq5aGgkwWzExqb5bFnnILAedgwek7vG8iPQtmzzY_RYdiY2tBkH8o_JqBHah2OtLoC2LV4inGhlWMfa1UHmmezP1ZxkknPVYSmLcIxfGkqCqBGL1cgMGI&4=&3=&5=&6=&7=&8=470001&2=&1=824532983&s1=470001&s0=824532983# 

Edited by DaveB-Opt

Share this post


Link to post
Share on other sites

It might be some kind of ad in the website that redirects to that url , or the page is infected with malicious code.

Share this post


Link to post
Share on other sites

Ok so what do we do in this instance? 

The choices are effectively:

1. Allow the URL and hope for the best

2. Tell our client they are malicious and lose business

Thanks

Share this post


Link to post
Share on other sites
9 minutes ago, DaveB-Opt said:

Ok so what do we do in this instance? 

The choices are effectively:

1. Allow the URL and hope for the best

2. Tell our client they are malicious and lose business

Thanks

You shouldn't allow the URL because it might infect your machines or cause some damage to you incase ESET didn't detect it , you shouldn't turn off the protection , it's trying to protect you from malicious codes

You should inform the people who are responsible for this website that their website redirects to a malicious website.

Share this post


Link to post
Share on other sites
4 minutes ago, Rami said:

You shouldn't allow the URL because it might infect your machines or cause some damage to you incase ESET didn't detect it , you shouldn't turn off the protection , it's trying to protect you from malicious codes

You should inform the people who are responsible for this website that their website redirects to a malicious website.

Thanks Rami - thought I would double check

Share this post


Link to post
Share on other sites
7 minutes ago, DaveB-Opt said:

Thanks Rami - thought I would double check

You are welcome :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...