Jump to content

ofhappinyear.com


marbaj1

Recommended Posts

Hi, I have some alerts on NOD Eset management console: blocked by PUA blacklist - it seems as something is opening a website ofhappinyer.com

I have scaned the system of the user, I have checked the chrome extentions, I have checked the history of visited sites, there is nothing special, also no new programs have been installed since the user is not local admin.

Does anyone have similar problems, can you help me remove this from the unit and get rid of this every day alerts?

Thank you

 

Link to comment
Share on other sites

Hybrid-Analysis scan of the site which also includes Virus Total results shows the web site is 100% clean: https://www.hybrid-analysis.com/sample/8993479e8b7d46961d12bbacdb6bb58d6cb659b236b08f5cb3fd2f16a21de852 . This means Eset doesn't detect the site on VT.

Suspect you are being redirected to somewhere else; i.e. phishing. Post the Eset event log entry details for the PUA detection.

Edited by itman
Link to comment
Share on other sites

6 hours ago, marbaj1 said:

Attached is the log export file.

NOD-log-export.txtUnavailable

Only Eset moderators can read forum attachments.

I asked you to copy the Eset PUA alert log entry from Eset's Filtered websites log and paste the entry into a forum reply.

Edited by itman
Link to comment
Share on other sites

There is a detailed analysis of ofhappinyer.com here: https://hybrid-analysis.com/sample/8993479e8b7d46961d12bbacdb6bb58d6cb659b236b08f5cb3fd2f16a21de852?environmentId=100

In this analysis, the URL is being run via rundll32.exe which is definitely suspect behavior.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...