SeriousHoax 105 Posted April 22, 2022 Posted April 22, 2022 Hello! So, ESET detects a script loaded on this site: "https://tinyurl.is/AnVh?sport=soccer" and completely blocks me from accessing it. What type of script is this one and how dangerous is this? Kaspersky's analyst responded that the URL contains some links to sports site which are not malicious and the attached html file like this one: VirusTotal - File - 6b5d20a1e7ec6df5e6fe384cdf77add1c0dc9207dceb738c0106f13bba9750a4 doesn't contain any malicious code. Though it has quite a few detections on VT. Bitdefender added after my submission and seems to be a bad hash-based signature. Anyway, is it anything serious? Is there a way to make ESET block the script but still let me visit the website? I tried the found malware is ignored exception. It lets me visit the site, but ESET don't block anything on the site.
Administrators Marcos 5,733 Posted April 22, 2022 Administrators Posted April 22, 2022 Hard to say what it does, it's heavily obfuscated. ESET is not the only AV to detect it. https://www.virustotal.com/gui/file/f039f277d215ea89643d6790eaf0c238e4ec93d98f5ac3727a060ce56f766fa6
SeriousHoax 105 Posted April 22, 2022 Author Posted April 22, 2022 12 minutes ago, Marcos said: Hard to say what it does, it's heavily obfuscated. ESET is not the only AV to detect it. https://www.virustotal.com/gui/file/f039f277d215ea89643d6790eaf0c238e4ec93d98f5ac3727a060ce56f766fa6 Yeah, I have seen that too. Interesting. But as far as I know, none of these AV which has detected it has HTTPS scanning in their home product, so they won't detect the script in the browser like ESET. But anyway, as I asked, Is there a way to make ESET block the script on the site but still let me visit it?
itman 1,921 Posted April 22, 2022 Posted April 22, 2022 The domain is hosting SEOSpam malware. Refer to this Quttera report: https://quttera.com/detailed_report/tinyurl.is
SeriousHoax 105 Posted April 22, 2022 Author Posted April 22, 2022 5 minutes ago, itman said: The domain is hosting SEOSpam malware. Refer to this Quttera report: https://quttera.com/detailed_report/tinyurl.is Are these all loaded on their homepage?
itman 1,921 Posted April 22, 2022 Posted April 22, 2022 (edited) 3 hours ago, SeriousHoax said: Are these all loaded on their homepage? More likely something from one of the numerous JavaScript's running there. Quttera downloaded approx. 80 - 90 files that it analyzed. Edited April 22, 2022 by itman SeriousHoax 1
Recommended Posts