gryn2 0 Posted July 1, 2022 Share Posted July 1, 2022 When I google "192.168.1.254" Eset internet security alerts me to the message that it blocked connection to a html/Refresh.bc trojan. Here is log with my username redacted. Eset says that site has malware on it, so a warning to everyone don't go to the link in the column named object. <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">1/07/2022 9:54:02 pm</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">dont click on this link its malware!! https://19216811-vn.webpkgcache.com/doc/-/s/19216811.vn/en/ip/192-168-1-254</COLUMN> <COLUMN NAME="Detection">HTML/Refresh.BC trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">redacted username</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the web by the application: C:\Program Files\Google\Chrome\Application\chrome.exe (889F217AD770794EDEC8FE405445F507B77B6E64).</COLUMN> <COLUMN NAME="Hash">EE158D8F0159326F5CDE897722CC482DA5CE867A</COLUMN> <COLUMN NAME="First seen here"></COLUMN> </RECORD> </LOG> </ESET> When I press f12 to open up the chrome console in the google search page there is a link to the site that has the trojan on it. Also that site is the third link down on the google search results. This in 100% reproducible, every single time I refresh the page or google search 192.168.1.254 or google the link above Eset comes up with the warning message I pasted above. Is this something I should be worried about? I tried to reinstall chrome but it still happens. Link to comment Share on other sites More sharing options...
itman 1,541 Posted July 2, 2022 Share Posted July 2, 2022 On 7/1/2022 at 7:37 AM, gryn2 said: When I google "192.168.1.254" Eset internet security alerts me to the message that it blocked connection to a html/Refresh.bc trojan. Here is log with my username redacted. No problem here. When I enter 192.168.1.254 in Google search window, it opens my router's GUI interface. Is your router's IPv4 gateway address 192.168.1.254? To verify what your IPv4 gateway address is open a command prompt windows and enter: ipconfig /all Link to comment Share on other sites More sharing options...
ESET Insiders stackz 94 Posted July 3, 2022 ESET Insiders Share Posted July 3, 2022 It's just Chrome preloading links from the search results. I get the same thing happen when Google searching the same address with MS Edge. Aryeh Goretsky 1 Link to comment Share on other sites More sharing options...
Recommended Posts