daspolfo 0 Posted February 16, 2023 Share Posted February 16, 2023 Hi all, I had a little fling today... By mistake, safari send me to a website i don't want to visit (Googe[dot]com instead of the classical with 'l')... Immediatly redirected, to luj proasdf webiste... Nothing appeared, nothing download... I just see a "Thank you" in the middle of the page. ESET doesn't detect anything. I've read the page source and see somme javascript talk to "Spoutable CDN" and some parameters "post" on the adress redirection (coordinates i think). I've make a full analyze with no infection result, check all the system hot places, nothing seems to change. No pop ups, no spam. The system seems to be clean. I've read a lot on this proasdf who launch some downloads/installation of browser extension or advertising modules when you answered to a survey. But nothing here, just "Thank you" instantaneously.. Is it normal that ESET let me go to this website without warning (if it's a dangerous place) ? Do you think my system is compromised? (ESET full analyze with no results, INTEGO analyze with no results, Malwarebytes with no results and check all system strategic places) Is it possible that a website stole some datas without install or execute something ? i'm affraid... Thanks a lot for your help. Best regards. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted February 16, 2023 Administrators Share Posted February 16, 2023 We've blocked the domain as phishing now. Note that the https communication is not scanned on Mac, only http is. Link to comment Share on other sites More sharing options...
daspolfo 0 Posted February 16, 2023 Author Share Posted February 16, 2023 (edited) Thanks Marcos, but you think my system is compromised? Can a simple page stole some datas on a system (without being typed by user) ? Edited February 16, 2023 by daspolfo Link to comment Share on other sites More sharing options...
daspolfo 0 Posted February 16, 2023 Author Share Posted February 16, 2023 And just for precision: all the process in use (Eset live grid) are on green... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted February 16, 2023 Administrators Share Posted February 16, 2023 I assume you've made a typo when attempting to open Google website and the dodgy site opened as a result of the typo. In such case the machine should not be infected as no malicious content seems to be on that site, at least not if the site is opened without any arguments. Link to comment Share on other sites More sharing options...
daspolfo 0 Posted February 16, 2023 Author Share Posted February 16, 2023 3 minutes ago, Marcos said: I assume you've made a typo when attempting to open Google website and the dodgy site opened as a result of the typo. In such case the machine should not be infected as no malicious content seems to be on that site, at least not if the site is opened without any arguments. Thanks again, It reassures me but i've try on a test machine with no account (and with vpn) to go directly to Googe[dot]Com and after redirection (to luj21.proadsf[dot]com) according to my location i've immediatly the "Thank you" and nothing or "We have no survey for your country now, contact us ....[@]gmail..." But nothin anormal on the machine in both cases. But you're right, it seems to have a survey before the "Thank you", with buttons to click... They don't appear for me. But a simple page can stole some datas on a system (without being typed by user) ? Just by Javascript for example ? I'm a little stressed now but i've made all the search possible at my level... (system, services, scan, disk access, network access)... and nothing seems strange... Link to comment Share on other sites More sharing options...
Recommended Posts