VirusTotal reports ESET shows Dxxxxxxxx domain as 'Clean'

[opti1 2]

What is ESET's position on this which appears to be the source of a "fake ‘Windows Defender’ scare":

"Along with a great deal of other information, VirusTotal maintains a separate detection webpage listing the vendors that do and do not perceive a threat in the Dothrakiz domain name shown in Figure 1."

Do the latest signatures for ESET products still treat this domain as clean, or not perceive it as a threat?

Thanks!

 

[itman 1,659]

I can't connect to the domain name, dothrakiz.com , in question in Firefox. As such, detection of it is a moot point.

[opti1 2]

@itman

Thanks for replying.

It seems others who have tried to access or get information about that domain had the same experience after this particular domain was outed as a source of the malware. Presumably the owners killed it and moved to another domain.

But there was a period of time when VirusTotal was able to find it and scan it with several dozen different anti-virus\anti-malware software packages, the vast majority of which treated it as 'Clean'.

That's kind of scary . . .

[Marcos 5,074]

The domain was classified as phishing by the majority of AVs that were blocking the domain. If it was actual phishing, ESET doesn't necessary have to blacklist a domain; it can detect the HTML code as phishing. I've tried to find the previous content but could not find any except of a page saying "Future home of something quite cool" so it might have never been actually misused to scam visitors, or it was taken down very quickly so that hardly anybody could encounter the scam had it ever been there.

Last but not least, it appears that the domain used to resolve to 34.98.99.30 which was blocked as phishing in 2021 by ESET too.