Jump to content

VirusTotal reports ESET shows Dxxxxxxxx domain as 'Clean'

Go to solution Solved by itman,

Recommended Posts

What is ESET's position on this which appears to be the source of a "fake ‘Windows Defender’ scare":

"Along with a great deal of other information, VirusTotal maintains a separate detection webpage listing the vendors that do and do not perceive a threat in the Dothrakiz domain name shown in Figure 1."


Do the latest signatures for ESET products still treat this domain as clean, or not perceive it as a threat?



Link to comment
Share on other sites


Thanks for replying.

It seems others who have tried to access or get information about that domain had the same experience after this particular domain was outed as a source of the malware. Presumably the owners killed it and moved to another domain.

But there was a period of time when VirusTotal was able to find it and scan it with several dozen different anti-virus\anti-malware software packages, the vast majority of which treated it as 'Clean'.

That's kind of scary . . .

Link to comment
Share on other sites

  • Administrators

The domain was classified as phishing by the majority of AVs that were blocking the domain. If it was actual phishing, ESET doesn't necessary have to blacklist a domain; it can detect the HTML code as phishing. I've tried to find the previous content but could not find any except of a page saying "Future home of something quite cool" so it might have never been actually misused to scam visitors, or it was taken down very quickly so that hardly anybody could encounter the scam had it ever been there.

Last but not least, it appears that the domain used to resolve to which was blocked as phishing in 2021 by ESET too.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...