Jump to content

Endpont device alarm

Recommended Posts

ESET antivirus regularly blocks h%%ps://us.ck-ie.com for many users on corporate endpoint devices. It looks like the reason for the webprotect blocking is this: Certificate revocation of h%%ps://us.ck-ie.com, certificate authentication error. The website doesn't seem to do anything. When we run it in Any Run and other sandboxes, browse forums, it hasn't been found to distribute malicious code.
Can you help me understand why unrelated users browsing different websites (news, weather, lifestyle) are getting the same block?
The websites have completely different content, are on different web hosting sites, and the users aren't clicking on ads. 

Reading the forums, many users are experiencing similar problems, but I have not found an answer as to why the auto-connect request of the mentioned page is triggered by the browser, does anyone know the reason for this? Has anyone researched this phenomenon? 

Edited by soctech
Link to comment
Share on other sites

  • soctech changed the title to Endpont device alarm

Thank you, Marcos. 
The question still remains as to why the auto-connect request from this page appears on the endpoint device. 

Link to comment
Share on other sites

1 hour ago, soctech said:

Thank you, Marcos. 
The question still remains as to why the auto-connect request from this page appears on the endpoint device. 

Others having the same redirect issue: https://www.reddit.com/r/computerhelp/comments/1c15l3o/avg_antivirus_says_my_computer_has_been/ . Appears no one has been able to figure out what is causing the redirection.

Edited by itman
Link to comment
Share on other sites

I found it in the category of promotional cookies listed by some commercial websites: 

Purpose:Used by Adriver to deliver targeted ads to a user based on their browsing habits
Service:Adriver View Service Privacy Policy  
Country:United States
Expires in:7 day

This cookie is used for gathering data on how visitors use the website. 

Adriver is a Russian operator of an Internet advertising management and control system. 

I found an article that deals with this service provider and others, visit this page:
Look for the article "Belgian user visits euronews.com". You get a nice little chain of how websites synchronise cookies with a number of third party data brokers and ad tech providers without the user's permission.

Had the SSL certificate used by the us.ck-ie.com web server not been revoked, and had ESET not alerted us, we would not have noticed the illegal data exchange going on in the background without the user's knowledge. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...