Jump to content

Endpont device alarm


Recommended Posts

ESET antivirus regularly blocks h%%ps://us.ck-ie.com for many users on corporate endpoint devices. It looks like the reason for the webprotect blocking is this: Certificate revocation of h%%ps://us.ck-ie.com, certificate authentication error. The website doesn't seem to do anything. When we run it in Any Run and other sandboxes, browse forums, it hasn't been found to distribute malicious code.
Can you help me understand why unrelated users browsing different websites (news, weather, lifestyle) are getting the same block?
The websites have completely different content, are on different web hosting sites, and the users aren't clicking on ads. 

Reading the forums, many users are experiencing similar problems, but I have not found an answer as to why the auto-connect request of the mentioned page is triggered by the browser, does anyone know the reason for this? Has anyone researched this phenomenon? 

Edited by soctech
Link to comment
Share on other sites

  • soctech changed the title to Endpont device alarm

Thank you, Marcos. 
The question still remains as to why the auto-connect request from this page appears on the endpoint device. 

Link to comment
Share on other sites

1 hour ago, soctech said:

Thank you, Marcos. 
The question still remains as to why the auto-connect request from this page appears on the endpoint device. 

Others having the same redirect issue: https://www.reddit.com/r/computerhelp/comments/1c15l3o/avg_antivirus_says_my_computer_has_been/ . Appears no one has been able to figure out what is causing the redirection.

Edited by itman
Link to comment
Share on other sites

I found it in the category of promotional cookies listed by some commercial websites: 

Name:CID
Purpose:Used by Adriver to deliver targeted ads to a user based on their browsing habits
Provider:.us.ck-ie.com
Service:Adriver View Service Privacy Policy  
Country:United States
Type:server_cookie
Expires in:7 day

This cookie is used for gathering data on how visitors use the website. 

Adriver is a Russian operator of an Internet advertising management and control system. 

I found an article that deals with this service provider and others, visit this page:
https://adalytics.io/blog/adtech-not-checking-user-tcf-consent
Look for the article "Belgian user visits euronews.com". You get a nice little chain of how websites synchronise cookies with a number of third party data brokers and ad tech providers without the user's permission.

Had the SSL certificate used by the us.ck-ie.com web server not been revoked, and had ESET not alerted us, we would not have noticed the illegal data exchange going on in the background without the user's knowledge. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...