ESET keeps blocking the address

[help_needed 0]

Using ESET Smart Security Premium 17.2.7.0

I've tried disabling "Web access protection" completely and also tried adding the website to URL list management allowed list.

Tried adding the website to URL list management excluded list.

None of the solutions work, it still blocks the traffic from the website.

What am I doing wrong?

 

[Marcos 5,231]

What website do you mean? Was there a threat detected when you opened it? Please post a screenshot of the alert for clarification.

[help_needed 0]

Pretty sure that they generate the address dynamically.

You're supposed to watch a video or click on some ads to get the link.

The sight blocked is the one at the bottom, I guess this is where the script is located

[Marcos 5,231]

What website / url did you initially open in a browser?

 

[help_needed 0]

https://content-hub.club/s?GkIw

[Marcos 5,231]

I'd recommend keeping away from that site. The detection is correct. And there's no useful content either anyways:

[help_needed 0]

Actually there is, once you do what you're supposed to (you can see the step, they can be different, that's how these guys generate money). What I don't understand is why with all the settings (included *cloudfront.net in allowed and excluded list) it still gets blocked?

Edited July 28 by help_needed

[Marcos 5,231]

4 minutes ago, help_needed said:

 What I don't understand is why with all the settings (included *cloudfront.net in allowed and excluded list) it still gets blocked?

That would circumvent url blacklist but not actual threat detections.

[help_needed 0]

So what should I do?

[duytoi 0]

2 hours ago, help_needed said:

So what should I do?

This might be a redirect website or a survey site to make money, but ESET checks and blocks it to prevent threats to Internet users, which is appropriate. Often, such sites tend to collect personal information. Follow the admin's advice, stay away from it, or you don't need to do anything. Alternatively, you can remove ESET from your computer and browse the web freely, which means you won't be protected.

[itman 1,740]

8 hours ago, help_needed said:

https://content-hub.club/s?GkIw

Eset initially detects this web site as a PUA. Notice that you are being redirected to another web site. Also, the redirected web site changes for each access. This alone should be warning enough to not access the web site.

Edited July 28 by itman

[help_needed 0]

I understand that I'm entering a dangerous territory but if it's ,my decision to enter I should be able to do it.

Is the only option to pause threat detection or I can do something else?

[itman 1,740]

It's impossible to create an Eset exclusion for https://content-hub.club/s?GkIw. What is being detected/blocked is the domain redirect from it. Since the domain redirect changes with each access to https://content-hub.club/s?GkIw, there is no way to predetermine what the domain name is and set an exclusion for it.

You could create an Eset real-time Detection exclusion for JS/Adware.Agent.CZ but that would apply to any web site you might access; something you definitely don't want to do. If you decide to proceed with this exclusion and get infected with malware, do not ask for malware removal assistance on this web site.

[help_needed 0]

There's no need to keep the exclusion active at all times, I can use it only when I need it.

Since I will not be downloading anything from these websites (I'm not that stupid) the only potential threat would be some high level 0-day exploit since my system is fully updated.

What I would like is an instruction on how to create this exception and use it as needed

 

[itman 1,740]

Per sucuri.net analysis, https://content-hub.club/s?GkIw redirects to https://kmendation.com/s?GkIw . You can add it as an Eset web site malware scan exclusion per the below screen shot. If that doesn't work, you're on your own as far as setting up the correct web site malware scan exclusion;

[help_needed 0]

As it was discussed before, addition to the list will not prevent threat detection.

Detection is not prevented even if I pause "Real time file system protection" or "Web access protection"

Edited July 28 by help_needed

[Marcos 5,231]

Adding blocked urls to the list of allowed websites as well as creating a detection exclusion like this would allow you to open the site at your risk:

[SeriousHoax 87]

Add to detection exclusion as Marcos showed above. But at least visit websites like this in your browser's Private/Incognito mode.

[help_needed 0]

This fixes the detection problem but something is still blocking the traffic since I just get the circle spinning endlessly.

I guess I'll have to keep on digging.