knicks_fan 1 Posted May 26, 2016 Share Posted May 26, 2016 (edited) Version 7.0.325 (I can't upgrade any higher as the Cisco NAC client version we use does not accept V8 or V9). Current defs, Windows 7, Firefox. While on WTOP.com (radio station news site in Washington, DC, USA), I am getting "address blocked" messages visiting any story link, example follows from log: 5/26/2016 12:13:21 PM hxxp://0smhezbyrqrjm51c30dkaasv6ralrn.eclampsialemontree.net/qIAk7pwY1w6BO7pOidseVNRVwCRF1NXFwBWgIPGUFYXWkQUVQNQFEBSxtYEVxWRE8WBwsKVF9XZENYFVsVUAFdUA9FSlBTVFZUVl8RSlBUHFsEFkMcQxFaY1wKYVcQSghXWRIJRgUcAU1RGkgXBlxMLQVKXkACFFdVBFUHA1FBT0FCSUIDGwhEVl4IAFgBGh8Bv8H46WupdsoijVHdsoijV8J Blocked by internal blacklist C:\Program Files\Mozilla Firefox\firefox.exe (domain/userid/IP address omitted. What is the deal with eclampsialemontree.net? This started this morning. Not sure which recent definitions file is triggering this. WTOP.com has been notified as well. I also sent a sample to the lab as a possible false positive. Edit: Same thing coming up on nydailynews.com. Edited May 26, 2016 by knicks_fan Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted May 26, 2016 Administrators Share Posted May 26, 2016 0smhezbyrqrjm51c30dkaasv6ralrn subdomain doesn't look legit. My understanding is that the website was compromised and has been serving exploits. Link to comment Share on other sites More sharing options...
knicks_fan 1 Posted May 26, 2016 Author Share Posted May 26, 2016 Wonderful. I have sent a bunch of e-mails to WTOP.com and nothing has been done to block the domain. Perhaps you could try webmaster@wtop.com. I can read the stories, and just ignore the messages, Marcos, or should I stay way until it is resolved one way or another? Link to comment Share on other sites More sharing options...
knicks_fan 1 Posted May 27, 2016 Author Share Posted May 27, 2016 (edited) Still getting the address blocked messages this morning. Again e-mailed the two websites that are in question. That domain appears to serve many websites as indicated above. Does ESET typically try to contact the domain in question to get them to fix what is wrong? Edited May 27, 2016 by knicks_fan Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,704 Posted May 28, 2016 Administrators Solution Share Posted May 28, 2016 Does ESET typically try to contact the domain in question to get them to fix what is wrong?That would be impossible as we block thousands of urls on a daily basis. Link to comment Share on other sites More sharing options...
knicks_fan 1 Posted May 31, 2016 Author Share Posted May 31, 2016 Still nagging the websites to block that domain's junk. Still getting the messages from ESET. Thanks for the info. Link to comment Share on other sites More sharing options...
JoeS 0 Posted June 5, 2016 Share Posted June 5, 2016 I too have been getting a lot of NOD32 popups about eclampsialemontree.net being blockied which is fine by me as I don't need the junk. Seeing the popups is a bit disconcerting but I hope NOD is just doing its job. Link to comment Share on other sites More sharing options...
Recommended Posts