Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on November 22, 2020, 11:22:08 PM
-
This was entered in my browser ->
Trace Blocked this URL
Blocked because the website domain matched the blocklist
-https://s23.q4cdn.com/406380394/files/js/q4.app.1.0.5.min.js
Add this site to the whitelist:
Unblock the Origin URL:
-https://s23.q4cdn.com/*
APPLY
Unblock the URL path:
*hxtps://s23.q4cdn.com/406380394/files/js/q4.app.1.0.5.min.js*
APPLY
Unblock the Host URL:
*s23.q4cdn dot com*
APPLY
Unblock the Root Domain:
*q4cdn dort com*
APPLY
Help Section:
Why am I seeing this page? Your browser was navigated to a URL that matched Trace's blocked list, the exact reason will be highlighted above.
What will adding this site to the whitelist do? Your browser was navigated to a URL that matched Trace's blocked list, the exact reason will be highlighted above.
What is the difference between the whitelist options on the left?
They unblock different parts of the site - if you want to unblock the entire site then unblock the root domain.
Is it because it is doc_financials via access from paragon dot net to:
-https://s23.q4cdn.com/406380394/files/js/q4.app.1.0.5.min.js
1 to detect: https://www.virustotal.com/gui/ip-address/68.70.205.1/detection
Communicating files detected: https://www.virustotal.com/gui/ip-address/68.70.205.1/relations
See: https://www.virustotal.com/gui/url/d5d99a3d50799b41cc168bde125b5849c0559a214f51386a91a11b197f31add2/details
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
For the main domain I do not see anything more than this
"JSESSIONID .nr-data.netSession" when I cookie-check.
This is GoDaddy. Was this abuse somehow related?
Re: https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/
polonus
-
I had a quick look at it, but this was a bit over my head. But once I say GoDaddy come into the frame, I too though the same ;)