Author Topic: Why was this blocked by Trace extension?  (Read 1343 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Why was this blocked by Trace extension?
« on: November 22, 2020, 11:22:08 PM »
This was entered in my browser ->
Quote
Trace Blocked this URL
Blocked because the website domain matched the blocklist
-https://s23.q4cdn.com/406380394/files/js/q4.app.1.0.5.min.js
Add this site to the whitelist:
Unblock the Origin URL:
-https://s23.q4cdn.com/*
APPLY

Unblock the URL path:
*hxtps://s23.q4cdn.com/406380394/files/js/q4.app.1.0.5.min.js*
APPLY

Unblock the Host URL:
*s23.q4cdn dot com*
APPLY

Unblock the Root Domain:
*q4cdn dort com*
APPLY

Help Section:
Why am I seeing this page? Your browser was navigated to a URL that matched Trace's blocked list, the exact reason will be highlighted above.
What will adding this site to the whitelist do? Your browser was navigated to a URL that matched Trace's blocked list, the exact reason will be highlighted above.
What is the difference between the whitelist options on the left?
They unblock different parts of the site - if you want to unblock the entire site then unblock the root domain.

Is it because it is doc_financials via access from paragon dot net to:
-https://s23.q4cdn.com/406380394/files/js/q4.app.1.0.5.min.js
1 to detect: https://www.virustotal.com/gui/ip-address/68.70.205.1/detection

Communicating files detected: https://www.virustotal.com/gui/ip-address/68.70.205.1/relations
See: https://www.virustotal.com/gui/url/d5d99a3d50799b41cc168bde125b5849c0559a214f51386a91a11b197f31add2/details

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Why was this blocked by Trace extension?
« Reply #1 on: November 23, 2020, 12:08:39 PM »
For the main domain I do not see anything more than this
"JSESSIONID .nr-data.netSession" when I cookie-check.

This is GoDaddy.  Was this abuse somehow related?
Re: https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Why was this blocked by Trace extension?
« Reply #2 on: November 23, 2020, 05:34:24 PM »
I had a quick look at it, but this was a bit over my head.  But once I say GoDaddy come into the frame,  I too though the same ;)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security