Hi folks,
I get the following 'threat secured' message every time I open a webpage with our embedded video player from Castr:
Alert ID: 9374789d9038/2023-06-18T10:43:27.466Z
hXXps://cdn.dna-delivery.com/dna-client/6.5.1/peer-agent.js infected with URL:Blacklist
https://postimg.cc/3WrKDvV9This is meant to launch as a paid product, so I need to find out what the issue is before we launch.
The pop-up can be on any webpage - including Castr's own backend. I've personally tried it on the following sites:
hXXps://monument-cycling.ghost.io/lincoln-grand-prix-highlights/
hXXps://www.monumentcycling.com/player-test
hXXps://castr.com/app/dynamic/647f93d5c0bc02728590b943
All of the sites seem to come back clean when I check with things like Sucuri, even with the player on the page, but Avast pops up with it every time. I've alerted the team at Castr, and they don't think their site or player is infected with anything.
Some hopefully useful information:- The embedded player is an iFrame widget for switching between livestreaming and video on demand
- Other companies' embedded iFrame widgets don't get flagged on Avast.
- I've turned off all my Chrome extensions when checking.
Can you help me understand what's happening here and what's triggering the threat message?
Many thanks,
Owen
