Jump to content
Kaspersky Support Forum

Problem with website detection

Apal

By Apal
in Kaspersky Internet Security

 Share
Go to solution Solved by Apal,

Recommended Posts

Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Apal

Thank you for posting back! 

Neither.

Use How to start your PC in Safe Mode.

OR:

  1. In Windows Search🔎 , type msconfig
  2. Select System configuration app
  3. Select Boot tab
  4. Select Safe boot
  5. Select Apply
  6. Select OK
  7. Select Restart 

 

 

 

 

  • To revert to Windows normal mode, select General tab, select Selective startup, select Apply, select OK, select Restart

Thank you🙏

Flood🐳 +🐋

Still not working, I think I have to lodge a complaint with the support team.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??


Hello,

Here it is in my side.

Regards.

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??


Hello,

Here it is in my side.

Regards.

But, before this patch, it used to block every pop up and redirects.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??


Hello,

Here it is in my side.

Regards.

But, before this patch, it used to block every pop up and redirects.


Hello,

Please access to this url and try to download the EICAR text file, Does KL product block downloading? It should be blocking to access.

https://www.eicar.org/?page_id=3950

Regards.

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??


Hello,

Here it is in my side.

Regards.

But, before this patch, it used to block every pop up and redirects.


Hello,

Please access to this url and try to download the EICAR text file, Does KL product block downloading? It should be blocking to access.

https://www.eicar.org/?page_id=3950

Regards.

Yes, it's blocking

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??


Hello,

Here it is in my side.

Regards.

But, before this patch, it used to block every pop up and redirects.


Hello,

Please access to this url and try to download the EICAR text file, Does KL product block downloading? It should be blocking to access.

https://www.eicar.org/?page_id=3950

Regards.

Yes, blocking

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Wesly.Zhang

😅

No popup is blocked, Kaspersky blocks the d/l.  

 

 

TVM!

Flood🐳 +🐋

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page.


Hello, @Apal 

Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here.

BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page  always shows the status of "Loading...".

Regards.

I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ??


Hello,

Here it is in my side.

Regards.

But, before this patch, it used to block every pop up and redirects.


Hello,

Please access to this url and try to download the EICAR text file, Does KL product block downloading? It should be blocking to access.

https://www.eicar.org/?page_id=3950

Regards.

Yes, blocking eicar sites.

 

And, my problem is related to anti banner, because the fake advertising redirects are blocked by anti banner earlier not web antivirus.

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Wesly.Zhang

We can’t get to that site. 

Thank you🙏

Flood🐳 +🐋

Today, it’s blocking successfully (screenshot attached) and in opentip they are now showing it as adware which they were previously showing as ‘no information’. But, still it’s not blocking redirections made by other youtube video downloader website. 

I think kaspersky is very weak in detecting these things.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello, @Apal 

KL virus lab reply me the following information today:

We will added new heuristic detections "HEUR:AdWare.Script.Generic".
The following redirected URLs were added to blocklist:
boustahe[.]com
jashautchord[.]com
itgiblean[.]com
hetaruwg[.]com
faiwastauk[.]com
hauphuchaum[.]com
jighucme[.]com
mahaidroagra[.]com
oataltaul[.]com
oossautsid[.]com
pignuwoa[.]com
silsautsacmo[.]com
taigrooh[.]net
teeglimu[.]com
thefreshposts[.]com
thompaur[.]com
tobaitsie[.]com
totaltopposts[.]com
zauglomo[.]net

Regards.

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Apal

Thank you for the update👌

Have you shared your latest findings with the Kaspersky Technical Team? 

  • IF “no”, please do so. 
  • IF “yes”, what did they say? 

Thank you🙏

Flood🐳 +🐋

Just now, support team responded.

Dear customer,

Hello,

Our Escalation Team have just replied to us, and we'll need just a bit more info from you, could you please help us with it?

1. In the other tickets, you mentioned that after update to patch 'f' the rules for Anti-Banner got reset and had to be configured anew. Does the issue with popups at y2mate.com still persist with enabled Anti-Banner? If yes, what region is you located in? Which filters are enabled under Settings -> Protection -> Anti-Banner -> List of filters?

2. Regarding the issue of redirect at y2mate.com to other sites. We have checked with our Web Content Analysts, and we have tuned our anti-phishing signatures and improved detection technologies to proactively block this kind of threats.

There is an ongoing struggle between the good and the evil, and sometimes it takes a while to catch up, when the redirects use some new, not known previously to the Kaspersky product algorithm.

3. As you mentioned some other sites, where redirects are not blocked: "still it doesn't block redirects of other similar websites."
Please provide us examples, so that we can test and improve the detection.

Thanks a lot and have a great day.

[xxxxxxxxxx]  Customer Service Representative

 

Currently, I am giving them the info. Also, thanks for giving time. Actually, Kaspersky is already good at blocking main phishing websites and main threats (it even saved me from a adware), but, since, there is always a scope of improvement, so, I am reporting multiple bugs to them and in this community. So, kindly don't mind the bad language I have used while creating this post 😇😊

Link to comment
Share on other sites
  • Solution
Apal

Apal

Posted
  • Author
  • Solution
Posted

Hello, @Apal 

KL virus lab reply me the following information today:

We will added new heuristic detections "HEUR:AdWare.Script.Generic".
The following redirected URLs were added to blocklist:
boustahe[.]com
jashautchord[.]com
itgiblean[.]com
hetaruwg[.]com
faiwastauk[.]com
hauphuchaum[.]com
jighucme[.]com
mahaidroagra[.]com
oataltaul[.]com
oossautsid[.]com
pignuwoa[.]com
silsautsacmo[.]com
taigrooh[.]net
teeglimu[.]com
thefreshposts[.]com
thompaur[.]com
tobaitsie[.]com
totaltopposts[.]com
zauglomo[.]net

Regards.

Dear customer,

Thank you for your continued support. I apologize for my delayed response.

Our Virus Analysts have just replied to us with the following information.

We added some rules to block popups on y2mate.guru. Changes will back in a few hours.
Anyway, I see many blocked scripts on y2mate.com. If they are correct, this is a compromised website and we can't do much for Anti-banner.

not-a-virus:HEUR:AdWare.Script.Generic
https://www.y2mate.com/themes/js/common.js?v=3.302 . />https://www.y2mate.com/sw3461575.js?v=3.1.323&o=6a4e0728b9384286a8da6fd5224c8ec7&pub=0&p=4279460 />
Give us a call in case you need further assistance, our numbers and business hours are one click away: http://support.kaspersky.com/b2c />
Have a great day!

Bhuwan || Customer Service Representative
 

 

 

So, what should I do now ?

Link to comment
Share on other sites
Apal

Apal

Posted
  • Author
Posted

Hello @Apal

Thank you for the update👌

Have you shared your latest findings with the Kaspersky Technical Team? 

  • IF “no”, please do so. 
  • IF “yes”, what did they say? 

Thank you🙏

Flood🐳 +🐋

Just now, support team responded.

Dear customer,

Hello,

Our Escalation Team have just replied to us, and we'll need just a bit more info from you, could you please help us with it?

1. In the other tickets, you mentioned that after update to patch 'f' the rules for Anti-Banner got reset and had to be configured anew. Does the issue with popups at y2mate.com still persist with enabled Anti-Banner? If yes, what region is you located in? Which filters are enabled under Settings -> Protection -> Anti-Banner -> List of filters?

2. Regarding the issue of redirect at y2mate.com to other sites. We have checked with our Web Content Analysts, and we have tuned our anti-phishing signatures and improved detection technologies to proactively block this kind of threats.

There is an ongoing struggle between the good and the evil, and sometimes it takes a while to catch up, when the redirects use some new, not known previously to the Kaspersky product algorithm.

3. As you mentioned some other sites, where redirects are not blocked: "still it doesn't block redirects of other similar websites."
Please provide us examples, so that we can test and improve the detection.

Thanks a lot and have a great day.

[xxxxxxxxxx]  Customer Service Representative

 

Currently, I am giving them the info. Also, thanks for giving time. Actually, Kaspersky is already good at blocking main phishing websites and main threats (it even saved me from a adware), but, since, there is always a scope of improvement, so, I am reporting multiple bugs to them and in this community. So, kindly don't mind the bad language I have used while creating this post 😇😊

They have replied above thing today. What should I do now ? I am confused.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello, @Apal 

KL virus lab reply me the following information today:

We will added new heuristic detections "HEUR:AdWare.Script.Generic".
The following redirected URLs were added to blocklist:
boustahe[.]com
jashautchord[.]com
itgiblean[.]com
hetaruwg[.]com
faiwastauk[.]com
hauphuchaum[.]com
jighucme[.]com
mahaidroagra[.]com
oataltaul[.]com
oossautsid[.]com
pignuwoa[.]com
silsautsacmo[.]com
taigrooh[.]net
teeglimu[.]com
thefreshposts[.]com
thompaur[.]com
tobaitsie[.]com
totaltopposts[.]com
zauglomo[.]net

Regards.

Dear customer,

Thank you for your continued support. I apologize for my delayed response.

Our Virus Analysts have just replied to us with the following information.

We added some rules to block popups on y2mate.guru. Changes will back in a few hours.
Anyway, I see many blocked scripts on y2mate.com. If they are correct, this is a compromised website and we can't do much for Anti-banner.

not-a-virus:HEUR:AdWare.Script.Generic
https://www.y2mate.com/themes/js/common.js?v=3.302 . />https://www.y2mate.com/sw3461575.js?v=3.1.323&o=6a4e0728b9384286a8da6fd5224c8ec7&pub=0&p=4279460 />
Give us a call in case you need further assistance, our numbers and business hours are one click away: http://support.kaspersky.com/b2c />
Have a great day!

Bhuwan || Customer Service Representative
 

 

 

So, what should I do now ?


Hello,

It should be blocked correctly in that website. How about your side?

Regards.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...