supplierdeeply

Norton Security Chrome extension flagging site as warning, is this a false alarm

  • 6 Replies
  • 227 Views
Advertisements
As the title states, I have Norton Security installed (it came preinstalled and I didn't feel like removing it as Norton is usually garbage). Upon visiting here (or any part of the forum, or even the host, setepontos(dot)com), the Chrome extension gives a little tip to me saying that this site has a supposed drive-by download (read: visit the site, it downloads a file) at (host) / howl-vitamin-shop-greenville-sc. For safety reasons, the URL is redacted partially so that way if it is indeed an unsafe link something bad doesn't happen to your computer. If there's an explanation then I'd like it, however for now, avoid going to that section of the site.

TL;DR there's a drive-by download on the host and I want to know if this is legit or not
A570IS 101a, if that's what matters the most.

*

Offline reyalp

  • ******
  • 11496
TL;DR there's a drive-by download on the host and I want to know if this is legit or not
There have been some problems with bad ads in the past (like https://chdk.setepontos.com/index.php?topic=12182.0), I haven't seen any the the last few years. If you can get the norton thing to tell you tell you when or where the malicious content was supposedly served, that might be useful.

if you encounter something actually trying to trigger a download, definitely let @acseven know.

fwiw, https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fchdk.setepontos.com%2Findex.php&hl=en shows the site as clean.

https://safeweb.norton.com/report/show?url=https%3A%2F%2Fchdk.setepontos.com%2Findex.php
shows the warning, but no specifics
« Last Edit: 16 / August / 2018, 15:45:46 by reyalp »
Don't forget what the H stands for.

Thanks for the heads up - that's weird, indeed.

Can you post or PM me something about that, a screenshot, log or something?

Sure thing, it's attached

A570IS 101a, if that's what matters the most.


Thanks - Although I was pretty sure there was nothing wrong, I've checked that the flagged URL is non existent (and never existed). I've filed a re-evaluation request with Symantec.

Cheers

Okay. Now it's showing secure, so that seems to have fixed it
A570IS 101a, if that's what matters the most.

Symantec now marks the domain as safe.
Thanks again for the heads up.

 

Related Topics