Question Weird site in f-secure blocked sites logs

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
So my mother was visiting me yesterday and used my new desktop for signing in into https://medinet.pohjoiskarjala.net/ and she told that it redirected her into MS.Codes - Genuine Software Product keys wich f-secure marked up as malicious webshop. Virustotal doesnt give any sign of fraud on this site. For me this doesnt make sense, why would it redirect to site like that?

So im guessing was i infected with somekind of pup that forced to open the mscodes site?

Secondly im asking that i bought cheapish license from finnish seller for windows 11 pro, it was oem license and is activated to my motherboard now, can such poor license affect pop up ( i guess no )

Anyways i scanned computer with f-secure full scan, NPE, KVRT & adwcleaner and nothing was found. Also i did reset my router and made stronger password, and checked connected devices etc etc.

It is hard to say where this pop up came from since i was not seeing it myself, is the site mscodes legit at all? Anyways im running clean install of windows from fresh usb stick and everything seems to be okay for now
 

Bot

AI-powered Bot
Apr 21, 2016
4,440
It's possible that the redirection was caused by an ad or a pop-up on the original site your mother was trying to access, not necessarily a PUP on your computer. Your OEM license for Windows 11 Pro shouldn't affect this.

As for the legitimacy of MS.Codes, it's hard to say without more information. If F-Secure flagged it, there might be some risk involved. Always be cautious with sites selling software keys at significantly reduced prices.

Glad to hear you've taken steps to secure your system and everything seems okay now. It's always good to stay vigilant.
 
  • Love
Reactions: Behold Eck

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
It's possible that the redirection was caused by an ad or a pop-up on the original site your mother was trying to access, not necessarily a PUP on your computer. Your OEM license for Windows 11 Pro shouldn't affect this.

As for the legitimacy of MS.Codes, it's hard to say without more information. If F-Secure flagged it, there might be some risk involved. Always be cautious with sites selling software keys at significantly reduced prices.

Glad to hear you've taken steps to secure your system and everything seems okay now. It's always good to stay vigilant.
thats a good answer. I used adguard so there should be no ads, but im not sure if the site asked for microsoft365 login aswell, and instead of microsoft url it redirected her throught ms.codes wich has nothing to do with this situation..
 
  • Like
Reactions: Behold Eck

Bot

AI-powered Bot
Apr 21, 2016
4,440
thats a good answer. I used adguard so there should be no ads, but im not sure if the site asked for microsoft365 login aswell, and instead of microsoft url it redirected her throught ms.codes wich has nothing to do with this situation..
It's unusual, but it could be a case of a malicious script or a compromised website. It's good that you're using Adguard, but no tool can guarantee 100% protection. It's always best to manually verify URLs before entering sensitive information. Continue monitoring your system for any suspicious activity.
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
It's unusual, but it could be a case of a malicious script or a compromised website. It's good that you're using Adguard, but no tool can guarantee 100% protection. It's always best to manually verify URLs before entering sensitive information. Continue monitoring your system for any suspicious activity.
I submitted site to f-secure and aswell to trend micro, i also contacted the site owner about this. I cant think any other reason why there was visit on ms.codes other than this site wich may be related to the problem... thank you bot
 
  • Like
Reactions: Behold Eck

Bot

AI-powered Bot
Apr 21, 2016
4,440
I submitted site to f-secure and aswell to trend micro, i also contacted the site owner about this. I cant think any other reason why there was visit on ms.codes other than this site wich may be related to the problem... thank you bot
You've taken the right steps by reporting the issue and contacting the site owner. It's important to stay vigilant and proactive when it comes to potential cybersecurity threats. Keep monitoring your system and stay safe online!
 
  • Thanks
Reactions: Moonhorse

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I scanned the URL at VirusTotal and it came up as clean. It's not malicious, it's just one of the many sites illegally selling cheap volume license keys for Microsoft products.
Yeah thats what im thinking aswell, so theres nothing to worry about. I was just wondering where it came from and how i visited the page since only my mother was using desktop yesterday, and the site she visited was about personal medical info, so if that site would be breached it would be huge databreach or something.

Only thing that came into my mind was pup, but since adwcleaner, npe, kvrt, f-secure found nothing i have no clue where the site came from.

I reverted back to trend micro now, is there any tool to see my site visiting history except browsing history?
 

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,132
FWIW I just checked on my end with F-Secure IS, and didn't have any redirect or issue with the 1st link. The 2nd was also fine. So maybe it was flagged due to the unrelated redirect to MS.Codes?
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
FWIW I just checked on my end with F-Secure IS, and didn't have any redirect or issue with the 1st link. The 2nd was also fine. So maybe it was flagged due to the unrelated redirect to MS.Codes?
They probably fixed the second link as i submitted it yesterday(?) its legit site i guess according to reviews i found from google.

Its just weird the mscodes came from nowhere for f-secure to block, or it was promote of some software i had on computer and f-secure blocked it outside of browser, but i have only have asus armour crate so i doubt they wont support sites like that.

anyways i asked my mother to sign in into first link and it worked correctly, without issues this was probably some issues with f-secure banking protection, but still doesnt tell where the mscodes came from
 

bazang

Level 7
Jul 3, 2024
343
So im guessing was i infected with somekind of pup that forced to open the mscodes site?
No.

The https:// medinet . pohjoiskarjala . net/ website performed the redirect when the site code was loaded into the browser. Somebody modified the website javascript to perform the redirect. That is the method most commonly used to perform redirects. I would think most MT members would know this, but obviously not.
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
No.

The https:// medinet . pohjoiskarjala . net/ website performed the redirect when the site code was loaded into the browser. Somebody modified the website javascript to perform the redirect. That is the method most commonly used to perform redirects. I would think most MT members would know this, but obviously not.
Thanks for clarification, i understand the problem now. Well i have been member for a long time here at MalwareTips but im myself just a noob when it comes into pcs/it tech. Well im trying to help people with my skill level and be active member, but that doesnt mean i would understand every stuff thats ''basic'' info for someone, appreciate the comment though (y)
 

bazang

Level 7
Jul 3, 2024
343
Thanks for clarification, i understand the problem now. Well i have been member for a long time here at MalwareTips but im myself just a noob when it comes into pcs/it tech. Well im trying to help people with my skill level and be active member, but that doesnt mean i would understand every stuff thats ''basic'' info for someone, appreciate the comment though (y)
A good place to start is to study the "OWASP Top 10." What you find there then you search the OWASP website and find more infos that explains what the various attack details are.



These infos will protect your far more than any security solution.

I will stop there because I know the probability that anybody will do the research is virtually 100% "Nope."
 

LoLs

Level 3
Verified
Dec 16, 2016
102
visiting history
You can use NEXTDNS NextDNS for tracking.
1st Setup nextdns at browser with DOH and give it id eg. chromeB250
2nd Set at Network too (Network & Internet - Ethernet) and set another id eg. ASUSB250

The tracking log look like this.
gy0KW1H.jpeg

And with nextdns there is blocklist/denylist/allowlist feature
FEUkzlR.jpeg


mBH6npZ.jpeg


btw kaspersky or avast might work better then fsecure
 
  • Thanks
Reactions: Moonhorse
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top