Usually, you are browsing a website of your choice and, when opening a page, you are faced with the automatic download of a file called px, even if you have not clicked on anything. When we see an unsolicited file being downloaded on our own, we are immediately concerned that it might be a virus. But is the px file really a virus?

Firstly, the px file is just an image just 1 pixel wide, which makes it harmless, but later we will inform you when you should be concerned with that file. When dealing with an image so small that it is actually only 48 bytes, we can be sure that the file is not a virus.

But why does this file exist and is still downloaded by itself?

The file is a tracking pixel, as we explained in the case of the hbpix file being downloaded. A tracking pixel or web beacon is a marketing strategy, which consists of capturing the IP of the machine that downloaded the file to track your browsing on websites knowing your browsing preferences to offer ads based on your interests.

The reason for the browser to download this file without asking may be due to an incorrect configuration of the file’s HTTP headers or the inability of the browser used to recognize the file and its HTTP header.

For each resource exchanged on a network, when visiting a website, the browser receives information to know what it is receiving and how to deal with it. This information is transmitted hidden from the user’s eyes. When loading a jpg image for example, the browser will receive an HTTP header with the parameter “Content-Type: image/jpeg“, and then it will know that what was received is an image, and will be able to display it. However, if this header is not passed correctly or is of an unknown type by the browser, this usually forces the browser to download the received file. In this case, forcing the download of the px file.

When this file can be dangerous

If you are visiting a website that you know is safe, you need not worry. However, some sites can take advantage of some users being used to the px file and uploading some type of malware. When in doubt, never open the file, always delete it.

Browsing some sites, we noticed that one of the sources of the px file is the following https://ad-delivery.net/px.gif. Blocking the source of this file can prevent it from being downloaded on its own.