« previous next »
Pages: [1]   Go Down

Author Topic: M.BL.Domain.gen detected or a FP?  (Read 206 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34053
  • malware fighter
M.BL.Domain.gen detected or a FP?
« on: September 10, 2024, 09:40:07 PM »
Findings by Quttera's on deepai.org: Critical Security RiskMalicious Content Detected!

Warning:REMOVE MALWARE NOW
Scanned site: -https://deepai.org:443
iconSITESCAN PARAMETERS
IP address: 18.66.102.128
Country: United States
Server: nginx
CMS: proprietary
Scan date: Sep Tue 2024/09/10 21:24
icondetection details
Malicious files: 1
Suspicious files: 0
Potentially Suspicious files: 0
Clean files: 34
External links detected: 502
Iframes scanned: 0
Referenced domains: 0
Blacklisted links detected: 1
Blacklisted iframes: 0
Referenced blacklisted domains: 1
Blacklisted: No
SSL Certificate details: Available via API only.
iconBlacklisting status
iconQuttera Labs Clean
iconZeusTracker Clean
iconYandex Safebrowsing Clean
iconMalwareDomainList Clean
iconPhishtank Clean
iconGoogle Clean
iconStopBadware Clean
iconURLhaus Clean
More Details
Scanned files analysis

Malicious files:1
Detected Malicious Files
File name   /press
Threat name   M.BL.Domain.gen
File type   HTML
Reason   Detected reference to malicious blacklisted domain missionlocal.org
Details   Detected reference to blacklisted domain
Threat dump   [[missionlocal.org]]
Threat MD5   6C8C39655F33F65106943BAC5998EE8A
File MD5   D824D1BCE91C81547A08096F77652D72
 
Suspicious files:0
Potentially Suspicious files:0
Clean files:34
Blacklisted External Links
-https://missionlocal.org/2024/01/stupid-shameful-say-tech-workers-of-y-combinator-ceo-garry-tans-rant/
But VT does not have it. Is it amazonaws related?

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34053
  • malware fighter
Re: M.BL.Domain.gen detected or a FP?
« Reply #1 on: September 10, 2024, 11:42:00 PM »
Scanning htxps://missionlocal.org/ gives two issues User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.
  Linked Sites
Reputation checks have been performed on the IP address for each of the linked sites.
Hosts found on blacklists with poor reputations may be a threat to users of the site.
Hosting and locations are also included in the results.

Externally Linked Host   Hosting / Company   Country   
     -newspack.com   AUTOMATTIC

Detected Potentially Suspicious Files
File name   /opt-out-preferences/#
Threat name   Heur.CSS.Hidden.gen
File type   HTML
Reason   Detected hidden CSS declaration
Details   Detected hidden potentially suspicious instructions
Threat dump   [[<style> /* first-name is honeypot */ .cmplz-first-name { position: absolute !important; left: -5000px !important; } </style>]]
Threat MD5   B7CF2FB119A03CEF69F9B85F24351CF9
File MD5   133C63DABA8F6FB08C70414807C49600

VT does not give it, Location: htxps://halpernmediation.wordpress.com  Abuse on Auttomatic Inc.
See: https://www.abuseipdb.com/check/192.0.78.25  Verdict Scam Trading Site!

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »