Author Topic: Safe to Open and Quttera flag as potentially suspicious. (Read 813 times)

polonus · « **on:** November 22, 2023, 05:43:58 PM »

See: https://quttera.com/detailed_report/www.frontnieuws.com
Has: PS.JS.Obfuscantion.gen (Is it being (ab)used for privacy washing?) *.

Safe to Open extension gives: https[://]wXw[.]frontnieuws.com/ 11/22/2023 17:23:56 (you visited an unsafe webpage).

See: https://www.virustotal.com/gui/url/5d5153e77ad856b64313a243a60d2f8e164e4cd4c1392ed4a40bdc7b6d7d6154?nocache=1
where only Quttera flags it as being suspicious.

Outgoing links (given at VT)
-https://vk.com/id571225876 * ->
* this address flagged at URLHaus -> https://urlhaus.abuse.ch/browse/ PrivateLoader encrypted Redline abuse.
-https://t.me/frontnieuwscom
-https://www.cookieyes.com/

Avast safebrowsing does not flag menstioned website.

polonus (volunteer 3rd party cld recon website security analyst and website error-hunter)

polonus · « **Reply #1 on:** November 22, 2023, 10:31:53 PM »

Another example why glype proxies may have bad configuration and can be script-abused. Be aware and be cautious.

Re: https://www.virustotal.com/gui/url/704f08a6e3a30b7064ff574c7b89d593fc136235602e7633b051e8ce02e6bd62?nocache=1

Via -proxy -https://proxy.batmite.com:443 involved - -https://www.acint.net/
See: https://www.virustotal.com/gui/url/6e1beaeaf17c2a7b263f6f87ca06cdec17fb65764708e7d71298a6f547d55e0e

Quote

Analysis of the traffic (at acint dot net) statistics helps largest Russian companies understand the particularity of the behavior of visitors of websites.

This is done through the use of Artificial Computation Intelligence via a counter software.

pol

Author Topic: Safe to Open and Quttera flag as potentially suspicious. (Read 813 times)

polonus

Safe to Open and Quttera flag as potentially suspicious.

polonus

Re: Safe to Open and Quttera flag as potentially suspicious.