Sometimes a website need not be malicious per se, but could hold quite some particular vulnerabilities,
that easily could be exploited.
Or another website is performing unethical third party tracking, that will be blocked by adblockers but is not flagged by av.
Look at this random example. Visiting this site: hxtps://www.aizhan.com/ I immedeately get a Punkspider extension alert for 11 XSS vulnerabilities on that particular website. Confirmed here by retire.js:
jquery 1.9.1.min Found in -https://statics.aizhan.com/js/jquery-1.9.1.min.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Additionally this should be blocked as a redirect to -https://cpro.baidu.com/cpro/ui/uijs.php
where uMatrix will block it instantly, but we will get no av-vendor alerts for it.
Re:
https://www.virustotal.com/gui/url/94d4ba3cd9d2f946ef4760ac68fb4025128dbcbd018e6e97f11dfe74d95b3a32?nocache=1The website infrastructure could often be defined as being a swamp,
and you never could know where the malware alligator will strike next.
polonus
