Jump to content

Clients reporting alerts from FoxNews.com


Recommended Posts

Visiting Foxnews.com is generating this alert:

1/6/2023 21:15:54 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP:  https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2F&settings=true&recs=true&widgetJSId=AR_31&key=NANOWDGT01&version=201033&apv=false&sig=oi4385zg&format=html&rand=54536&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|0|1&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&srcUrl=https%3A%2F%2Fmoxie.foxnews.com%2Fgoogle-publisher%2Flatest.xml&scrW=2064&scrH=864&t=NjViYTAyNzNjNDE5YzUxMTljMWYwOGVmZjRjNDVhNmY=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=1373&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.foxnews.com%2F&chs=1 contains JS/Voluum.A potentially unwanted application.

1/6/2023 21:17:41 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP:  %DETECTEDOBJECT% contains JS/Voluum.A potentially unwanted application.

1/6/2023 21:19:23 PM - Module %SCANNER% - Threat Alert triggered on computer RAY-WKSTATION-HP:  https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&settings=true&recs=true&widgetJSId=AR_32&key=NANOWDGT01&version=201033&apv=false&sig=whm1sfWm&format=html&rand=49678&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|207677|3&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&scrW=2064&scrH=864&t=NTljZjI3NThmYjQ1OTI1YTg4M2U0NjAyMWE1OWU5ZmM=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=10&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=404&darkMode=false&activeTab=false&ref=https%3A%2F%2Fwww.foxnews.com%2F&ogn=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&chs=1 contains JS/Voluum.A potentially  unwanted application.

 

Link to comment
Share on other sites

I can open foxnews.com home page w/o issue using Firefox. However, uBlock Origin blocked 45 objects on that page alone.

I suspect the Eset alerts are being generated as a result of one or more malicious/PUA ad based objects from that web site. Such was the case in this 2018 posting: https://forum.pattaya-addicts.com/topic/328094-having-problems-with-the-site/page/3/ where Eset was throwing the same detection for a web site. Appears to be related to hxxps://voluum.com. Further details here: https://www.quora.com/Is-voluum-com-a-scam .

Edited by itman
Link to comment
Share on other sites

Based on the above linked Quora article, I would say Eset's PUA detection is appropriate:

Quote

In essence, voluum is used as as a cloaker. A cloaker is a tool that allows marketers to hide the true destination of a link.

It’s mostly used by marketers to deceive ad networks like Facebook and google, which don’t allow to advertise some content.

For example, you create an ad that advertise a free casino game. When Facebook employees or systems verify the ad they see a real free game. When the ad is approved and running, visitors reach a real online casino game.

There was an article published on bloomberg that explains how this was done.

You can also check on various cyber security services like VirusTotal and will find out that lots of the voluum servers are used to distribute viruses, phishing attempts, adwares, ransom wares and all kind of other web annoyances.

So the short answer to the question: no, it’s not a scam, but it seems to be the favorite platform used to run scams.

Edited by itman
Link to comment
Share on other sites

I also sent foxnews a link to this forum.  It appears that one of their advertises is misbehaving.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...