MarcFL 24 Posted January 7 Share Posted January 7 Visiting Foxnews.com is generating this alert: 1/6/2023 21:15:54 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2F&settings=true&recs=true&widgetJSId=AR_31&key=NANOWDGT01&version=201033&apv=false&sig=oi4385zg&format=html&rand=54536&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|0|1&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&srcUrl=https%3A%2F%2Fmoxie.foxnews.com%2Fgoogle-publisher%2Flatest.xml&scrW=2064&scrH=864&t=NjViYTAyNzNjNDE5YzUxMTljMWYwOGVmZjRjNDVhNmY=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=1373&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.foxnews.com%2F&chs=1 contains JS/Voluum.A potentially unwanted application. 1/6/2023 21:17:41 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP: %DETECTEDOBJECT% contains JS/Voluum.A potentially unwanted application. 1/6/2023 21:19:23 PM - Module %SCANNER% - Threat Alert triggered on computer RAY-WKSTATION-HP: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&settings=true&recs=true&widgetJSId=AR_32&key=NANOWDGT01&version=201033&apv=false&sig=whm1sfWm&format=html&rand=49678&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|207677|3&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&scrW=2064&scrH=864&t=NTljZjI3NThmYjQ1OTI1YTg4M2U0NjAyMWE1OWU5ZmM=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=10&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=404&darkMode=false&activeTab=false&ref=https%3A%2F%2Fwww.foxnews.com%2F&ogn=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&chs=1 contains JS/Voluum.A potentially unwanted application. Quote Link to comment Share on other sites More sharing options...
itman 1,497 Posted January 7 Share Posted January 7 (edited) I can open foxnews.com home page w/o issue using Firefox. However, uBlock Origin blocked 45 objects on that page alone. I suspect the Eset alerts are being generated as a result of one or more malicious/PUA ad based objects from that web site. Such was the case in this 2018 posting: https://forum.pattaya-addicts.com/topic/328094-having-problems-with-the-site/page/3/ where Eset was throwing the same detection for a web site. Appears to be related to hxxps://voluum.com. Further details here: https://www.quora.com/Is-voluum-com-a-scam . Edited January 7 by itman Quote Link to comment Share on other sites More sharing options...
MarcFL 24 Posted January 7 Author Share Posted January 7 Thanks itman. I reported this to Foxnnews.com and eset support. Quote Link to comment Share on other sites More sharing options...
itman 1,497 Posted January 7 Share Posted January 7 (edited) Based on the above linked Quora article, I would say Eset's PUA detection is appropriate: Quote In essence, voluum is used as as a cloaker. A cloaker is a tool that allows marketers to hide the true destination of a link. It’s mostly used by marketers to deceive ad networks like Facebook and google, which don’t allow to advertise some content. For example, you create an ad that advertise a free casino game. When Facebook employees or systems verify the ad they see a real free game. When the ad is approved and running, visitors reach a real online casino game. There was an article published on bloomberg that explains how this was done. You can also check on various cyber security services like VirusTotal and will find out that lots of the voluum servers are used to distribute viruses, phishing attempts, adwares, ransom wares and all kind of other web annoyances. So the short answer to the question: no, it’s not a scam, but it seems to be the favorite platform used to run scams. Edited January 7 by itman Quote Link to comment Share on other sites More sharing options...
MarcFL 24 Posted January 7 Author Share Posted January 7 I also sent foxnews a link to this forum. It appears that one of their advertises is misbehaving. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.