Jump to content

False Detection website


BobSoul

Recommended Posts

Not sure If post here or False Positives cause both Browser Guard Plug in and Malwarebytes Web protection as of just today think the website is a phishing site or a malware site.. It is neither since its discovers home mortgage site for paying your mortgage from discover.

discoverhomeloans.mtgsvc.com

 

The other way to get to the site is which directs you to the above site. I had to turn of the protection and such just to make my monthly payment and it is the same site etc I go to each month. Called Discover and they are aware this is happening.

 

www.discover.com/HElogin

 

Edited by AdvancedSetup
disabled live hyperlink
Link to post
  • AdvancedSetup changed the title to False Detection website
  • Root Admin

Hello @BobSoul

I've asked the Research Team to review. Here is what I've found so far though.

The site "appears" to be down at the moment.

Sucuri says they cannot scan either site. I cannot ping or trace router the site myself either.

image.png

image.png

 

image.png

 

March 27, 2021 was the last time VirusTotal scored 0 hits. It now has 4 other engines that also detect an issue on the site

image.png

 

Domain Name: mtgsvc.com
Registry Domain ID: 2093648022_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.amazon.com
Registrar URL: https://registrar.amazon.com
Updated Date: 2020-12-24T23:07:09.041Z
Creation Date: 2017-01-27T23:03:25Z
Registrar Registration Expiration Date: 2022-01-27T23:03:25Z
Registrar: Amazon Registrar, Inc.
Registrar IANA ID: 468
Registrar Abuse Contact Email: abuse@amazonaws.com
Registrar Abuse Contact Phone: +1.2067406200

 

Again, the website is not responding to a trace route at this time.

 8    47 ms    46 ms    51 ms  cr1.la2ca.ip.att.net [12.122.128.102]
  9    56 ms    47 ms    47 ms  phmaz22crs.ip.att.net [12.122.1.90]
 10    43 ms    44 ms    43 ms  12.122.108.125
 11    46 ms    47 ms    48 ms  12.116.126.230
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

 

 

Link to post

I can access it and it works fine if I allow in exceptions and click go to anyways ... I have used this mortgage company ( Discover card ) for years and this is recently happening. This would be the full url once the page loads

 

https://discoverhomeloans.mtgsvc.com/Account/UserLogin?conn=085{0a6e118f-71b2-4e0f-80d6-dc28680a6e60}

Once again its Discover cards Home equity loans Website. Unsure why you cannot access unless its region specific

 

 

Link to post

The website is discover home loans  this the company phone  1-855-295-2193

Once I click go to it browser guard says its fine after Unless its something with there site certificate and redirect - from www.discover.com/helogin in my original I accidently had HE capitialized. It is not down for me when I access it

 

 

Link to post
  • Root Admin

Don't know. But it would seem to be some type of region block going on. These other scanning sites are not related to us and are simply public resources to help scan for issues and they're unable to scan the site either.

Will have to wait for our team to provide feedback. But there are 4 other antivirus sites that do say the site is hosting phishing objects.

You can add an exclusion to Malwarebytes or Browser Guard if you need to until the team replies back.

 

Link to post

Thats what I did for now -- just a bit annoying and I do know its a vaild company Discover and that the loan does get paid etc from this site it may be something in there set up. I have emsisoft as well  on  another pc and it doesnt block this site. Nor does their broswer guard

Link to post
  • Root Admin

I hear you, but "something" is fishy.

https://www.virustotal.com/gui/ip-address/12.205.198.19/relations

Because another product does not block does not mean it's safe. It simply means they've not detected it or it's not been reported to them yet.

Our Research Team will review it and see what they can find and reply back here to you. If it truly is a FALSE POSITIVE they'll say so and remove the block.

Thank you  again

 

Edited by AdvancedSetup
updated information
Link to post

Thanks -  the something fishy may be on there end like I said I use this every month and logging in everything is up to snuff etc as far as the account. I did call discover and they have said they are looking into why this is being detected. Since the address etc is the same one for years and same book mark as before etc.

 

Link to post

I just wanted to add a few more pieces of info that maybe helpful to the research team  if you go to discover.com ( works fine no block) then choose home loans - home equity ( takes you here) https://www.discover.com/home-equity-loans/?sc=HC515&ICMPGN=PUB_HNAV_LOANS_DHL then select login at the top  choose my loan has been funded ( it takes you to the blocked portion of discover ) if you choose  my application is in process it takes you here https://homeloans.discover.com/accountcenter/ no block  the next link for the application process is https://dmimtg.com/UserLogin.aspx?Conn=T85{37843404-4237-4EC7-8451-0C682794D6D4} which doesnt get blocked  its only the link for logging in to my loan is funded which takes you to https://discoverhomeloans.mtgsvc.com/Account/UserLogin?conn=085{0a6e118f-71b2-4e0f-80d6-dc28680a6e60} so from what I have gathered its got to be something with there redirects and which systems they are directing you to maybe site certs or something ... I just wanted to give a detailed view of the site and how its a legit site ( discover.com and there various services).. If you go to the main page at discover.com select login login in choose home loan it takes you to this https://discoverhomeloans.mtgsvc.com/Account/UserLogin?conn=085{0a6e118f-71b2-4e0f-80d6-dc28680a6e60} and it doesnt get blocked -- so the redirects or direct linking gets blocked.

Link to post
  • 3 weeks later...

I have just had discussions with researchers about this site.  There are active detections that they consider worrisome and feel the block may have removed erroneously.  The block is staying in effect until the website operator cleans up the site.  Sorry!

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.