Jump to content

misp-project.org - website blocked due to riskware


atatime
 Share

Recommended Posts

MISP False Positive?

Sadly I can't comply with all of your posting requests since you do not offer a Linux client outside of Nebula.
That aside misp-project.org seems to be a legitimate project, and I can't find any evidence for the riskware you mention.

Netcraft
Google Transparency 
WhoIs
Github

HAR Log

{
  "log": {
    "version": "1.2",
    "creator": {
      "name": "WebInspector",
      "version": "537.36"
    },
    "pages": [
      {
        "startedDateTime": "2022-01-28T22:20:27.133Z",
        "id": "page_1",
        "title": "http://www.misp-project.org/index.html",
        "pageTimings": {
          "onContentLoad": 543.0859999978566,
          "onLoad": 567.4220000000787
        }
      }
    ],
    "entries": [
      {
        "_initiator": {
          "type": "other"
        },
        "_priority": "VeryHigh",
        "_resourceType": "document",
        "cache": {},
        "pageref": "page_1",
        "request": {
          "method": "GET",
          "url": "http://www.misp-project.org/index.html",
          "httpVersion": "http/1.1",
          "headers": [
            {
              "name": "DNT",
              "value": "1"
            },
            {
              "name": "Upgrade-Insecure-Requests",
              "value": "1"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (X11; CrOS x86_64 14455.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4827.0 Safari/537.36"
            }
          ],
          "queryString": [],
          "cookies": [],
          "headersSize": -1,
          "bodySize": 0
        },
        "response": {
          "status": 307,
          "statusText": "Temporary Redirect",
          "httpVersion": "http/1.1",
          "headers": [
            {
              "name": "Location",
              "value": "https://www.misp-project.org/index.html"
            }
          ],
          "cookies": [],
          "content": {
            "size": 0,
            "mimeType": "x-unknown"
          },
          "redirectURL": "https://www.misp-project.org/index.html",
          "headersSize": -1,
          "bodySize": -1,
          "_transferSize": 0,
          "_error": null
        },
        "serverIPAddress": "",
        "startedDateTime": "2022-01-28T22:20:27.133Z",
        "time": 3.917999998520827,
        "timings": {
          "blocked": -1,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0,
          "wait": 3.917999998520827,
          "receive": 0,
          "_blocked_queueing": -1
        }
      },
      {
        "_initiator": {
          "type": "other"
        },
        "_priority": "VeryHigh",
        "_resourceType": "document",
        "cache": {},
        "pageref": "page_1",
        "request": {
          "method": "GET",
          "url": "https://www.misp-project.org/index.html",
          "httpVersion": "http/1.1",
          "headers": [
            {
              "name": "DNT",
              "value": "1"
            },
            {
              "name": "Upgrade-Insecure-Requests",
              "value": "1"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (X11; CrOS x86_64 14455.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4827.0 Safari/537.36"
            }
          ],
          "queryString": [],
          "cookies": [],
          "headersSize": -1,
          "bodySize": 0
        },
        "response": {
          "status": 307,
          "statusText": "Internal Redirect",
          "httpVersion": "http/1.1",
          "headers": [
            {
              "name": "Location",
              "value": "chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/app/eventpages/block.html referrer=null&url=https%3A%2F%2Fwww.misp-project.org%2Findex.html&host=www.misp-project.org&type=malware&subtype=riskware&tabId=2603&filename=undefined"
            },
            {
              "name": "Non-Authoritative-Reason",
              "value": "WebRequest API"
            }
          ],
          "cookies": [],
          "content": {
            "size": 0,
            "mimeType": "x-unknown"
          },
          "redirectURL": "chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/app/eventpages/block.html?referrer=null&url=https%3A%2F%2Fwww.misp-project.org%2Findex.html&host=www.misp-project.org&type=malware&subtype=riskware&tabId=2603&filename=undefined",
          "headersSize": -1,
          "bodySize": -1,
          "_transferSize": 0,
          "_error": null
        },
        "serverIPAddress": "",
        "startedDateTime": "2022-01-28T22:20:27.137Z",
        "time": 16.877000001841225,
        "timings": {
          "blocked": -1,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0,
          "wait": 16.877000001841225,
          "receive": 0,
          "_blocked_queueing": -1
        }
      },
      {
        "_fromCache": "memory",
        "_initiator": {
          "type": "parser",
          "url": "about:client"
        },
        "_priority": "VeryHigh",
        "_resourceType": "stylesheet",
        "cache": {},
        "pageref": "page_1",
        "request": {
          "method": "GET",
          "url": "https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin",
          "httpVersion": "h3",
          "headers": [
            {
              "name": "sec-ch-ua",
              "value": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"99\", \"Google Chrome\";v=\"99\""
            },
            {
              "name": "Referer",
              "value": ""
            },
            {
              "name": "DNT",
              "value": "1"
            },
            {
              "name": "sec-ch-ua-mobile",
              "value": "?0"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (X11; CrOS x86_64 14455.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4827.0 Safari/537.36"
            },
            {
              "name": "sec-ch-ua-platform",
              "value": "\"Chrome OS\""
            }
          ],
          "queryString": [
            {
              "name": "family",
              "value": "Lato:400,700,400italic,700italic"
            },
            {
              "name": "subset",
              "value": "latin"
            }
          ],
          "cookies": [],
          "headersSize": -1,
          "bodySize": 0
        },
        "response": {
          "status": 200,
          "statusText": "",
          "httpVersion": "h3",
          "headers": [
            {
              "name": "date",
              "value": "Fri, 28 Jan 2022 21:58:52 GMT"
            },
            {
              "name": "content-encoding",
              "value": "gzip"
            },
            {
              "name": "x-content-type-options",
              "value": "nosniff"
            },
            {
              "name": "cross-origin-resource-policy",
              "value": "cross-origin"
            },
            {
              "name": "alt-svc",
              "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\""
            },
            {
              "name": "x-xss-protection",
              "value": "0"
            },
            {
              "name": "last-modified",
              "value": "Fri, 28 Jan 2022 21:51:23 GMT"
            },
            {
              "name": "server",
              "value": "ESF"
            },
            {
              "name": "cross-origin-opener-policy",
              "value": "same-origin-allow-popups"
            },
            {
              "name": "x-frame-options",
              "value": "SAMEORIGIN"
            },
            {
              "name": "content-type",
              "value": "text/css; charset=utf-8"
            },
            {
              "name": "access-control-allow-origin",
              "value": "*"
            },
            {
              "name": "cache-control",
              "value": "private, max-age=86400, stale-while-revalidate=604800"
            },
            {
              "name": "timing-allow-origin",
              "value": "*"
            },
            {
              "name": "link",
              "value": "<https://fonts.gstatic.com>; rel=preconnect; crossorigin"
            },
            {
              "name": "expires",
              "value": "Fri, 28 Jan 2022 21:58:52 GMT"
            }
          ],
          "cookies": [],
          "content": {
            "size": 2682,
            "mimeType": "text/css"
          },
          "redirectURL": "",
          "headersSize": -1,
          "bodySize": 0,
          "_transferSize": 0,
          "_error": null
        },
        "serverIPAddress": "142.250.179.234",
        "startedDateTime": "2022-01-28T22:20:27.436Z",
        "time": 0.2119999990100041,
        "timings": {
          "blocked": -1,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0,
          "wait": 0.1919999995152466,
          "receive": 0.019999999494757503,
          "_blocked_queueing": -1
        }
      }
    ]
  }
}




2052158084_Screenshot2022-01-2819_45_53.thumb.png.04a06a825ad65150a5320f4b60207fdc.png945219450_Screenshot2022-01-2821_30_09.thumb.png.bdaf7f7e213b93469cc5687516450b48.png


Link to post
Share on other sites

https://www.virustotal.com/gui/url/fce424206e46df73fd0435c815b891d2b389cc0b8208fdcb6576ec74407b0c96/detection

 

https://quttera.com/detailed_report/www.misp-project.org

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.