Jump to content

False positive targetsmart.com


benstroud
Go to solution Solved by benstroud,

Recommended Posts

Hello,

I’m inquiring about a Malwarebytes plugin finding that was submitted by one of our customers when accessing our application/sites (targetsmart.com).

Inspecting our applications/pages we do not find evidence of a trojan or malware. Please provide additional details so that we can further investigate. If that’s not possible, please immediately remove the block from your systems so that our clients that use your plugin aren’t seeing the malware warnings when accessing our applications.

Finding examples from browser console:

OM: (PAGE_BLOCK) malware (trojan) match found on https://targetsmart.com/the-targetsmart-voter-registration-dashboard/ for https://targetsmart.com/insights/. Database: {"trojan":"2.0.202409131405"}

OM: (PAGE_BLOCK) malware (trojan) match found on https://targetsmart.com/shrinking-pool-of-swing-voters-data-tells-a-different-story/#respond for https://targetsmart.com/shrinking-pool-of-swing-voters-data-tells-a-different-story/#respond. Database: {"trojan":"2.0.202409131405"}

OM: (PAGE_BLOCK) malware (trojan) match found on https://my.targetsmart.com/filebrowser/ for https://my.targetsmart.com/filebrowser/. Database: {"trojan":"2.0.202409131905"}

Thanks

Edited by AdvancedSetup
Disabled hyperlinks
Link to post

Thanks for the leads. We've tracked this down to the malware files being hosted not on the targetsmart.com domain (or subdomains) but another domain being hosted on the same WPEngine (managed WordPress) account sharing the same IP address. This is in the context of a parent company that uses WPEngine to host the corporate sites for its multiple child companies. We're working with WPEngine to track down which of these other domains/sites has the malware to resolve the issue.

Link to post

@TeMerc

The parent company IT/security team is working on resolving the targetsmart.com/Wordpress/Gootloader issue. Would it be possible to remove the Malwarebytes browser plugin block for subdomains which are hosted separately from targetsmart.com? These have clean VirusTotal domain reports but are also being blocked by the plugin. They are all hosted on AWS (not using WordPress). The affected WordPress deployments are hosted separately on WPEngine.

https://www.virustotal.com/gui/domain/my.targetsmart.com/detection

https://www.virustotal.com/gui/domain/docs.targetsmart.com/detection

https://www.virustotal.com/gui/domain/visuals.targetsmart.com/detection

https://www.virustotal.com/gui/domain/transfer.targetsmart.com/detection

https://www.virustotal.com/gui/domain/api.targetsmart.com/detection

https://www.virustotal.com/gui/domain/transfer-web.targetsmart.com/detection

https://www.virustotal.com/gui/domain/privacy.targetsmart.com

https://www.virustotal.com/gui/domain/targetearly.targetsmart.com/detection

Link to post
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.