MikhailKasimov
commented
5 years ago Yes/No , @stamparm ?
Closed MikhailKasimov closed 3 years ago
MikhailKasimov
commented
5 years ago Yes/No , @stamparm ?
stamparm
commented
5 years ago User goes to the page where "cryptojacking" domain is being called. He closes page after a minute or two (regular usage). Not sure that this kind of "malicious" activity should be visible in Maltrail as without the context (e.g. compromised site) it doesn't have any meaning.
MikhailKasimov
commented
5 years ago Idea: what, if we have __info__ = "some name (suspicious)" string for such cases in .py scenarios like it is done for malicious ones (__info__ = "some name (malware)")?
This can also be applicable for #771 (while we have static malicious_c2panel.txt list in static/suspicious folder).
Hello!
[0] https://github.com/portswigger/mine-sweeper
Minesweeper will passively scan in-scope items looking for matches against more than 14000+ known cryptojacking domains within the source of pages.Sources (feed): [1] https://github.com/PortSwigger/mine-sweeper/blob/master/lib/sources.txt