Closed MikhailKasimov closed 3 years ago
Yes/No , @stamparm ?
User goes to the page where "cryptojacking" domain is being called. He closes page after a minute or two (regular usage). Not sure that this kind of "malicious" activity should be visible in Maltrail as without the context (e.g. compromised site) it doesn't have any meaning.
Idea: what, if we have __info__ = "some name (suspicious)"
string for such cases in .py
scenarios like it is done for malicious ones (__info__ = "some name (malware)"
)?
This can also be applicable for #771 (while we have static malicious_c2panel.txt
list in static/suspicious
folder).
Hello!
[0] https://github.com/portswigger/mine-sweeper
Minesweeper will passively scan in-scope items looking for matches against more than 14000+ known cryptojacking domains within the source of pages.
Sources (feed): [1] https://github.com/PortSwigger/mine-sweeper/blob/master/lib/sources.txt