I was helping a student working in our office do some documentation for users who think that a URL is OK and should be unblocked (I work at a large technical university in the US).
Step 1 in the process is to have the requester go to VirusTota (and there is guidance for vetting the URL Scanners reported if any show the URL as Malicious, or Malware)
If they still think it is clean, Step 2 is to take the Quttera link off of VirusTotal’s “Additional Information” tab.
The student doing the documentation asked me for an example of something that might be suspicious, without being clearly clean, or clearly bad.
So I went to webinspector.com and looked at “Recent Detections” and found one that was “Suspicious”.
In my pretty locked down VM, I had done screenshots of installing Comodo’s hardened Firefox and Chrome browsers, and had pointed users to the DrWeb and BitDefender link scanner extensions. I had added DrWeb (and took the defaults), and BitDefender TrafficLight to Dragon, and IceDragon. And I visited the site that I had picked on www.webinspector.com. TrafficLight gave me the warning “Attention Malware”, with a big “Take Me Back to Safety” button and a smaller “I know what I am doing” link.
But McAfee endpoint protection, on-access scan popped up, with a file in the browser cache being identified as JS/Exploit-Blacole.ht (description at Advanced Research Center | Trellix which shows detection by DrWeb as JS.Redirector.145 ) So something (bad) was actually downloaded. Interestingly, I get the same results with IceDragon, only the URL is "chrome://trafficlight/content/alerts/malware/page_blocked.
Or are there actual risks that the browser process might be injected, or spawn another process, and things like this will really infect a system with Blackhole?