M.BL.Domain.gen detected or a FP?

Findings by Quttera’s on deepai.org: Critical Security RiskMalicious Content Detected!

Warning:REMOVE MALWARE NOW
Scanned site: -https://deepai.org:443
iconSITESCAN PARAMETERS
IP address: 18.66.102.128
Country: United States
Server: nginx
CMS: proprietary
Scan date: Sep Tue 2024/09/10 21:24
icondetection details
Malicious files: 1
Suspicious files: 0
Potentially Suspicious files: 0
Clean files: 34
External links detected: 502
Iframes scanned: 0
Referenced domains: 0
Blacklisted links detected: 1
Blacklisted iframes: 0
Referenced blacklisted domains: 1
Blacklisted: No
SSL Certificate details: Available via API only.
iconBlacklisting status
iconQuttera Labs Clean
iconZeusTracker Clean
iconYandex Safebrowsing Clean
iconMalwareDomainList Clean
iconPhishtank Clean
iconGoogle Clean
iconStopBadware Clean
iconURLhaus Clean
More Details
Scanned files analysis

Malicious files:1
Detected Malicious Files
File name /press
Threat name M.BL.Domain.gen
File type HTML
Reason Detected reference to malicious blacklisted domain missionlocal.org
Details Detected reference to blacklisted domain
Threat dump [[missionlocal.org]]
Threat MD5 6C8C39655F33F65106943BAC5998EE8A
File MD5 D824D1BCE91C81547A08096F77652D72

Suspicious files:0
Potentially Suspicious files:0
Clean files:34
Blacklisted External Links
-https://missionlocal.org/2024/01/stupid-shameful-say-tech-workers-of-y-combinator-ceo-garry-tans-rant/
But VT does not have it. Is it amazonaws related?

polonus

Scanning htxps://missionlocal.org/ gives two issues User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.
Linked Sites
Reputation checks have been performed on the IP address for each of the linked sites.
Hosts found on blacklists with poor reputations may be a threat to users of the site.
Hosting and locations are also included in the results.

Externally Linked Host Hosting / Company Country
-newspack.com AUTOMATTIC

Detected Potentially Suspicious Files
File name /opt-out-preferences/#
Threat name Heur.CSS.Hidden.gen
File type HTML
Reason Detected hidden CSS declaration
Details Detected hidden potentially suspicious instructions
Threat dump [[ /* first-name is honeypot */ .cmplz-first-name { position: absolute !important; left: -5000px !important; } ]]
Threat MD5 B7CF2FB119A03CEF69F9B85F24351CF9
File MD5 133C63DABA8F6FB08C70414807C49600

VT does not give it, Location: htxps://halpernmediation.wordpress.com Abuse on Auttomatic Inc.
See: https://www.abuseipdb.com/check/192.0.78.25 Verdict Scam Trading Site!

polonus