Why not flagged by Sucuri's for malware?

Re: https://urlhaus.abuse.ch/url/301372/ emotet epoch1 detection…
See: https://sitecheck.sucuri.net/results/https/new.butcherbox.ca
directory: https://sitecheck.sucuri.net/results/https/new.butcherbox.ca
Word Press outdated plug-in → header-footer-elementor 1.1.4 latest release (1.2.2)
https://github.com/

Not flagged here either: Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK

Confirmed: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bnt3LmJ1dF5oe31iXXguXnw%3D~enc
Cisco Talos Blacklist:OK
Web Server:
nginx
X-Powered-By:
None
IP Address:
-35.203.98.50
Hosting Provider:
Google LLC
Shared Hosting:
500 sites found on -35.203.98.50

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Re: GoogleBot returned code 301 to -https://new.butcherbox.ca/
Google Chrome returned code 301 to -https://new.butcherbox.ca/
returning code 0 on the redirect… https://sitereport.netcraft.com/?url=https%3A%2F%2Fmk0butcherboxx2i4ts7.kinstacdn.com%2Fwp-content%2F
Re: https://searchdns.netcraft.com/?host=*.kinstacdn.com 34 results… producing a 405 not allowed
Kinsta CDN on WordPress …example of malicious domain: https://otx.alienvault.com/indicator/domain/mk0pcnasitegr8fvdtdc.kinstacdn.com
Re: https://www.virustotal.com/gui/domain/mk0pcnasitegr8fvdtdc.kinstacdn.com/details

polonus

Why not flagged by Sucuri's for malware?
My guess sucuri is a website scanner so only check the HTML for suspicious code like java script, php ...... and not files

Url wil serve you a FakeDoc that will download a Emotet or Ransomware i suspect … lets see what payload we can find

As suspected, Emotet trojan
https://www.virustotal.com/gui/file/37eaca4646edfee5e9f1becc728f4c0ff48e765d00770e6c14dd49dd8eae90f4/detection

For those who wonder what Emotet is >> https://www.malwarebytes.com/emotet/

Thanks, Pondus, for revealing that. When you do not check, such clever cybercriminals will have you big time.
That is why analytics also is in need of a right blink of the human eye. :wink:

To me this one was weird from the start, as URLHaus reported and I saw if being flagged.
So one can never really relent on a single source, whether it is a real find or an FP.

polonus