Hello. Scan my websites with quttera and I get Heur.HTML.SpamSEO.gen

Example result
/1640772667.45-ib9wn1qkbl

Severity: Malicious
Threat: Heur.HTML.SpamSEO.gen
Reason: SEO/Spam detected
Details: Detected malicious SPAM/SEO content
Line: 92
Offset: 3
Threat dump: [View code]

Example Code

  1. [[ <input type=“hidden” name=“md” value="3wt8guT2ZkVXkzfT0jxkZwjtOPHf1iELgJRKFuCQUlY-1640772680-0-AZpd5OLBmdpdSg8BoeSiMDYU29XgUDaLwnZ2rX8-SyRply6pd_dluyNhRt4trnVqRD-rNdRfJy5IiUCbBUE54MtT5GdjH_46Xs7SLGQhn0pxUBY_zwcge1S-iyGCB0GiTMG9qTdQzY-HnV3kl5YVq9zrkxXQoTkXUUS_CjNVy2eMl-N8A7yaI7dzfnQlMfAlQj33O99gmXL5iVNRqX1UokXfI_udhnIafn6zqHzobJsB57VG9841KXeKPpx-ccS2a_M8R6X_ynG8rF67sRDUnqDGG-4PwkPvcNpN2sEE2uRjQ24hAlS_B-k0QtaEfhDs1mAJgkhQNGG6jck-KYf7MZG29SUWEPDWD_bfxo03_2K2EOV-HwHiW0g0sJL3e-jjutmNv0Uu61A1q0ik3GD8otqAURVPlZzKDalvY9T0CRyocXxxSKDrjnZB61wlKrlwhBm12Dt-lX70sdI6j8Tg2jTn4SJPSUbBg8xg-Gktkg7NpNr-hG_mfAek7R46GPl6v-0LZ0hLMaba8K84Dvk3zAGl-wdPgA

Help Me

I am afraid that’s coming straight from your server and needs to be fixed there. You best discuss this with your web developer, Cloudflare won’t be involved here.

Thanks for your answer Sandro.

Interestingly I disable Cloudflare and scan again and my sites appear clean.

I enable Cloudflare and they reappear with malicious files …

Cloudflare does not add such content :wink:. Did you already clear the cache on Cloudflare?

What’s the domain?

Hello…
My site is preguntando.club

it only happens with quttera

virustotal
https://www.virustotal.com/gui/url/dfef215f88e345c7f2258c0074f96fb7803a62350aed7aaca4aa36ea23dcaceb?nocache=1

working with cloudflare activated!

Hello

Thanks for you help.

the code that marks me among others is

  1. [[]]

Domain is Cloudflare?

Registrar Info

Name

Cloudflare, Inc.

Whois Server

whois.cloudflare.com

Referral URL

Status

clienttransferprohibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN

Important Dates

Expires On

2022-12-17

Registered On

2014-12-17

Updated On

2021-11-17

Name Servers

amy.ns.cloudflare.com

172.64.32.101

lee.ns.cloudflare.com

172.64.33.129

Sorry code “maliciosus” is

I just scanned with cloudflare enabled.

And it keeps popping up.

All right, after double checking it would seem it’s the same issue as I see weird link in Cloudflare's browser check page

These links are not part of your site but are included in Cloudflare challenges and are part of Cloudflare’s challenge concept in this case.

2 Likes

Yes and it happens to me with all my sites that have cloudflare activated.

Is there any way to correct it?

Disabling some function or something similar?

You can set your security level to the lowest setting, but that would also disable security.

Can it also be some firewall rule that I append?

I’ll remove all of them to see what happens!

Firewall rules most certainly can fire challenges. You can check your firewall event log.

it’s fine.
Then I’ll do what you suggest.

Thank you for all your help.

So it is a false positive.

Should Cloudflare report it with quttera