porno türk porno rokettube
Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 50

Thread: Freeware to test a specific web site php URL for malware?

  1. #21
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    Mike Easter <MikeE@ster.invalid> wrote:
    > f/ups to acf only
    >
    > ~BD~ wrote:
    >> jan wrote:
    >>> Is there a way to test a website for malware without going to it?
    >>>
    >>> Recently a family member had their mail account hijacked where an email
    >>> was sent to all their contacts, including me, and it contained a link to
    >>> the web site below:
    >>>
    >>> http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash
    >>> 876569 dot php

    >
    > Google can test a URL and give you a report like this:
    >
    > http://www.google.com/safebrowsing/d...r%2F876569.php
    > Safe Browsing
    > Diagnostic page for aochi.hideo.perso.neuf.fr
    >
    > Append any domain to the end of the URL “google.com/safebrowsing/diagnostic?site="
    >
    > But that testing isn't 'comprehensive' for the potential of a site to be a problem.
    >
    >>> Some of the family members actually clicked on the link, and found it to
    >>> be a green-coffee bean advertisement, and then they asked *me* if it
    >>> contained a virus. (The Mac & Windows users asked, not the Linux users.)
    >>>
    >>> I knew enough not to click on the site but now I need to know *how* to
    >>> tell if the site contains malware.
    >>>
    >>> Is there freeware I can hand this URL to that will check it out for
    >>> malware payloads?

    >>
    >> Yes! Paste the URL here:- https://www.virustotal.com/en-gb/

    >
    > That is not correct. That is not the purpose of the VT functions.
    >
    > VT functions to allow you to 'send' VT a malware file or to 'give' VT a
    > specific file by providing VT a link to the specific file. VT does not
    > send some kind of freeware tool to the site.
    >
    > If you give VT the link to the site above, you will get a VT report like this:
    >
    > File scan:The URL response content could not be retrieved or it is some
    > text format (HTML, XML, CSV, TXT, etc.), hence, it was not enqueued for antivirus scanning.


    You need to spend a little more time exploring on the page where you saw
    that, Mike.

    --
    Dave

  2. #22
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    FromTheRafters <erratic@nomail.afraid.org> wrote:
    > On Tue, 17 Sep 2013 14:46:24 +0000 (UTC)
    > ~BD~ <~BD~@nomail.afraid.com> wrote:
    >
    >> ~BD~ <~BD~@nomail.afraid.com> wrote:
    >>> jan <jan@is.invalid> wrote:
    >>>> Is there a way to test a website for malware without going to it?
    >>>>
    >>>> Recently a family member had their mail account hijacked where an email
    >>>> was sent to all their contacts, including me, and it contained a link to
    >>>> the web site below:
    >>>>
    >>>> http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash
    >>>> 876569 dot php
    >>>>
    >>>> Some of the family members actually clicked on the link, and found it to
    >>>> be a green-coffee bean advertisement, and then they asked *me* if it
    >>>> contained a virus. (The Mac & Windows users asked, not the Linux users.)
    >>>>
    >>>> I knew enough not to click on the site but now I need to know *how* to
    >>>> tell if the site contains malware.
    >>>>
    >>>> Is there freeware I can hand this URL to that will check it out for
    >>>> malware payloads?
    >>>
    >>> Yes! Paste the URL here:- https://www.virustotal.com/en-gb/

    >>
    >> Please see here:-
    >>
    >> https://www.virustotal.com/en-gb/url...28d1/analysis/

    >
    > So, what's the verdict?


    Detection ratio 3/39

    Can you not see that at my link?
    --
    Dave

  3. #23
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 16:49:44 +0000 (UTC)
    ~BD~ <~BD~@nomail.afraid.com> wrote:

    > FromTheRafters <erratic@nomail.afraid.org> wrote:
    > > On Tue, 17 Sep 2013 14:46:24 +0000 (UTC)
    > > ~BD~ <~BD~@nomail.afraid.com> wrote:
    > >
    > >> ~BD~ <~BD~@nomail.afraid.com> wrote:
    > >>> jan <jan@is.invalid> wrote:
    > >>>> Is there a way to test a website for malware without going to it?
    > >>>>
    > >>>> Recently a family member had their mail account hijacked where an email
    > >>>> was sent to all their contacts, including me, and it contained a link to
    > >>>> the web site below:
    > >>>>
    > >>>> http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash
    > >>>> 876569 dot php
    > >>>>
    > >>>> Some of the family members actually clicked on the link, and found it to
    > >>>> be a green-coffee bean advertisement, and then they asked *me* if it
    > >>>> contained a virus. (The Mac & Windows users asked, not the Linux users.)
    > >>>>
    > >>>> I knew enough not to click on the site but now I need to know *how* to
    > >>>> tell if the site contains malware.
    > >>>>
    > >>>> Is there freeware I can hand this URL to that will check it out for
    > >>>> malware payloads?
    > >>>
    > >>> Yes! Paste the URL here:- https://www.virustotal.com/en-gb/
    > >>
    > >> Please see here:-
    > >>
    > >> https://www.virustotal.com/en-gb/url...28d1/analysis/

    > >
    > > So, what's the verdict?

    >
    > Detection ratio 3/39
    >
    > Can you not see that at my link?


    Yes, but wat does that *mean*?

  4. #24
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    FromTheRafters <erratic@nomail.afraid.org> wrote:
    > On Tue, 17 Sep 2013 16:49:44 +0000 (UTC)
    > ~BD~ <~BD~@nomail.afraid.com> wrote:
    >
    >> FromTheRafters <erratic@nomail.afraid.org> wrote:
    >>> On Tue, 17 Sep 2013 14:46:24 +0000 (UTC)
    >>> ~BD~ <~BD~@nomail.afraid.com> wrote:
    >>>
    >>>> ~BD~ <~BD~@nomail.afraid.com> wrote:
    >>>>> jan <jan@is.invalid> wrote:
    >>>>>> Is there a way to test a website for malware without going to it?
    >>>>>>
    >>>>>> Recently a family member had their mail account hijacked where an email
    >>>>>> was sent to all their contacts, including me, and it contained a link to
    >>>>>> the web site below:
    >>>>>>
    >>>>>> http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash
    >>>>>> 876569 dot php
    >>>>>>
    >>>>>> Some of the family members actually clicked on the link, and found it to
    >>>>>> be a green-coffee bean advertisement, and then they asked *me* if it
    >>>>>> contained a virus. (The Mac & Windows users asked, not the Linux users.)
    >>>>>>
    >>>>>> I knew enough not to click on the site but now I need to know *how* to
    >>>>>> tell if the site contains malware.
    >>>>>>
    >>>>>> Is there freeware I can hand this URL to that will check it out for
    >>>>>> malware payloads?
    >>>>>
    >>>>> Yes! Paste the URL here:- https://www.virustotal.com/en-gb/
    >>>>
    >>>> Please see here:-
    >>>>
    >>>> https://www.virustotal.com/en-gb/url...28d1/analysis/
    >>>
    >>> So, what's the verdict?

    >>
    >> Detection ratio 3/39
    >>
    >> Can you not see that at my link?

    >
    > Yes, but wat does that *mean*?


    It *may* mean that most AV companies are slow off the blocks ..... OR that
    the detections found are 'false positives'.

    Does this help you?
    --
    Dave

  5. #25
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 17:44:44 +0000, FromTheRafters wrote:

    > The obfuscation is to hide its spamminess not its maliciousness.


    This makes sense because the original URL looked like it was
    constructed probably so that it could be easily changed to appear
    unique to the AOL spam filters (the hacked address was an AOL address).

    The original address ended with PHP, so, my guess is that it was
    a script, that pointed the user to the final destination (which
    was the coffee-bean web page).

    > The VT results are worthless...

    I have to tend to agree (for the most part) with you, because
    the virustotal scanner said the initial URL was clean; but, if
    we went to the trouble of actually *visiting* the initial URL,
    it redirects us to the secondary url, which virustotal finds
    has 4 malware red flags.

    So, VT "worked" but only *after* I was forced to visit the site
    (Yes, I know BD visited it for me - but - really - shouldn't
    the VT scanner have been more intelligent (and not give a false
    negative result)?

    I'll try those other two sites now, and report back.


  6. #26
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 17:19:50 +0000, ~BD~ wrote:

    > It *may* mean that most AV companies are slow off the blocks ..... OR that
    > the detections found are 'false positives'.
    >
    > Does this help you?


    As the OP, I'm thankful you guys provided at least three web
    based malware scan sites which purport to analyze a URL.

    1. https://www.virustotal.com/en-gb/
    2. http://zulu.zscaler.com
    3. http://wepawet.iseclab.org

    Paradoxically, the VirusTotal seemed to give the most information,
    but, only after actually visiting the primary link in order to obtain
    the secondary link, which was reported as malware (mostly based on
    blacklists it seemed).

    The next two, Zulu and wepawet at least figured out there was a
    redirect. Zulu.Zscaler clearly flagged the secondary URL as
    malicious, while WepaWet deemed it only suspicious.

    So, clearly these are sites you don't want to visit, but, I'm not
    quite so sure whether malware is actually involved or just spamming.


  7. #27
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 17:44:44 +0000, FromTheRafters wrote:

    > zulu.zscaler or wepawet would be a better
    > choice for checking webpage maliciousness


    Going to http://wepawet.com, I was a bit confused because
    the home page contains links to "find a dentist" in addition
    to "malware scan", and looking closely, I see it says:
    The domain wepawet.com is for sale!
    To purchase, call 866-836-6791 or click here to BUY NOW!

    I then tried the obvious first:
    http://wepawet.org
    http://wepawet.net
    But, they both came up as not being found.

    Googling for "wepawet", I find the probable site is:
    http://wepawet.iseclab.org

    Going to that site, I'm not sure if what "Resource Type" I
    should select, so I leave it at the default (JavaScript/PDF
    versus Flash).

    Pasting the primary URL into wepawet.iseclab.org:
    aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php
    It reports:
    a. No exploits were identified.
    However, it does recognize the redirect; but it doesn't
    report the redirect as being bad.

    Pasting the secondary URL into wepawet.iseclab.org:
    greencoffee dash fat dash loss dot com slash ?20 slash 12
    It reports:
    a. Jsand 2.3.6 suspicious
    b. No exploits were identified.

    I'm not sure what to make of this yet.

    Primary URL reports:
    http://wepawet.iseclab.org/view.php?...444248&type=js
    http://wepawet.iseclab.org/domain.ph...3eb9fb&type=js

    Secondary URL report:
    http://wepawet.iseclab.org/domain.ph...452345&type=js


  8. #28
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 19:01:27 +0100, p-0''0-h the cat (ES) wrote:

    > aochi dot hideo dot perso dot neuf dot fr/js/jquery-1.8.2.min.js
    > comes up clean, but if you click on Go to downloaded file analysis
    > the file is called keygen.exe


    I'm not sure how you found that javascript URL as it didn't show up
    for me.

    But, I don't know anything about javascript, so, I might easily
    have missed a clue that you picked up somewhere in the analysis.

    I didn't see anything called "keygen"; but I too would be a bit
    sensitive about a file named that!


  9. #29
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 17:28:00 +0000, FromTheRafters wrote:

    > Does VT follow links? What did they think of
    > aochi dot hideo dot perso dot neuf dot fr/js/jquery-1.8.2.min.js


    I don't know if VirusTotal "follows" links, but, I can say that
    VirusTotal did *not* pick up the fact that the original php
    script caused a redirect (whereas the other two suggested URL
    scanners *did* notice the redirect going on).

    Plugging that "js" link above into:
    https://www.virustotal.com/en-gb/#url
    I get:
    URL already analysed
    This URL was already analysed by VirusTotal on 2013-09-17 17:55:01 UTC.
    Detection ratio: 0/39
    You can take a look at the last analysis or analyse it again now.

    Results here:
    https://www.virustotal.com/en-gb/url...9a86/analysis/


  10. #30
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 09:52:06 -0700, Mike Easter wrote:

    > The report at your earlier link was a report on the redirected coffee bean
    > site, not the URL posted site.


    I'm a bit confused, but, here's what I found out about redirect detection.

    Tested primary URL on these four sites:
    1. https://www.virustotal.com/en-gb/

    2. http://zulu.zscaler.com

    3. http://wepawet.iseclab.org

    4. http://www.google.com/safebrowsing/d.../path/file.htm

    RESULTS:
    1. Virustotal did not detect the redirect

    2. Zulu.Zscaler did detect the redirect

    3. Wepawet.IsecLab did detect the redirect

    4. Google Safebrowsing Diagnostics did not detect the redirect

    The problem with the sites that fail to detect the redirect is that the
    user is forced to actually *go* to the redirected site to find out about
    it (which, by then, could be too late).


  11. #31
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 14:38:30 +0000, FromTheRafters wrote:

    > Wepawet and zscaler come to mind. There are others as well, none of them
    > are perfect of course.


    Clearly none are perfect!
    Some said the two sites (primary and secondary) were clean.
    Others said they contained malware.

    Here are the four suggested sites, to date, to use to test URLs:

    1. https://www.virustotal.com/en-gb/

    2. http://zulu.zscaler.com

    3. http://wepawet.iseclab.org

    4. http://google.com/safebrowsing/diagn.../path/file.htm


  12. #32
    Ext User(jan) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 19:44:39 +0000, jan wrote:

    > VirusTotal results were problematic because it didn't
    > tell you that the primary URL redirected you to a secondary URL.
    > Neither did the Google diagnostic scan.
    > Luckily, the other two did.


    Given that, how does this look for our recommended
    Windows/Linux/Mac freeware sites to bookmark for
    future scanning of suspect URLs?

    (In priority order):
    1. http://zulu.zscaler.com

    2. http://wepawet.iseclab.org

    3. https://www.virustotal.com/en-gb/#url

    4. http://google.com/safebrowsing/diagn.../path/file.htm


  13. #33
    Ext User(Mike Easter) Guest

    Re: Freeware to test a specific web site php URL for malware?

    jan wrote:
    Newsgroups: alt.comp.freeware,alt.os.linux,alt.windows7.genera l

    Do not crosspost to any groups you aren't subscribed. I suspect that you
    might not be subscribed/reading alt.comp.freeware.

    --
    Mike Easter

  14. #34
    Ext User(~BD~) Guest

    Re: Freeware to test a specific web site php URL for malware?

    jan <jan@is.invalid> wrote:
    > On Tue, 17 Sep 2013 16:49:44 +0000, ~BD~ wrote:
    >
    >> Detection ratio 3/39
    >> Can you not see that at my link?

    >
    > Hi Dave,
    > I did visit your link, and I ran the test myself, which
    > showed the following:
    >
    > a. BitDefender Malware site
    > b. Sophos Malicious site
    > c. Websense ThreatSeeker Malicious site
    > d. CLEAN MX Suspicious site
    >
    > But, I'm not sure what that means, to me, and I'm definitely
    > unclear what to tell my siblings who had clicked on the link.
    >
    > What does this mean, to a Mac/Windows/Linux user?


    I'm no expert, Jan, but I don't think Mac or Linux users need be too
    concerned if they had clicked on the link. I'd suggest that Windows users
    check their machines with an on-line scanner such as this one
    http://housecall.trendmicro.com/uk/index.html
    --
    Dave

  15. #35
    Ext User(Mike Easter) Guest

    Re: Freeware to test a specific web site php URL for malware?

    f/ups to a.c.f only

    jan wrote:
    > Mike Easter wrote:
    >
    >> The report at your earlier link was a report on the redirected coffee bean
    >> site, not the URL posted site.

    >
    > I'm a bit confused, but, here's what I found out about redirect detection.
    >
    > Tested primary URL on these four sites:
    > 1. https://www.virustotal.com/en-gb/
    >
    > 2. http://zulu.zscaler.com
    >
    > 3. http://wepawet.iseclab.org
    >
    > 4. http://www.google.com/safebrowsing/d.../path/file.htm
    >
    > RESULTS:
    > 1. Virustotal did not detect the redirect
    >
    > 2. Zulu.Zscaler did detect the redirect
    >
    > 3. Wepawet.IsecLab did detect the redirect
    >
    > 4. Google Safebrowsing Diagnostics did not detect the redirect
    >
    > The problem with the sites that fail to detect the redirect is that the
    > user is forced to actually *go* to the redirected site to find out about
    > it (which, by then, could be too late).


    It is not necessary to 'go to' a site (with a loose browser) to
    determine the redirected site.

    There are tools like websniffer or even samspade's or other access to wget.


    --
    Mike Easter

  16. #36
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 18:50:08 +0000 (UTC)
    jan <jan@is.invalid> wrote:

    > On Tue, 17 Sep 2013 17:44:44 +0000, FromTheRafters wrote:
    >
    > > zulu.zscaler or wepawet would be a better choice

    >
    > Trying just http://zulu.zscaler first ...
    >
    > Given this original suspected URL:
    > aochi dot hideo dot perso dot neuf dot fr slash 876569.php
    > I pasted that into http://zulu.zscaler.com where the first
    > problem I had was nothing worked, so I had to again turn off
    > all my script blockers.
    >
    > Then, I tried to answer the zulu.zscaler "user agent" question.
    > However, I have FirefoxESR 17.0.8 (RHEL6) which isn't one of the
    > options, so I picked Firefox 8, which was the closest available.
    >
    > I didn't know what to put for the "Referrer" so I left it blank.
    >
    > The results for the primary URL came up as "5/100 (Benign)".
    > a. This URL has been analyzed by Zulu in the past
    > b. Analyzed on: 09/17/2013 at 18:33 GMT
    > c. Redirections: greencoffee dash fat dash loss dot com/?20/12 (302 Moved Temporarily)
    > d. IP Address: 86.65.123.70, Country: France
    > e. Netblock size has size 511
    >
    > Well, at least *that* site figured out there was a redirect involved,
    > so, this is better than virustotal (which didn't figure that out).
    >
    > Then I repeated this with the secondary URL (the coffee page):
    > greencoffee dash fat dash loss dot com ?20/12
    > That was red flagged as 100/100 Malicious
    > IP Address: 46.249.59.209 located in the Netherlands
    > a. Blacklisted in multiple real-time domain blocklists
    > b. Blacklisted in multiple real-time domain blocklists
    > c. Netblock size has size 255
    > d. IP address has been identified as risky by one/more sources
    >
    > So far, here's my observations:
    > A. VirusTotal = not the best choice because it doesn't know about the redirect
    > B. Zule.Scaler = a better choice because it at least tells you about the redirect
    > C. I will try wepawet next


    VT should not have been suggested in the first place since it isn't
    what the OP asked for but is instead a file submission scanner.
    >


  17. #37
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 19:35:33 +0000 (UTC)
    jan <jan@is.invalid> wrote:

    > On Tue, 17 Sep 2013 14:38:30 +0000, FromTheRafters wrote:
    >
    > > Wepawet and zscaler come to mind. There are others as well, none of them
    > > are perfect of course.

    >
    > Clearly none are perfect!
    > Some said the two sites (primary and secondary) were clean.
    > Others said they contained malware.
    >
    > Here are the four suggested sites, to date, to use to test URLs:
    >
    > 1. https://www.virustotal.com/en-gb/
    >
    > 2. http://zulu.zscaler.com
    >
    > 3. http://wepawet.iseclab.org
    >
    > 4. http://google.com/safebrowsing/diagn.../path/file.htm


    As you have no doubt learned, some interpreting of results will often be
    needed. I have sent URL's known to be BlackHole Exploit Kit built
    landing pages and they have been reported as benign or sometimes
    suspicious when it is known (to me) that it is indeed malicious. They
    explained to me that the scanner looks for 'exploit code' or
    'shellcode' to be in the URL's content - if it doesn't find any, it
    doesn't tag it as malicious. It can however tag it as suspicious if it
    looks too much like another that *is* malicious.

    To me, redirects are not malicious in and of themselves so it is not
    surprising that a file scanner doesn't report it as malware. I don't
    think that VT even follows links that aren't obfuscated let alone ones
    that are - and is not the tool that you asked for. If you dig out (or
    get a final 'malicious' file from a sandbox) the target malware file
    you can use a file submission service to get more data about the file.

    jotti.org
    virustotal.com
    virscan.org

    are file submission scanners.

  18. #38
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 16:15:06 -0400
    "...winston" <winstonmvp@gmail.com> wrote:

    > jan wrote:
    > > Is there a way to test a website for malware without going to it?
    > >
    > > Recently a family member had their mail account hijacked where an email
    > > was sent to all their contacts, including me, and it contained a link to
    > > the web site below:
    > >
    > > http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash
    > > 876569 dot php
    > >
    > > Some of the family members actually clicked on the link, and found it to
    > > be a green-coffee bean advertisement, and then they asked *me* if it
    > > contained a virus. (The Mac & Windows users asked, not the Linux users.)
    > >
    > > I knew enough not to click on the site but now I need to know *how* to
    > > tell if the site contains malware.
    > >
    > > Is there freeware I can hand this URL to that will check it out for
    > > malware payloads?
    > >

    > That 'Green coffee bean' ad has been floating around for some time
    > across a bevy of different isp email addresses.
    >
    > Not all originate from the senders email address, some with forged
    > headers, some from harvesting addresses from one of the faked sender's
    > contacts (i.e. the sender may not be compromised but one of their
    > contacts)...the list goes on.


    I also noticed a reference to a GPS locator function which seemed
    suspicious to me, but I have seen such ads using GPS to customize the
    ad to the visitor's location. For instance the old earn money now just
    like this person did (an address in your own home town) scam ad.

  19. #39
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 19:56:12 +0000 (UTC)
    jan <jan@is.invalid> wrote:

    > On Tue, 17 Sep 2013 19:44:39 +0000, jan wrote:
    >
    > > VirusTotal results were problematic because it didn't
    > > tell you that the primary URL redirected you to a secondary URL.
    > > Neither did the Google diagnostic scan.
    > > Luckily, the other two did.

    >
    > Given that, how does this look for our recommended
    > Windows/Linux/Mac freeware sites to bookmark for
    > future scanning of suspect URLs?
    >
    > (In priority order):
    > 1. http://zulu.zscaler.com
    >
    > 2. http://wepawet.iseclab.org
    >
    > 3. https://www.virustotal.com/en-gb/#url
    >
    > 4. http://google.com/safebrowsing/diagn.../path/file.htm
    >

    I would say just the first two, and then even take the results with a
    grain of salt. If I'm not mistaken, the VT one is expecting the URL to
    be a file to download and check for malware - not a URL to check out by
    rendering HTML, interpreting JavaScript, and following links. Also I'm
    under the impression that the Google one is a reputation based lookup
    table.

  20. #40
    Ext User(FromTheRafters) Guest

    Re: Freeware to test a specific web site php URL for malware?

    On Tue, 17 Sep 2013 21:22:57 +0000 (UTC)
    ~BD~ <~BD~@nomail.afraid.com> wrote:

    > FromTheRafters <erratic@nomail.afraid.org> wrote:
    > > On Tue, 17 Sep 2013 18:50:08 +0000 (UTC)
    > > jan <jan@is.invalid> wrote:
    > >
    > >> On Tue, 17 Sep 2013 17:44:44 +0000, FromTheRafters wrote:
    > >>
    > >>> zulu.zscaler or wepawet would be a better choice
    > >>
    > >> Trying just http://zulu.zscaler first ...
    > >>
    > >> Given this original suspected URL:
    > >> aochi dot hideo dot perso dot neuf dot fr slash 876569.php
    > >> I pasted that into http://zulu.zscaler.com where the first
    > >> problem I had was nothing worked, so I had to again turn off
    > >> all my script blockers.
    > >>
    > >> Then, I tried to answer the zulu.zscaler "user agent" question.
    > >> However, I have FirefoxESR 17.0.8 (RHEL6) which isn't one of the
    > >> options, so I picked Firefox 8, which was the closest available.
    > >>
    > >> I didn't know what to put for the "Referrer" so I left it blank.
    > >>
    > >> The results for the primary URL came up as "5/100 (Benign)".
    > >> a. This URL has been analyzed by Zulu in the past
    > >> b. Analyzed on: 09/17/2013 at 18:33 GMT
    > >> c. Redirections: greencoffee dash fat dash loss dot com/?20/12 (302 Moved Temporarily)
    > >> d. IP Address: 86.65.123.70, Country: France
    > >> e. Netblock size has size 511
    > >>
    > >> Well, at least *that* site figured out there was a redirect involved,
    > >> so, this is better than virustotal (which didn't figure that out).
    > >>
    > >> Then I repeated this with the secondary URL (the coffee page):
    > >> greencoffee dash fat dash loss dot com ?20/12
    > >> That was red flagged as 100/100 Malicious
    > >> IP Address: 46.249.59.209 located in the Netherlands
    > >> a. Blacklisted in multiple real-time domain blocklists
    > >> b. Blacklisted in multiple real-time domain blocklists
    > >> c. Netblock size has size 255
    > >> d. IP address has been identified as risky by one/more sources
    > >>
    > >> So far, here's my observations:
    > >> A. VirusTotal = not the best choice because it doesn't know about the redirect
    > >> B. Zule.Scaler = a better choice because it at least tells you about the redirect
    > >> C. I will try wepawet next

    > >
    > > VT should not have been suggested in the first place since it isn't
    > > what the OP asked for but is instead a file submission scanner.

    >
    > You are mistaken, FTR - VT fulfils BOTH functions!


    I see that now, thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •