FromTheRafters <> wrote:
> On Tue, 17 Sep 2013 18:50:08 +0000 (UTC)
> jan <jan@is.invalid> wrote:
>> On Tue, 17 Sep 2013 17:44:44 +0000, FromTheRafters wrote:
>>> zulu.zscaler or wepawet would be a better choice

>> Trying just http://zulu.zscaler first ...
>> Given this original suspected URL:
>> aochi dot hideo dot perso dot neuf dot fr slash 876569.php
>> I pasted that into where the first
>> problem I had was nothing worked, so I had to again turn off
>> all my script blockers.
>> Then, I tried to answer the zulu.zscaler "user agent" question.
>> However, I have FirefoxESR 17.0.8 (RHEL6) which isn't one of the
>> options, so I picked Firefox 8, which was the closest available.
>> I didn't know what to put for the "Referrer" so I left it blank.
>> The results for the primary URL came up as "5/100 (Benign)".
>> a. This URL has been analyzed by Zulu in the past
>> b. Analyzed on: 09/17/2013 at 18:33 GMT
>> c. Redirections: greencoffee dash fat dash loss dot com/?20/12 (302 Moved Temporarily)
>> d. IP Address:, Country: France
>> e. Netblock size has size 511
>> Well, at least *that* site figured out there was a redirect involved,
>> so, this is better than virustotal (which didn't figure that out).
>> Then I repeated this with the secondary URL (the coffee page):
>> greencoffee dash fat dash loss dot com ?20/12
>> That was red flagged as 100/100 Malicious
>> IP Address: located in the Netherlands
>> a. Blacklisted in multiple real-time domain blocklists
>> b. Blacklisted in multiple real-time domain blocklists
>> c. Netblock size has size 255
>> d. IP address has been identified as risky by one/more sources
>> So far, here's my observations:
>> A. VirusTotal = not the best choice because it doesn't know about the redirect
>> B. Zule.Scaler = a better choice because it at least tells you about the redirect
>> C. I will try wepawet next

> VT should not have been suggested in the first place since it isn't
> what the OP asked for but is instead a file submission scanner.

You are mistaken, FTR - VT fulfils BOTH functions!