If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rating: | Display Modes |
#1
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
Is there a way to test a website for malware without going to it?
Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? |
Ads |
#2
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 14:22:19 +0000 (UTC)
jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Wepawet and zscaler come to mind. There are others as well, none of them are perfect of course. |
#3
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 14:22:19 +0000 (UTC)
jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php It looks suspicious to me, that jquery script in particular. Too complicated for me to check out right now, looks like mostly advertising crap. |
#4
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 14:36:42 +0000 (UTC)
~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ What kind of results do you get? |
#5
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 14:46:24 +0000 (UTC)
~BD~ wrote: ~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ Please see he- https://www.virustotal.com/en-gb/url...28d1/analysis/ So, what's the verdict? |
#6
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
f/ups to acf only
~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Google can test a URL and give you a report like this: http://www.google.com/safebrowsing/d...r%2F876569.php Safe Browsing Diagnostic page for aochi.hideo.perso.neuf.fr Append any domain to the end of the URL “google.com/safebrowsing/diagnostic?site=" But that testing isn't 'comprehensive' for the potential of a site to be a problem. Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ That is not correct. That is not the purpose of the VT functions. VT functions to allow you to 'send' VT a malware file or to 'give' VT a specific file by providing VT a link to the specific file. VT does not send some kind of freeware tool to the site. If you give VT the link to the site above, you will get a VT report like this: File scan:The URL response content could not be retrieved or it is some text format (HTML, XML, CSV, TXT, etc.), hence, it was not enqueued for antivirus scanning. -- Mike Easter |
#7
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
NOTE: Windows 7 is not freeware so it is off-topic for inclusion with
the alt.comp.freeware newsgroup. A better target would be to ask in a newsgroup that discusses your web browser since other users may know of add-ons or extensions to assist with such testing. jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? http://www.avg.com.au/resources/web-page-scanner/ http://sitecheck.sucuri.net/scanner/ http://www.unmaskparasites.com/security-report/ http://www.google.com/safebrowsing/d...e=enterURLhere For the Google check, replace "enterURLhere" with the URL to the web site (sans quotes). They don't provide a web form for entry and instead rely on the URL parameter (since they are also programmatically accessed for checking sites). Proper URLs do not have spaces although some sites will handle them anyway. If there are spaces in the URL you want to check, replace them with the %20 hexidecimal iso entity value. Do not include the protocol (http://, ftp://, etc), just start with the hostname in the domain portion of the URL. I do not recommend WOT or McAfee SiteAdvisor or any community-voted ranking service - just look at the reports by users and you'll understand why boobs shouldn't rank sites. |
#8
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
jan wrote:
http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php That site redirects to: http://greencoffee-fat-loss.com/?20/12 Google's tester says: http://google.com/safebrowsing/diagn...oss.com/?20/12 What is the current listing status for greencoffee-fat-loss.com? This site is not currently listed as suspicious. However VT's function to submit to 39 site testers shows 36 of them reporting clean site, while 4 report as malicious or suspicious, 6 report as unrated, and 29 report as clean. https://www.virustotal.com/en-gb/url...28d1/analysis/ It appears to me that in order to use the VT function to submit to numerous site testers that you have to resolve the redirection first. -- Mike Easter |
#9
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 16:49:44 +0000 (UTC)
~BD~ wrote: FromTheRafters wrote: On Tue, 17 Sep 2013 14:46:24 +0000 (UTC) ~BD~ wrote: ~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ Please see he- https://www.virustotal.com/en-gb/url...28d1/analysis/ So, what's the verdict? Detection ratio 3/39 Can you not see that at my link? Yes, but wat does that *mean*? |
#10
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 17:12:08 +0000 (UTC), FromTheRafters
wrote: On Tue, 17 Sep 2013 16:49:44 +0000 (UTC) ~BD~ wrote: FromTheRafters wrote: On Tue, 17 Sep 2013 14:46:24 +0000 (UTC) ~BD~ wrote: ~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ Please see he- https://www.virustotal.com/en-gb/url...28d1/analysis/ So, what's the verdict? Detection ratio 3/39 Can you not see that at my link? Yes, but wat does that *mean*? I venture that it means there's a growing body of evidence that it's best to stay the **** away from that site. What do you infer from the evidence so far submitted? -- p-0.0-h the cat Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat, Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy, Certifiable criminal, Spineless cowardly scum, textbook Psychopath, the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme, the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll, shyster [pending approval by STATE_TERROR], cripple, sociopath, kook, smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag, liar, and shill. Honorary SHYSTER and FRAUD awarded for services to Haberdashery. By Appointment to God Frank-Lin. |
#11
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 17:19:50 +0000 (UTC)
~BD~ wrote: FromTheRafters wrote: On Tue, 17 Sep 2013 16:49:44 +0000 (UTC) ~BD~ wrote: FromTheRafters wrote: On Tue, 17 Sep 2013 14:46:24 +0000 (UTC) ~BD~ wrote: ~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ Please see he- https://www.virustotal.com/en-gb/url...28d1/analysis/ So, what's the verdict? Detection ratio 3/39 Can you not see that at my link? Yes, but wat does that *mean*? It *may* mean that most AV companies are slow off the blocks ..... OR that the detections found are 'false positives'. Does this help you? Does VT follow links? What did they think of hxxp://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js |
#12
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 18:24:23 +0100
"p-0''0-h the cat (ES)" wrote: On Tue, 17 Sep 2013 17:12:08 +0000 (UTC), FromTheRafters wrote: On Tue, 17 Sep 2013 16:49:44 +0000 (UTC) ~BD~ wrote: FromTheRafters wrote: On Tue, 17 Sep 2013 14:46:24 +0000 (UTC) ~BD~ wrote: ~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ Please see he- https://www.virustotal.com/en-gb/url...28d1/analysis/ So, what's the verdict? Detection ratio 3/39 Can you not see that at my link? Yes, but wat does that *mean*? I venture that it means there's a growing body of evidence that it's best to stay the **** away from that site. What do you infer from the evidence so far submitted? The obfuscation is to hide its spamminess not its maliciousness. I only looked at it for a little while. The VT results are worthless, it's a file submission scanner and expects executable code of some kind to be in the file it gets pointed to. The zulu.zscaler or wepawet would be a better choice for checking webpage maliciousness - but not all that much better sometimes. Most of the rest are 'reputation' based and don't actually look at all. |
#13
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 17:44:44 +0000 (UTC), FromTheRafters
wrote: On Tue, 17 Sep 2013 18:24:23 +0100 "p-0''0-h the cat (ES)" wrote: On Tue, 17 Sep 2013 17:12:08 +0000 (UTC), FromTheRafters wrote: On Tue, 17 Sep 2013 16:49:44 +0000 (UTC) ~BD~ wrote: FromTheRafters wrote: On Tue, 17 Sep 2013 14:46:24 +0000 (UTC) ~BD~ wrote: ~BD~ wrote: jan wrote: Is there a way to test a website for malware without going to it? Recently a family member had their mail account hijacked where an email was sent to all their contacts, including me, and it contained a link to the web site below: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Some of the family members actually clicked on the link, and found it to be a green-coffee bean advertisement, and then they asked *me* if it contained a virus. (The Mac & Windows users asked, not the Linux users.) I knew enough not to click on the site but now I need to know *how* to tell if the site contains malware. Is there freeware I can hand this URL to that will check it out for malware payloads? Yes! Paste the URL he- https://www.virustotal.com/en-gb/ Please see he- https://www.virustotal.com/en-gb/url...28d1/analysis/ So, what's the verdict? Detection ratio 3/39 Can you not see that at my link? Yes, but wat does that *mean*? I venture that it means there's a growing body of evidence that it's best to stay the **** away from that site. What do you infer from the evidence so far submitted? The obfuscation is to hide its spamminess not its maliciousness. I only looked at it for a little while. The VT results are worthless, it's a file submission scanner and expects executable code of some kind to be in the file it gets pointed to. The zulu.zscaler or wepawet would be a better choice for checking webpage maliciousness - but not all that much better sometimes. Most of the rest are 'reputation' based and don't actually look at all. Interestingly, when I put hxxp://aochi.hideo.perso.neuf.fr/js/jquery-1.8.2.min.js into URL to scan it comes up clean, but if you click on Go to downloaded file analysis the file is called keygen.exe Which comes up clean. I've not even looked at this site yet, but the word keygen has tickled my whiskers. Unfortunately the need to hunt, is my primary directive right now. -- p-0.0-h the cat Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat, Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy, Certifiable criminal, Spineless cowardly scum, textbook Psychopath, the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme, the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll, shyster [pending approval by STATE_TERROR], cripple, sociopath, kook, smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag, liar, and shill. Honorary SHYSTER and FRAUD awarded for services to Haberdashery. By Appointment to God Frank-Lin. |
#14
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 14:36:42 +0000, ~BD~ wrote:
http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Paste that URL he https://www.virustotal.com/en-gb/ Ah. Perfect. That site's home page explains: "VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware." However, it wasn't (at first) at all intuitive how to paste the URL in, as it kept wanting me to upload a file (which I don't have). But then I (temporarily) turned off my automatic script blockers and only then did the GUI for the URL show up on the web page. Once I turned off my Firefox script blockers, it immediately reported: URL already analysed This URL was already analysed by VirusTotal on 2013-09-17 14:40:40 UTC. Detection ratio: 0/39 You can take a look at the last analysis or analyse it again now. Looking at the detailed results, it was clean on most issues (and "unrated" for a half dozen of the 39 tests). Thanks for this nice testing site. I will read on and respond to each suggestion separately. jan |
#15
|
|||
|
|||
Freeware to test a specific web site php URL for malware?
On Tue, 17 Sep 2013 14:46:24 +0000, ~BD~ wrote:
http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php https://www.virustotal.com/en-gb/url...28d1/analysis/ Now I'm confused! When I pasted the original URL into virustotal, it said it was clean: http colon slash slash aochi dot hideo dot perso dot neuf dot fr slash 876569 dot php Yet, that URL goes to: http colon slash slash greencoffee dash fat dash loss dot com slash ?20 slash 12 When I pasted *that* secondary URL into virustotal, it said: URL already analysed This URL was already analysed by VirusTotal on 2013-09-17 17:58:02 UTC. Detection ratio: 3/39 You can take a look at the last analysis or analyse it again now. The bad things we 1. BitDefender Malware site 2. CLEAN MX Suspicious site 3. Sophos Malicious site 4. Websense ThreatSeeker Malicious site Can you shed light on an interpretation of why the original site can test clean, yet, the re-direct tests bad. Why wouldn't the virus total site actually follow the links. Are my initial results (i.e., clean site) wrong? |
Thread Tools | |
Display Modes | Rate This Thread |
|
|