Hi malware fighters,
You are looking up a URL or web address against specific detection lists and also visit robtex.
At the robtex site (link also available via URLVoid!) you can give in for example:
http://www.robtex.com/ext/wot/wXw.inetgiant.com.html
You are then taken to the wot scorecard for mentioned domain…and see it is DETECTED
A good source for your queries to start is here: http://www.urlvoid.com/
Insert site to check:
Scanning site with: BrowserDefender CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Center CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee Trusted Source CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: Project Honey Pot CLEAN
Scanning site with: SpamCop CLEAN
Scanning site with: Spamhaus CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN
There are links there for further information, always keep NoScript and RequestPoliciy in the browser active,
for people that know what they do you can look up a link with malzilla or go to jsunpack,(only for experts!)
I sometimes perform a scan with a specific iFrame scanner
there is also one at NoVirusThanks.org
here: /images/spacer.gif
/images/spacer.gif
/TwitterCallBack.aspx?t=Free advertising! Free classifieds Free classified Ads Free Ads Free Internet advertising Free online advertising Email Advertising Online classifieds&u=htxp://www.inetgiant.com&i=-1
specific queries for specific malware sites, example:
htxp://www.malwaredomainlist.com/mdl.php?search=Eleonore&colsearch=Description&quantity=50
Do not click on anything inside that particular list to avoid a click on a live infection vector!!!
Remember to use Google search to you advance, and stay sandboxed…
example of a specific search: hxtp://testasp.acunetix.com/Search.asp?tfSearch=function+verify_passwords(password1%2C+password2)+{+%2F%2F+do+various+checks
Always give websites as htxp and/or wxw to prevent the unaware to click through and risk getting infested,
give . as [dot] or * malcreant*com malicious[dot]eu
Always give scripts as a cropped GIF image, attached to your posting, else avast shield may flag it,
and this could scare the ***** out of the unaware, even when it is just a script going nowhere…
There is more to it folks, there is obfuscation to de-obfuscate, there are specific aspects of code that give malicious intent away right away like var document.write, inline script being outside HTML (there is no reason for that)
iFrames, SQL injection, vulnerable PHP, WP, exploitable buffer overflows, second links hacked to re-direct to
silent malware downloads, malicious scripts look-alikes with just slightly changed spelling, like -googleanalylics etc.
So good hunt, stay protected!
polonus