Conflicting data in risk analyzer report for phishing site...

Hi forum friends,

We have a renowned Phishing page into Identity Phishing here: htxp://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.canaldepromocoes.com%2F
Found suspicious here: htxp://urlquery.net/report.php?id=31552
Then we run Zscaler and find there

Phishing Heuristics Not a phishing page

and further down:
Zscaler Malicious URL Phishing

polonus

ehemm… what url did you run in Zscaler ?

http://zulu.zscaler.com/submission/show/139481fa8c36a375d86b1e76e08fe82c-1331752151

OK… i see what you mean :wink:

well as it say…“Phishing Heuristics” the bad guys find new ways to fly under the radar all the time ?

Hi Pondus,

What I mean is that we continuously have to go to a range of resources to establish the true tatus of a URL. So it is a question of comparing blacklists, and in how far this blacklisting is actual. Whenever the site is found suspicious and/or malcious we have to establish if it is still up and responive or closed down. Scanners overlap each other where detection is concerned, what one scanner a will miss, the other scanner may find. Then there are scanners that find up patterns, that actually are false posites or daily dirt. Malscript is again another chapter, there unmasked parasites, Sucuri and Zscaler could be scanners of choice, as some specific secirity expert scanners. For an oversight of content and packers DrWeb’s URL scanner can be a good as additional to other URL scanners. In my experience Bitdefender TrafficLight and M86 security browsing are not bad at all pre-scanners. A virustotal URL and file scan is good to cream it off, and sometimes a wepawet or another analytical scan, just depending what was found,

polonus