urlquery does detect EXPLOIT-KIT Redkit, while VT does not!

See: https://www.virustotal.com/nl/url/a773006b04536bbd8c83f6de3a4e485f8164e261cffe78cc78dc5f53431e45ba/analysis/
Detected here: http://urlquery.net/report.php?id=3404314 -IDs alert for EXPLOIT-KIT Redkit exploit kit redirection attempt
For the two hidden/malicious iFrames see: http://evuln.com/tools/malware-scanner/thetoponlineshopping.com/
Hidden iFrame found.
size: 2x2
src: htxp://ypagesworld.com/omcd.html?i=779512 ->redirects tohtxp://irishbusinessschoolnigeria.com/omcd.html?i=779512
&
Hidden iFrame found.
size: 2x2
src: htxp://ypagesworld.com/omcd.html?i=779512 ->redirects tohtxp://irishbusinessschoolnigeria.com/omcd.html?i=779512
Both instances landing here:
http://urlquery.net/report.php?id=3404403

polonus

iframe confirmed by Sucuri. http://sitecheck.sucuri.net/results/thetoponlineshopping.com/ewriterpro/

OK, Pondus, thanks and with you here, my friend, but the missed detection should be reported to VT…
On the other hand google safebrowsing blocks a vist to the redirected site anyways, so a lot of browser users (like those on fx and chrome) are being protected,
but that is not the point. Topic is about detection discrepancies…

polonus

Scan is no longer actual as this redirect on that site was being taken down: https://www.virustotal.com/nl/url/e0270a6cdb64e07aba02e9b7ff3da27064ea2a3ee6440b2c67764544ecaaf989/analysis/
but main redirect site still blacklisted: https://www.google.com/safebrowsing/diagnostic?site=ypagesworld.com

polonus

Another example for this IDS alert: FILE-FLASH Action InitArray stack overflow attempt
See: https://urlquery.net/report.php?id=767696
and the accompanying VT results: https://www.virustotal.com/nl/url/b60fbe6aa2089f040f683b662071d5e010a3e3e8055e55962e9721e532476887/analysis/
Nothing detected! Understandable: https://www.virustotal.com/nl/domain/www.dl.bazisaz.com/information/
and https://www.virustotal.com/nl/ip-address/95.211.80.118/information/

The IDS alerts comes from theseso-called flash rules:
1 24889 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24890 FILE-FLASH Action InitArray stack overflow attempt off drop off
1 24891 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24892 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24893 FILE-FLASH Action InitArray stack overflow attempt off drop off
1 24894 FILE-FLASH Action InitArray stack overflow attempt off off drop
1 24895 FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt off drop drop
1 24896 FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt off drop drop

Domain seems down: Down: NA RIPE NL abuse at leaseweb.com 95.211.80.118 to 95.211.80.118 bazisaz.com htxp://www.dl.bazisaz.com/edu/gamemaker/gamemaker-01.flv

polonus