Why these links on website not flagged on virustotal?

polonus · 2017-03-04T16:09:13.000Z

Detected: -counter.yadro.ru/hit;noadsru?r;s117688524;uhttp%3A//polikarbonat-prom.ru/index/monolitnyj_polikarb Malware Severity 2.
ulquery.net flags it, and it has been found to reside on many a Russian website:
Example: http://urlquery.net/report.php?id=1488641376207
Retirable jQuery libraries there: http://urlquery.net/report.php?id=1488641376207
The DOM XSS scan results: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fpolikarbonat-prom.ru%2Findex%2Fmonolitnyj_polikarbonat%2F0-39
Nothing given here: https://www.virustotal.com/pl/url/122144ae6060d694e0bfcd18bbc01133f6bf8bc3b7a8faf6c4b7cc90aaa11bea/analysis/1488642322/
and for that particular script: https://www.virustotal.com/pl/url/d8ba46c0dfc5f07804fae9102e12fd096df4ef8e3f7738daede0ba10ebdde019/analysis/1488642670/
an Sucuri produces an Unable to properly scan your site. Not a secure page: Certificate Error
There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
-mc.yandex.rumc.yandex.ru
Vulnerable Certificate:
Please contact the Certificate Authority for further verification.
Warnings
RC4
Your server’s encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure. More information.
SSLv3
Your server’s encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure. More information.
Issues: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fyandex.ru

Script is blocked for me by uBlock₀
-https://mc.yandex.ru/metrika/watch.js
Because it became blocked because of the following filter
||mc.yandex dot ru^
That filter resides in the EasyPrivacy list

polonus (volunteer website security analyst and website error-hunter)

Para-Noid · 2017-03-04T17:50:13.000Z

Probably nameserver has resolution issues which produces an invitation an entire server to be compromised.

http://dnscheck.iis.se/?time=1488649116&id=6234270&view=basic&test=standard
http://dnscheck.pingdom.com/?domain=polikarbonat-prom.ru&timestamp=1488649139&view=1

Also check out this http://push2check.net/polikarbonat-prom.ru (have fun clicking on some tabs (it’s scary))

polonus · 2017-03-06T22:43:19.000Z

Another one and a link there flagged by Scamvoid as well: http://www.scamvoid.com/check/tradeadexchange.com (malware?
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.tradeadexchange.com%2Fa%2Fdisplay.php%3Fr%3D290643
To be classified within the ranks of this class of malcode? read → https://www.interactivetools.com/forum/forum-posts.php?php.generic.malware-issue-80848

Where we found this: http://urlquery.net/report.php?id=1488837870706
errors: https://sitecheck.sucuri.net/results/polowanko.pl.tl#sitecheck-details
See: http://toolbar.netcraft.com/site_report?url=polowanko.pl.tl
and see: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.tradeadexchange.com%2Fa%2Fdisplay.php%3Fr%3D290643
Also this given here as safe: http://www.scamvoid.com/check/fcdn.webme.com
e-tag iFrame? → http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffcdn.webme.com%2Fselfpromotion.php%3Fsize%3Dsiebenhundertachtundzwanzig
Used in PHISHing.

I hold my breath as one of the two issues flagged at urlquery dot net is flagged by fortinet’s and that can be found in VT: https://www.virustotal.com/pl/url/2c47ef2ef9a4e3243bf1887a85fd1fcc71d409d64d70f87501c6797a250b7c86/analysis/1488840470/

polonus

polonus · 2017-03-07T18:26:11.000Z

Another one, flagged here: http://urlquery.net/report.php?id=1488909278537
Analysis with broken links here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=galaxyfilmestorrent.com&ref_sel=GSP2&ua_sel=ff&fs=1
Scanned the rebuilt link, no alerts: https://www.virustotal.com/pl/url/deca34968f039f342206b24f181440753a0e39bb19fb508b1475553f5ce5cd29/analysis/1488910909/
When reconstructed virustotal looses her blindness: https://www.virustotal.com/pl/url/07c573f1203588c435487df28580c1e8a5376f28258d7ee48377a036b8b53822/analysis/1488911067/ 2 detect - AutoShun and Fortinet’s.
Avast does not flag the file scan: https://www.virustotal.com/pl/file/6af59b841c288c238ef7b6e9c62289f480cc0606c788c23ab3c4678cad990aca/analysis/1484784650/
It is obfuscated adware pop-under code, see: http://ddecode.com/hexdecoder/?results=65941a68ebd86843cad5b32fd9b33675
Maybe only detected as PUP?

polonus

savcin · 2017-03-07T20:53:40.000Z

Detection created.

Announcements