Helius_Dev 0 Posted January 9, 2023 Share Posted January 9, 2023 Hi dear managers, I am totally confuse about this site : https://www.teamgroupinc.com/en/ Here is the result of virustotal about this site : https://www.virustotal.com/gui/url/68a226e7a17a8f9a28eec59951b922dca4799419715000d7ad626d527313688a?nocache=1 And here is eset result on my local machine : Just tell me is this a fake page from my isp? Something is wrong here!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Please help me on this as soon as possible Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 9, 2023 Administrators Share Posted January 9, 2023 The website was compromised. An administrator should clean it and remove references to new2sportnews.com. Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 If that web site was compromised why https://www.virustotal.com/ does n't show anything? All virustotal engines are up to date. Please clarify on this. Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 teamgroupinc.com is a legit company in taiwan. Many of friends are reseller from this site. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 9, 2023 Administrators Share Posted January 9, 2023 These are correct VirusTotal results to check: https://www.virustotal.com/gui/file/cc57043e435d4d7a8a5ccac48af8b4679b890813fcc3a5a40e469d1c574caeb7?nocache=1 I have confirmed that the detection is ok and the website was compromised. Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 What url did you check in virustotal? Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 Here is an example of virustotal file check : https://www.virustotal.com/gui/file/4a42c927f3321f39e83d977f02a90034ff0bd6c85583741a2eb3f5e2118668fc?nocache=1 Please share infected url not an infected html file. Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 9, 2023 Administrators Share Posted January 9, 2023 7 minutes ago, Helius_Dev said: Please share infected url not an infected html file. hxxps://www.teamgroupinc.com/index.php However, you must scan the file itself, not do a url check since the url is not blacklisted but it's a malicious code on the web page which is detected. Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 Something is fishy here!!!!!!!!!!!!!!!!!!!!!!!!!! :)( I and you are not admin of their server to download or check index.php file This is why virustotal does n't show anything, because that web site is totally clean. You checked an html file not a php file. Now you are telling infected file is php????????: ) Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 My cam recorder was active today. It was an interesting video on social media network to show how things work. Damage = Damage reputation Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 9, 2023 Administrators Share Posted January 9, 2023 --2023-01-09 15:02:41-- https://www.teamgroupinc.com/en/index.php Resolving www.teamgroupinc.com (www.teamgroupinc.com)... 13.114.136.73, 52.198.219.235 Connecting to www.teamgroupinc.com (www.teamgroupinc.com)|13.114.136.73|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: 'index.php' Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 (edited) Wrong again https://stackoverflow.com/questions/7938624/is-it-possible-to-download-php-script-from-a-web-page-with-wget Edited January 9, 2023 by Helius_Dev Link to comment Share on other sites More sharing options...
itman 1,746 Posted January 9, 2023 Share Posted January 9, 2023 (edited) 13 minutes ago, Helius_Dev said: Wrong again https://stackoverflow.com/questions/7938624/is-it-possible-to-download-php-script-from-a-web-page-with-wget The last comment is the most relevant. The original posting dates to 2011. Quote "Officially" - no. Through "hacking" - yes. If a website allows to download some content via /download.php?src=path_to_file script, AND it was poorly coded, then you could request to download, say, index.php file. Check this out: https://owasp.org/www-community/attacks/Path_Traversal Edited January 9, 2023 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 9, 2023 Administrators Share Posted January 9, 2023 Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 Quote A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. index.php is in root folder. By the way i checked source and finally SATISFIED. Some month ago my pc was infected with P.O.R.N web sites and some people on the street told me you are ISRAIL and beby killer. In my country they kill people because of that. These people destroyed me totally. We had a farm and they ate it like a charm for their malicious purposes. I think for sniffing people with illegal purposes. We have a poor family with empty hands now. Now those people are tracking me all the time and are destroying all web sites that i met. So forgive me for being rude. Last thing : Show me a link that show about this error in eset web site : Quote This web page may contain dangerous content that can provide remote access to an infected device, leak sensitive data from the device or harm the targeted device. I want to be sure it wasn't MITM attack. Thanks Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9, 2023 Author Share Posted January 9, 2023 Ok It seems there is no such that error in eset web site. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts