Helius_Dev 0 Posted January 9 Share Posted January 9 Hi dear managers, I am totally confuse about this site : https://www.teamgroupinc.com/en/ Here is the result of virustotal about this site : https://www.virustotal.com/gui/url/68a226e7a17a8f9a28eec59951b922dca4799419715000d7ad626d527313688a?nocache=1 And here is eset result on my local machine : Just tell me is this a fake page from my isp? Something is wrong here!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Please help me on this as soon as possible Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted January 9 Administrators Share Posted January 9 The website was compromised. An administrator should clean it and remove references to new2sportnews.com. Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 If that web site was compromised why https://www.virustotal.com/ does n't show anything? All virustotal engines are up to date. Please clarify on this. Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 teamgroupinc.com is a legit company in taiwan. Many of friends are reseller from this site. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted January 9 Administrators Share Posted January 9 These are correct VirusTotal results to check: https://www.virustotal.com/gui/file/cc57043e435d4d7a8a5ccac48af8b4679b890813fcc3a5a40e469d1c574caeb7?nocache=1 I have confirmed that the detection is ok and the website was compromised. Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 What url did you check in virustotal? Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 Here is an example of virustotal file check : https://www.virustotal.com/gui/file/4a42c927f3321f39e83d977f02a90034ff0bd6c85583741a2eb3f5e2118668fc?nocache=1 Please share infected url not an infected html file. Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted January 9 Administrators Share Posted January 9 7 minutes ago, Helius_Dev said: Please share infected url not an infected html file. hxxps://www.teamgroupinc.com/index.php However, you must scan the file itself, not do a url check since the url is not blacklisted but it's a malicious code on the web page which is detected. Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 Something is fishy here!!!!!!!!!!!!!!!!!!!!!!!!!! :)( I and you are not admin of their server to download or check index.php file This is why virustotal does n't show anything, because that web site is totally clean. You checked an html file not a php file. Now you are telling infected file is php????????: ) Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 My cam recorder was active today. It was an interesting video on social media network to show how things work. Damage = Damage reputation Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted January 9 Administrators Share Posted January 9 --2023-01-09 15:02:41-- https://www.teamgroupinc.com/en/index.php Resolving www.teamgroupinc.com (www.teamgroupinc.com)... 13.114.136.73, 52.198.219.235 Connecting to www.teamgroupinc.com (www.teamgroupinc.com)|13.114.136.73|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: 'index.php' Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 (edited) Wrong again https://stackoverflow.com/questions/7938624/is-it-possible-to-download-php-script-from-a-web-page-with-wget Edited January 9 by Helius_Dev Quote Link to comment Share on other sites More sharing options...
itman 1,496 Posted January 9 Share Posted January 9 (edited) 13 minutes ago, Helius_Dev said: Wrong again https://stackoverflow.com/questions/7938624/is-it-possible-to-download-php-script-from-a-web-page-with-wget The last comment is the most relevant. The original posting dates to 2011. Quote "Officially" - no. Through "hacking" - yes. If a website allows to download some content via /download.php?src=path_to_file script, AND it was poorly coded, then you could request to download, say, index.php file. Check this out: https://owasp.org/www-community/attacks/Path_Traversal Edited January 9 by itman Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted January 9 Administrators Share Posted January 9 Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 Quote A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. index.php is in root folder. By the way i checked source and finally SATISFIED. Some month ago my pc was infected with P.O.R.N web sites and some people on the street told me you are ISRAIL and beby killer. In my country they kill people because of that. These people destroyed me totally. We had a farm and they ate it like a charm for their malicious purposes. I think for sniffing people with illegal purposes. We have a poor family with empty hands now. Now those people are tracking me all the time and are destroying all web sites that i met. So forgive me for being rude. Last thing : Show me a link that show about this error in eset web site : Quote This web page may contain dangerous content that can provide remote access to an infected device, leak sensitive data from the device or harm the targeted device. I want to be sure it wasn't MITM attack. Thanks Quote Link to comment Share on other sites More sharing options...
Helius_Dev 0 Posted January 9 Author Share Posted January 9 Ok It seems there is no such that error in eset web site. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.