While searching for virtualization back-up solutions for ESXi, I came accros the following website:
http://joealdeguer.com/backing-up-and-restoring-esxi-virtual-machines/index.php
But the proxy server that filters internet browsing, where I am at the moment, yelled a warning and blocked the page:
(Yes, the is a Squid proxy server powered, and antivirus engine is ClamAV).
As you can see, Clam says "PUA.Script.Packed-1.
Now, let's try VirusTotal for this same URL:
https://www.virustotal.com/en/url/9be98ad47adc382824285f27289bd20cc9f2b71ba1f5761a8c15ecb95b877a1b/analysis/1364141731/
Well... nothing found! even Clam...
URL Scanner | Result |
---|---|
ADMINUSLabs | Clean site |
AlienVault | Clean site |
Antiy-AVL | Clean site |
Avira | Clean site |
BitDefender | Clean site |
C-SIRT | Clean site |
CLEAN MX | Clean site |
Comodo Site Inspector | Clean site |
Dr.Web | Clean site |
ESET | Clean site |
Fortinet | Unrated site |
Google Safebrowsing | Clean site |
K7AntiVirus | Clean site |
Malc0de Database | Clean site |
Malekal | Clean site |
MalwareDomainList | Clean site |
MalwarePatrol | Clean site |
Minotaur | Clean site |
Netcraft | Clean site |
Opera | Clean site |
ParetoLogic | Clean site |
Phishtank | Clean site |
Quttera | Clean site |
SCUMWARE.org | Clean site |
SecureBrain | Unrated site |
Sophos | Unrated site |
SpyEyeTracker | Clean site |
Sucuri SiteCheck | Clean site |
URLQuery | Unrated site |
VX Vault | Clean site |
Websense ThreatSeeker | Unrated site |
Wepawet | Unrated site |
Yandex Safebrowsing | Clean site |
ZDB Zeus | Clean site |
ZeusTracker | Clean site |
zvelo | Clean site |
And no, don't tell me it's because it's a PUA, and therefore it's not reported in the main view...! The "additional information" tab says:
Websense ThreatSeeker URL category Uncategorized. |
Quttera domain information See Quttera report |
Sucuri SiteCheck domain information Full threat report |
Webutation domain information Verdict..................: unsure Adult content............: no Safety score.............: 70 Take a look at the full Webutation review. |
URL after redirects http://joealdeguer.com/backing-up-and-restoring-esxi-virtual-machines/ |
Network location to IP address resolution 108.56.209.3 |
Response code 200 |
Response headers via: HTTP/1.1 GWA |
Response content SHA-256 82132433d7fe11cacada4b1a9573c9f2b292702ed7198b89e7078d9a35e1dcf5 |
Google trends for the term joealdeguer: See full report |
Alexa daily reach Estimated percentage of global internet users who visit joealdeguer.com: |
Here, OK the URL by itself is not categorized as "malicious", but at least one AV engine (Clam) should trigger a warning on VT, if it really matches the AV regular behavior.
In a nutshell, you may want to try VirusTotal for URL scan, but even if it does not give you any result, I do suggest you to manually download the content targetted by the URL, and then upload it to VirusTotal, to double check.
Small update:
if you download the webpage, save it as " web archive" in IE, and upload that to VT, here are the results:
https://www.virustotal.com/en/file/1d9df59ad8b58e5101361b45b2a4ae06fcea2f9e814acedcc3c335c7a178cc6c/analysis/1364142725/
Yes, there you see that Clam does detect a PUA (additional information tab).