kulibin.com.ua

User avatar
Myxt
Posts: 2086
Joined: Sat Mar 05, 2011 6:18 am

RE: kulibin.com.ua

Post by Myxt » Thu Nov 02, 2017 8:43 am

Verified: detections by hostsFile and Norton Safeweb are removed.
Everything in VirusTotal needs to be re-scanned - several detections remain.
_https://www.virustotal.com/#/domain/kulibin.com.ua

User avatar
Shumadzu
Posts: 14
Joined: Mon Jan 23, 2017 3:30 pm

RE: kulibin.com.ua

Post by Shumadzu » Thu Nov 02, 2017 9:25 am

<quote user="myxt">
Verified: detections by hostsFile and Norton Safeweb are removed.
Everything in VirusTotal needs to be re-scanned - several detections remain.
_https://www.virustotal.com/#/domain/kulibin.com.ua
[/quote]
Good afternoon, according to _https://www.virustotal.com/#/domain/kulibin.com.ua one service (Forcepoint ThreatSeeker) indicates that the site has a malicious code, see the screen _http://take.ms/TCPGN
I do not know how to contact Forcepoint ThreatSeeker technical support for rescanning the site (I'll be grateful for the mail)
In fact, this is a false trigger, according to _http://www.urlvoid.com/scan/kulibin.com.ua/ the site has problems with only the WOT rating

P.S. It turns out because of Forcepoint ThreatSeeker my site will always be of low rating, I will be grateful for the link to the official site of Forcepoint ThreatSeeker with contacts

User avatar
Shumadzu
Posts: 14
Joined: Mon Jan 23, 2017 3:30 pm

RE: kulibin.com.ua

Post by Shumadzu » Thu Nov 02, 2017 9:55 am

<quote user="myxt">
Verified: detections by hostsFile and Norton Safeweb are removed.
Everything in VirusTotal needs to be re-scanned - several detections remain.
_https://www.virustotal.com/#/domain/kulibin.com.ua
[/quote]

Having fun, checked again _https://www.virustotal.com/ru/url/a16fe8b486894 ... 509615642/ and shows that the site is clean for all services, see screenshot _http://take.ms/2WHN5 Thanks for your attention

User avatar
Shumadzu
Posts: 14
Joined: Mon Jan 23, 2017 3:30 pm

RE: kulibin.com.ua

Post by Shumadzu » Thu Nov 02, 2017 11:03 am

<quote user="myxt">
Verified: detections by hostsFile and Norton Safeweb are removed.
Everything in VirusTotal needs to be re-scanned - several detections remain.
_https://www.virustotal.com/#/domain/kulibin.com.ua
[/quote]

Forgot to add, see screen _http://take.ms/CB5yz
These are all non-existent pages that return 404 server response code

User avatar
spectre
Posts: 4017
Joined: Sun May 03, 2009 10:43 pm

RE: kulibin.com.ua

Post by spectre » Thu Nov 02, 2017 12:46 pm

Please edit all the live links in all your recent posts.
See https://www.mywot.com/en/guidelines/forum-guidelines

User avatar
Myxt
Posts: 2086
Joined: Sat Mar 05, 2011 6:18 am

RE: kulibin.com.ua

Post by Myxt » Fri Nov 03, 2017 7:23 am

<quote user="shumadzu@gmail.com">
Good afternoon, according to _https://www.virustotal.com/#/domain/kulibin.com.ua one service (Forcepoint ThreatSeeker) indicates that the site has a malicious code, see the screen _http://take.ms/TCPGN
I do not know how to contact Forcepoint ThreatSeeker technical support for rescanning the site (I'll be grateful for the mail)
In fact, this is a false trigger, according to _http://www.urlvoid.com/scan/kulibin.com.ua/ the site has problems with only the WOT rating
P.S. It turns out because of Forcepoint ThreatSeeker my site will always be of low rating, I will be grateful for the link to the official site of Forcepoint ThreatSeeker with contacts

Having fun, checked again _https://www.virustotal.com/ru/url/a16fe8b486894 ... 509615642/ and shows that the site is clean for all services, see screenshot _http://take.ms/2WHN5

Forgot to add, see screen _http://take.ms/CB5yz
These are all non-existent pages that return 404 server response code
[/quote]

I rescanned all links known to VirusTotal, so now those results have fresh scan dates of 2017/11/02 and 2017/11/03. Forcepoint ThreatSeeker (
Google> "Forcepoint ThreatSeeker" official website
page1 response1 is forcepoint.com/contact-us
) is only a very small part of your problem. Avira, Fortinet, Kaspersky, Sophos AV, and occasionally AegisLab WebGuard and Forcepoint ThreatSeeker, detect the links reported here:
_https://www.virustotal.com/#/domain/kulibin.com.ua

In that page is a section titled "URLs", which you have seen. At the bottom of the URLs section is a button labled "More". Click that button to display more URLs, then scroll down and click it again, and continue doing this until the button does not reappear. At that point, all URLs known to VirusTotal will be displayed. You can also test the bad links at
_https://zulu.zscaler.com/

Beneath the URLs section is a section titled "Downloaded Files", which displays two files, re-scanned on 2017/11/02, detected by 55/67 and 59/67 vendors as Win32 executables carrying ransom-ware.

With "custom 404" processing, much can happen between the initial page request and the final 404 page. In addition, some sites are rigged to return 404s to visitors who use restricted browsers (but do load the page in normal browsers) or who arrive from an unwanted IP range. Therefore, 404 does not necessarily mean that nothing (dangerous) is there. This page
_http://kulibin.com.ua/437gfinw2/?VjEVDX=NmyiwQvW
returns 404, but
_https://wget.alanreed.org/
reveals the entire 3,123-line source code of an advertising page with 438 Catalog links. I cannot believe that you want the search engines to ignore such pages as "not found".

You cited URLVoid. One can usually find at least one vendor that thinks his site is safe or, more likely, that has simply not yet noticed a few bad files among thousands in one web site among a billion web sites. Eleven vendors have not yet noticed the ransomware that was reported by 59 other vendors. It happens.

If only one outlying vendor consistently flagged your links, I might be convinced that it is reporting "false positives"; but when vendors such as Avira, Kaspersky, and Sophos consistently flag 28 of your links, and when two files actually downloaded from your site are heavily flagged for ransomware, then I simply don't trust your site.

User avatar
Shumadzu
Posts: 14
Joined: Mon Jan 23, 2017 3:30 pm

RE: kulibin.com.ua

Post by Shumadzu » Mon Nov 06, 2017 2:41 pm

<quote user="myxt">
I rescanned all links known to VirusTotal, so now those results have fresh scan dates of 2017/11/02 and 2017/11/03. Forcepoint ThreatSeeker (
Google> "Forcepoint ThreatSeeker" official website
page1 response1 is forcepoint.com/contact-us
) is only a very small part of your problem. Avira, Fortinet, Kaspersky, Sophos AV, and occasionally AegisLab WebGuard and Forcepoint ThreatSeeker, detect the links reported here:
_https://www.virustotal.com/#/domain/kulibin.com.ua

In that page is a section titled "URLs", which you have seen. At the bottom of the URLs section is a button labled "More". Click that button to display more URLs, then scroll down and click it again, and continue doing this until the button does not reappear. At that point, all URLs known to VirusTotal will be displayed. You can also test the bad links at
_https://zulu.zscaler.com/

Beneath the URLs section is a section titled "Downloaded Files", which displays two files, re-scanned on 2017/11/02, detected by 55/67 and 59/67 vendors as Win32 executables carrying ransom-ware.

With "custom 404" processing, much can happen between the initial page request and the final 404 page. In addition, some sites are rigged to return 404s to visitors who use restricted browsers (but do load the page in normal browsers) or who arrive from an unwanted IP range. Therefore, 404 does not necessarily mean that nothing (dangerous) is there. This page
_http://kulibin.com.ua/437gfinw2/?VjEVDX=NmyiwQvW
returns 404, but
_https://wget.alanreed.org/
reveals the entire 3,123-line source code of an advertising page with 438 Catalog links. I cannot believe that you want the search engines to ignore such pages as "not found".

You cited URLVoid. One can usually find at least one vendor that thinks his site is safe or, more likely, that has simply not yet noticed a few bad files among thousands in one web site among a billion web sites. Eleven vendors have not yet noticed the ransomware that was reported by 59 other vendors. It happens.

If only one outlying vendor consistently flagged your links, I might be convinced that it is reporting "false positives"; but when vendors such as Avira, Kaspersky, and Sophos consistently flag 28 of your links, and when two files actually downloaded from your site are heavily flagged for ransomware, then I simply don't trust your site.
[/quote]

Hello Myxt, thanks for the done analysis of the site and the time spent.
I wrote in support of Forcepoint ThreatSeeker that would be scanned the site and removed from the blacklist.
I just do not understand how Avira, Kaspersky and Sophos finds 28 links of such a plan _http: //kulibin.com.ua/437gfinw2/? Mjldennlhe = rmdhxgqwzv because they are not really on the site, and the 2 files that you indicated can not be found either.
Can you give a link to reports of antiviruses that find a suspicious code?
I shall be very grateful to you if you will prompt as to correct a situation with a site.
Thank you again for your time.

User avatar
Shumadzu
Posts: 14
Joined: Mon Jan 23, 2017 3:30 pm

Прошу в очередной раз переоценить сайт kulibin.com.ua

Post by Shumadzu » Mon Nov 13, 2017 7:59 am

Уважаемое сообщество прошу в очередной раз переоценить сайт, если у Вас негативная оценка просьба написать отзыв по какой причине у Вас сложилось такое мнение.
Хочу сразу описать ситуацию, которая была с сайтом, он был заражен вирусом в начале 2016 года в связи со взломом. В этот период были проделаны работы по обнаружению и удалению вредоносного кода.
В начале 2017 года я узнал о сервисе WOT и попросил оценить сайт, ближе к лету 2017 года у сайта был оранжевый цвет, но недавно он сменился на красный.
Начал анализировать и узнал, что несколько антивирусов занесли нас в черный список. Начал с ними вести переписку по пере сканированию сайта и удалению его с черных списков.
В итоге сервис _http://www.urlvoid.com/scan/kulibin.com.ua/ говорит, что остались проблемы с репутацией на сайте _https://www.mywot.com/ru/scorecard/kulibin.com.ua (то есть нужна переоценка сайта)
Другой же сервис _https://www.virustotal.com/#/url/a16fe8b486894f ... /detection говорит, что антивирус Forcepoint ThreatSeeker указывает что сайт относится к вредоносным (хотя бывает пишет что чистый, результат не постоянный).
Я написал в Forcepoint что бы они пере сканировали сайт и удалили по возможности его с черного списка. (_https://csi.forcepoint.com/Report/Index/0deb0044-4204-4fdf-8bfb-a82a00188c69)
Что касается отчета _https://www.virustotal.com/#/domain/kulibin.com.ua подозрительных урлов, например, _http://kulibin.com.ua/437gfinw2?VWpjKlioOW=Rnxbeh у нас таковых на сайте нет.
После переписки с техподдержкой virustotal по этому поводу они написали.
Доменные отчеты не являются вердиктами - иначе каждый сайт в интернете был бы плохим:
_https://www.virustotal.com/#/domain/google.com
_https://www.virustotal.com/#/domain/virustotal.com
_https://www.virustotal.com/#/domain/github.com
Пожалуйста, не считайте это злонамеренным вердиктом, это просто историческая запись.
Скриншот письма - _http://take.ms/4hdtJ
В связи с этим прошу объективно оценить сайт и просьба если у Вас негативная оценка опишите ее, а вообще я буду очень благодарен если Вы вкратце опишите как ее решить.
P.S. Потому как бывает ситуация ткнули носом в мусор, а как и куда убрать его не сказали. Всем спасибо за внимание.


Dear community, I ask you once again to reevaluate the site, if you have a negative evaluation, please write a review for what reason you have such an opinion.
I want to immediately describe the situation that was with the site, he was infected with the virus in early 2016 in connection with the breaking. During this period, work was done to detect and remove malicious code.
In early 2017, I learned about the WOT service and asked to evaluate the site, closer to the summer of 2017 the site had an orange color, but recently it changed to red.
I started to analyze and found out that several antiviruses brought us to the black list. I started to correspond with them by re-scanning the site and removing it from blacklists.
As a result, the service _http://www.urlvoid.com/scan/kulibin.com.ua/ says that there were problems with the reputation on the site _https://www.mywot.com/en/scorecard/kulibin.com.ua ( that is, re-evaluation of the site is needed)
Another service _https://www.virustotal.com/#/url/a16fe8b486894f ... /detection says that the Forcepoint ThreatSeeker antivirus indicates that the site is malicious (although it sometimes says that it's clean, the result is not permanent).
I wrote in Forcepoint that they would re-crawl the site and delete it from the blacklist if possible (_https://csi.forcepoint.com/Report/Index/0deb0044-4204-4fdf-8bfb-a82a00188c69)
As for the report _https://www.virustotal.com/#/domain/kulibin.com.ua of suspicious URLs, for example, _http://kulibin.com.ua/437gfinw2?VWpjKlioOW=Rnxbeh we do not have those on the site.
After correspondence with tech support virustotal on this occasion, they wrote.
Domain reports are not verdicts - otherwise, every site on the Internet would be bad:
_https://www.virustotal.com/#/domain/google.com
_https://www.virustotal.com/#/domain/virustotal.com
_https://www.virustotal.com/#/domain/github.com
Please do not consider this a malicious verdict, it's just a historical record.
Screenshot of the letter - _http://take.ms/4hdtJ
In this regard, I ask objectively to evaluate the site and the request if there is a negative evaluation describe it, but in general I will be very grateful if you briefly describe how to solve it.
P.S. Because it happens the situation is poked a nose in the garbage, and how and where to remove it was not said. Thank you all for your attention.

User avatar
Shumadzu
Posts: 14
Joined: Mon Jan 23, 2017 3:30 pm

kulibin.com.ua

Post by Shumadzu » Wed Nov 15, 2017 8:53 am

Ребята неужели так трудно переоценить сайт, я понимаю что сайт был заражен вирусом и находило вредоносный код на нем, за что заслужено получил низкую оценку, но ведь сейчас сайт чист, неужели нельзя адекватно переоценить сайт. Прошу не равнодушных дать адекватную оценку сайту.
P.S. Прям игнор какой то получается :(

expert-pro
Posts: 50
Joined: Thu Jul 13, 2017 10:52 am

RE: kulibin.com.ua

Post by expert-pro » Wed Nov 15, 2017 11:52 am

Сайт не оценивал, но:
1. Ничего не нашёл про политику конфиденциальности.
2. Выдержка из ваших условий использования: «В качестве первоисточников для материалов, представленных на сайте kulibin.com.ua, мы используем официальные сайты производителей и дистрибьюторов, технические паспорта и руководства пользователей, а также материалы, которые нам предоставляют [yellow]производители климатического оборудования[/yellow] непосредственно.»
А на сайте у вас инструменты.
В целом, интернет-магазин удобный.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest