El Blog de Hangaro: Virus Total .. security community .. Analyze out-date ! . . 2da prueba

Virus Total .. security community .. Analyze out-date ! . . 2da prueba . .
..
Por desgracia los de Virus Total se enojan si andas ingresando tanto al ir viendo sus reportes de resultados . . XD . . me dejaron fuera de su servicio y me arrollaron con recaptchas despues de unos cuantos analisis .. como 500 urls XD ..
{ "error": { "code": "RecaptchaRequiredError", "message": "Please re-send request with a valid
reCAPTCHA response in the \"x-recaptcha-response\" header" } } . . .
.

.
Por tal motivo solo hay que pedir ver resultados de VT a los que tengan positivos; perdiendo la opcion de los marcados como sospechozos; que no aparecen como positivos. . :C
.. .. como :...
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: s0.wp.com
Fecha: 2019-03-25 "detection-ratio">0/66<
2019-03-25 han transcurridos 3 dias desde el ultimo analisis
"CLEAN MX":
> "result": "suspicious"
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: secure.gravatar.com
Fecha: 2019-03-27 "detection-ratio">0/66<
2019-03-27 han transcurridos 1 dias desde el ultimo analisis
"Quttera":
> "result": "suspicious"
= = = = = = = = = = = = = = = = = = = = = = = = =
. ..
Tambien decido utilizar un buffer de ultimos urls analizados para bajar la carga de pedidos VT y evitar se me niegue el servicio.
. ..
En linea punteada como quedo el arreglo; aplicado al Privoxy-log (revise entradas anteriores al respecto) ..::
#----------------------------------------------------------------------
# Ejecutar Powershell en folder de Privoxy-log
#----------------------------------------------------------------------
#Tomar las ultimas 100 lineas de "privoxy.log" dejando solo los "Request:" (son los que cruzaron privoxy); y eliminar urls seguras
$urlss = @("\.google\.com", "\.googlevideo\.com", "\.googleapis\.com", "\.gstatic\.com", "\.youtube\.com", "\.virustotal\.com", "myip\.es", "\.yimg\.com")
Get-Content "privoxy.log" | Select-Object -Last 100 | Select-String -Pattern "Request:" | Foreach-Object {$_ -Replace('.+ Request: ', '')} | Foreach-Object {$_ -Replace('\/+.+$', '')} | Foreach-Object {$_ -Replace(':\d+\/$', '')} | Foreach-Object {$_ -Replace('\/$', '')} | Sort-Object -Unique | Select-String -notmatch $urlss | set-content "privoxy100.tmp"
#
# seccion Privoxy-VT-Buffer .. (1 de 2)
# vericar que exista el "Privoxy-VT-Buffer.log"; si no crearlo
if (!(Test-Path "Privoxy-VT-Buffer.log")) { New-Item "Privoxy-VT-Buffer.log" }
# descartar analisis recientes revisando el "Privoxy-VT-Buffer.log"
$AR = Get-Content "Privoxy-VT-Buffer.log" | Sort-Object -Unique
(Get-Content "privoxy100.tmp" -ErrorAction SilentlyContinue ) | Select-String -notmatch $AR | Out-File "privoxy100.tmp"
#
# evitar error de no producirce "privoxy100.tmp" if-else
if ( Test-Path "privoxy100.tmp" ) {
#
#Analizandolas en "VirusTotal"
$URLList = Get-Content "privoxy100.tmp" | ? {$_.trim() -ne "" }
Foreach($Urll in $URLList)
{
# Borrar temporales .tmp
Remove-Item "result-vt.tmp", "resultN-vt.tmp", "vt-vanalisis.tmp" -ErrorAction SilentlyContinue
#
Write-Host " = = = = = = = = = = = = = = = = = = = = = = = = = "
$counter = 1
while (($counter -lt 3) -and !(Test-Path "result-vt.tmp")) {
#
$Uri = $Urll | foreach {"https://www.virustotal.com/es/url/submission/?force=1&url=" + $_ }
$web = Invoke-WebRequest -Proxy 'http://127.0.0.1:8118' -Uri $Uri
$lines = @(".+last-analysis-date..\d+", "detection-ratio..\d+", ".+btn-url-reanalyse.", ".+btn-url-view-last-analysis.")
$web.tostring() -split "[`r`n]" | select-string -Pattern $lines | Foreach-Object {$_ -Replace('^.+id=','')} | Foreach-Object {$_ -Replace('\/span.+$','')} | Set-Content "result-vt.tmp"
Start-Sleep -Seconds 4
$path = "result-vt.tmp"
$counter++
}
# VT detection-ratio
$dr = get-content "result-vt.tmp" | select-string -Pattern '.detection-ratio..\d+'
# viendo fecha de analisis
$VTdate = get-content "result-vt.tmp" | select-string -Pattern 'last-analysis-date' | Foreach-Object {$_ -Replace('^.+date..','')} | Foreach-Object {$_ -Replace('\s\d+\:\d+\:\d+.$','')}
$Newdate = Get-Date -format yyyy-MM-dd
$VTdays = (New-TimeSpan -Start $VTdate -End $Newdate).Days
Write-Host " Url: $Urll "
Write-Host " Fecha: $VTdate $dr"
Write-Host " $VTdate dias transcurridos $VTdays desde el ultimo analisis"
#
# si el analisis es mas viejo de 120 dias se reanalizar de lo contrario solo se veran resultados
if ($VTdays -gt 120) {
# si el analisis es viejo Reanalizando
Write-Host " El analisis tiene mas de 4 meses; pidiendo a VT re-analize "
$VTreanalizar = get-content "result-vt.tmp" | select-string -Pattern '^.btn-url-reanalyse.' | Foreach-Object {$_ -Replace('^.+href=..','')} | Foreach-Object {$_ -Replace('..$','')}
$Urir = $VTreanalizar | foreach {"https://www.virustotal.com/" + $_ }
Invoke-WebRequest -Proxy 'http://127.0.0.1:8118' -Uri $Urir | Out-Null
# Refresh
Start-Sleep -Seconds 6
# ver nuevos resultados
$web = Invoke-WebRequest -Proxy 'http://127.0.0.1:8118' -Uri $Uri
$lines = @(".+last-analysis-date..\d+", "detection-ratio..\d+", ".+btn-url-view-last-analysis.")
$web.tostring() -split "[`r`n]" | select-string -Pattern $lines | Foreach-Object {$_ -Replace('^.+id=','')} | Foreach-Object {$_ -Replace('\/span.+$','')} | Set-Content "resultN-vt.tmp"
#
# esperando; recheck every 3 seconds; que aparesca el archivo o se cumpla la cuenta
$counter = 0
while (($counter -lt 4) -and !(Test-Path "resultN-vt.tmp")) {
$counter++
start-sleep 2 }
#
# VT detection-ratio
$Ndr = get-content "resultN-vt.tmp" | select-string -Pattern '.detection-ratio..\d+'
$VTdate = get-content "resultN-vt.tmp" | select-string -Pattern 'last-analysis-date' | Foreach-Object {$_ -Replace('^.+date..','')} | Foreach-Object {$_ -Replace('\s\d+\:\d+\:\d+.$','')}
Write-Host " Fecha: $VTdate $Ndr"
#
# "viendo analisis; Detecciones . . . . . . . . . . . . "
$Ndrr = $Ndr | Foreach-Object {$_ -Replace('^.+detection-ratio..','')} | Foreach-Object {$_ -Replace('\/.+$','')}
if ($Ndrr -gt 0) {
$VTVerA = get-content "resultN-vt.tmp" | select-string -Pattern 'btn-url-view-last-analysis' | Foreach-Object {$_ -Replace('^.+href=..es.url.','ui/urls/')} | Foreach-Object {$_ -Replace('\/analysis.+$','?relationships=last_serving_ip_address,network_location') }
$UriVerA = $VTVerA | foreach {"https://www.virustotal.com/" + $_ }
$web = Invoke-WebRequest -Proxy 'http://127.0.0.1:8118' -Uri $UriVerA
$web.tostring() -split "[`r`n]" | select-string -Pattern '.result.: .[abd-tvz].+' -Context 6,0 | Set-Content "vt-vanalisis.tmp"
#
get-content "vt-vanalisis.tmp" -ErrorAction SilentlyContinue | Where-Object {$_ -notmatch 'category'} | Where-Object {$_ -notmatch 'engine_'} | Where-Object {$_ -notmatch 'method'} | Foreach-Object {$_ -Replace('{$','') } | Write-Host
}
}
else {
# "viendo analisis; Detecciones . . . . . . . . . . . . "
$drr = $dr | Foreach-Object {$_ -Replace('^.+detection-ratio..','')} | Foreach-Object {$_ -Replace('\/.+$','')}
if ($drr -gt 0) {
$VTVerA = get-content "result-vt.tmp" | select-string -Pattern 'btn-url-view-last-analysis' | Foreach-Object {$_ -Replace('^.+href=..es.url.','ui/urls/')} | Foreach-Object {$_ -Replace('\/analysis.+$','?relationships=last_serving_ip_address,network_location') }
$UriVerA = $VTVerA | foreach {"https://www.virustotal.com/" + $_ }
$web = Invoke-WebRequest -Proxy 'http://127.0.0.1:8118' -Uri $UriVerA
$web.tostring() -split "[`r`n]" | select-string -Pattern '.result.: .[abd-tvz].+' -Context 6,0 | Set-Content "vt-vanalisis.tmp"
#
get-content "vt-vanalisis.tmp" -ErrorAction SilentlyContinue | Where-Object {$_ -notmatch 'category'} | Where-Object {$_ -notmatch 'engine_'} | Where-Object {$_ -notmatch 'method'} | Foreach-Object {$_ -Replace('{$','') } | Write-Host
}
}
Write-Host " = = = = = = = = = = = = = = = = = = = = = = = = = "
}
# seccion Privoxy-VT-Buffer .. (2 de 2)
# si se superan los 2 KB "Privoxy-VT-Buffer.log" eliminara las primeras-lineas 5 hasta que sea menor
# 2 KB aprox 50 lineas
$file = Get-Item "Privoxy-VT-Buffer.log"
$Size = $file.Length / 1KB
if($Size -gt 2) { (Get-Content "Privoxy-VT-Buffer.log") | Select-Object -Skip 2 | set-content "Privoxy-VT-Buffer.log" }
# agregar urls recien analizadas a "Privoxy-VT-Buffer.log"
Add-Content "Privoxy-VT-Buffer.log" -Value (Get-Content "privoxy100.tmp")
(Get-Content "Privoxy-VT-Buffer.log") | ? {$_.trim() -ne "" } | Out-File "Privoxy-VT-Buffer.log"
}
else {
# evitar error de no producirce "privoxy100.tmp" if-else
Write-Host ' Log Sin Cambios '
}
#
# - - -
#Resultados positivos añadirlos a la lista de bloqueo de "privoxy"
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Borrar temporales .tmp
Remove-Item *.tmp -ErrorAction SilentlyContinue
# Limpíar variables
Clear-variable -Name "Ipp", "IP", "Uri", "web", "Urii", "webb", "Urll", "URLList", "results", "VTList", "dt", "drr", "dr", "AR" -ErrorAction SilentlyContinue
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Imagen inferior como lucen los resultados.
.

. abajo mas resultados ..::
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: algarabia.com
Fecha: 2018-10-08 "detection-ratio">0/67<
2018-10-08 dias transcurridos 174 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: c.disquscdn.com
Fecha: 2019-03-22 "detection-ratio">1/69<
2019-03-22 dias transcurridos 9 desde el ultimo analisis
"CRDF":
> "result": "malicious"
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: s.ytimg.com
Fecha: 2019-03-29 "detection-ratio">1/66<
2019-03-29 dias transcurridos 2 desde el ultimo analisis
"AutoShun":
> "result": "malicious"
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: cocinaycomparte.com
Fecha: 2018-11-28 "detection-ratio">0/66<
2018-11-28 dias transcurridos 123 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: d19df3uvvqx3w2.cloudfront.net
Fecha: 2019-03-27 "detection-ratio">0/66<
2019-03-27 dias transcurridos 4 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: disqus.com
Fecha: 2019-03-28 "detection-ratio">0/66<
2019-03-28 dias transcurridos 3 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: graphql.api.dailymotion.com
Fecha: 2019-03-08 "detection-ratio">0/66<
2019-03-08 dias transcurridos 23 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: lee-algarabia.disqus.com
Fecha: 2019-03-27 "detection-ratio">0/66<
2019-03-27 dias transcurridos 4 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: proxy-13.sv6.dailymotion.com
Fecha: 2018-12-19 "detection-ratio">0/66<
2018-12-19 dias transcurridos 102 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: s1-ssl.dmcdn.net
Fecha: 2019-03-11 "detection-ratio">0/66<
2019-03-11 dias transcurridos 20 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: s2-ssl.dmcdn.net
Fecha: 2019-03-08 "detection-ratio">0/66<
2019-03-08 dias transcurridos 23 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: static1.dmcdn.net
Fecha: 2019-03-14 "detection-ratio">0/66<
2019-03-14 dias transcurridos 17 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: static2-ssl.dmcdn.net
Fecha: 2019-03-08 "detection-ratio">0/66<
2019-03-08 dias transcurridos 23 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: www.abcradio.com.mx
Fecha: 2018-01-08 "detection-ratio">0/66<
2018-01-08 dias transcurridos 447 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: www.dailymotion.com
Fecha: 2019-03-30 "detection-ratio">0/66<
2019-03-30 dias transcurridos 1 desde el ultimo analisis
= = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = =
Url: cdn.hobbyconsolas.com
Fecha: 2018-01-10 "detection-ratio">0/66<
2018-01-10 dias transcurridos 445 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
= = = = = = = = = = = = = = = = = = = = = = = = =
..
..
La seccion de revision a VT es transferible a otras utilidades; abajo resultados con "Netstat"
.. abajo resultados
- - - - - - - - - - - - - - - - - - - - -
Direccion IP: 104.25.12.30
Registro PTR:
Organizacion: Cloudflare
ISP: Cloudflare
Ciudad:
Pais: United States
Estado:
Url: 104.25.12.30
Fecha: 2018-11-14 "detection-ratio">0/66<
2018-11-14 dias transcurridos 137 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
C:\Users\xxxxx\ProgramasPortab\privoxy.exe
. . . . . . . netstat . . . . . . .
Proto Dirección local Dirección remota Estado PID

TCP 192.168.0.109:8641 104.25.12.30:443 ESTABLISHED 5200
TCP 192.168.0.109:8642 104.25.12.30:443 ESTABLISHED 5200
TCP 192.168.0.109:8651 104.25.12.30:443 ESTABLISHED 5200
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - -
Direccion IP: 172.217.11.78
Registro PTR: lax17s34-in-f14.1e100.net
Organizacion: Google
ISP: Google
Ciudad:
Pais: United States
Estado:
Url: 172.217.11.78
Fecha: 2019-02-25 "detection-ratio">0/66<
2019-02-25 dias transcurridos 34 desde el ultimo analisis
C:\Users\xxxxx\ProgramasPortab\privoxy.exe
. . . . . . . netstat . . . . . . .
Proto Dirección local Dirección remota Estado PID
TCP 192.168.0.109:8677 172.217.11.78:443 ESTABLISHED 5200
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - -
Direccion IP: 178.154.131.216
Registro PTR: static.yandex.net
Organizacion: YANDEX LLC
ISP: YANDEX LLC
Ciudad:
Pais: Russia
Estado:
Url: 178.154.131.216
Fecha: 2019-01-23 "detection-ratio">0/66<
2019-01-23 dias transcurridos 67 desde el ultimo analisis
C:\Users\xxxxx\ProgramasPortab\privoxy.exe
. . . . . . . netstat . . . . . . .
Proto Dirección local Dirección remota Estado PID
TCP 192.168.0.109:8658 178.154.131.216:443 ESTABLISHED 5200
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - -
Direccion IP: 2.18.175.181
Registro PTR: a2-18-175-181.deploy.static.akamaitechnologies.com
Organizacion: Akamai Technologies
ISP: Akamai Technologies
Ciudad:
Pais:
Estado:
Url: 2.18.175.181
Fecha: 2018-02-23 "detection-ratio">0/67<
2018-02-23 dias transcurridos 401 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
C:\Users\xxxxx\ProgramasPortab\privoxy.exe
. . . . . . . netstat . . . . . . .
Proto Dirección local Dirección remota Estado PID
TCP 192.168.0.109:8682 2.18.175.181:80 ESTABLISHED 5200
TCP 192.168.0.109:8684 2.18.175.181:443 ESTABLISHED 5200
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - -
Direccion IP: 205.185.208.52
Registro PTR: vip052.ssl.hwcdn.net
Organizacion: Highwinds Network Group
ISP: Highwinds Network Group
Ciudad: Phoenix
Pais: United States
Estado: Arizona
Url: 205.185.208.52
Fecha: 2019-03-13 "detection-ratio">0/66<
2019-03-13 dias transcurridos 18 desde el ultimo analisis
C:\Users\xxxxx\ProgramasPortab\privoxy.exe
. . . . . . . netstat . . . . . . .
Proto Dirección local Dirección remota Estado PID
TCP 192.168.0.109:8640 205.185.208.52:443 ESTABLISHED 5200
TCP 192.168.0.109:8690 205.185.208.52:443 ESTABLISHED 5200
- - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - -
Direccion IP: 207.244.80.182
Registro PTR:
Organizacion: Leaseweb USA
ISP: Leaseweb USA
Ciudad: Manassas
Pais: United States
Estado: Virginia
Url: 207.244.80.182
Fecha: 2018-10-15 "detection-ratio">0/67<
2018-10-15 dias transcurridos 167 desde el ultimo analisis
El analisis tiene mas de 4 meses; pidiendo a VT re-analize
Fecha: 2019-03-31 "detection-ratio">0/66<
C:\Users\xxxxx\ProgramasPortab\privoxy.exe
. . . . . . . netstat . . . . . . .
Proto Dirección local Dirección remota Estado PID
TCP 192.168.0.109:8654 207.244.80.182:443 ESTABLISHED 5200
TCP 192.168.0.109:8655 207.244.80.182:443 ESTABLISHED 5200
TCP 192.168.0.109:8668 207.244.80.182:443 ESTABLISHED 5200
TCP 192.168.0.109:8669 207.244.80.182:443 ESTABLISHED 5200
TCP 192.168.0.109:8672 207.244.80.182:443 ESTABLISHED 5200
TCP 192.168.0.109:8673 207.244.80.182:443 ESTABLISHED 5200
TCP 192.168.0.109:8679 207.244.80.182:443 ESTABLISHED 5200
- - - - - - - - - - - - - - - - - - - - -

Automatizado todo solo queda dar un par de teclazos . . :D

El Blog de Hangaro

domingo, 31 de marzo de 2019

Virus Total .. security community .. Analyze out-date ! . . 2da prueba

No hay comentarios.:

Publicar un comentario