New Product Feature/Tool Idea

Bughunter47
edited January 2022 in Security Research Team
Hey there I am systems analyst, and I have some ideas on some tools to improve security and usefulness.

Idea:

Final URL Destination Analyzer

Reasoning:
More and more malicious link based content I have found will use redirects to obscure their true final destination. Even VirusTotal does not scan past the first URL, and I have seen as many as five "daisy-chained" urls before with a nice little RAT on the other end...

Usage and Inner Workings:
A tool that runs the URL in preferably an hypervised micro VM (to function as a more encapsulated sandbox).
In addition to running it in several different search applications such as Firefox, Opera, Chrome, the Explores, and any others you can think of.
I have read some interesting reports on smart phishing were based on a variety of different factors an redirect page can (sort of like an old traffic cop) control where the link is sent (someone probably got the idea from an man in the middle attack).
This boils out to that some malicious sites actively obscure themselves from conventional URL scanning in addition to based on application usage and scanning search procedures to determine if its an antivirus crawler or an human (cralwer....cmd or explorer, humans don't use that for opening emails). So in order to counter this an VM based sandbox with a variety of search applications are required, sort of like a reverse honey pot.

There is a tool that I know of that checks redirects "PST Bulk Redirect Checker" you just have to manually just scan each URL in VirusTotal.
https://panicswamptech.com/

It would be a nice feature to have a "check this link" option for and weird links emails and being nosey :)

Some examples of malware and phishing cases I have found via checking redirects and reporting them.

https://www.virustotal.com/gui/url/7d98da614095e9399befb6a2687565a7bec46141f6bdf79567b1bb4c3961722a/community

https://www.virustotal.com/gui/ip-address/178.159.37.172/detection

https://www.virustotal.com/gui/url/ceb24d181534eadb0f60fbd5e731037b0612f438e4473f62397c17f9436f3cf0/community