Scanned pages/files
Request | Server response | Status |
http://download.microsoft.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 14:56:39 GMT Location: http://www.microsoft.com/downloads Server: Microsoft-IIS/8.0 Content-Length: 157 Content-Type: text/html; charset=UTF-8 Content-Disposition: attachment X-N: S | clean |
http://www.microsoft.com/downloads | HTTP/1.1 301 Moved Permanently Cache-Control: private Date: Wed, 07 May 2014 14:56:39 GMT Location: /en-us/download/default.aspx Server: Microsoft-IIS/8.0 Content-Length: 145 Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" VTag: 279362742500000000 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/2.5 X-Powered-By: ASP.NET | clean |
http://www.microsoft.com/en-us/download/default.aspx | 200 OK Content-Length: 112862 Content-Type: text/html | clean |
http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js | 200 OK Content-Length: 94840 Content-Type: application/x-javascript | clean |
http://www.microsoft.com/library/svy/broker.js | 200 OK Content-Length: 37568 Content-Type: application/x-javascript | clean |
http://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=517a7087-9636-e078-8b13-a173049192f5_83a1f942-eaea-dba0-331d-aa6f17e466ba_d3bc9880-cc5f-f076-397b-64222c41edee_525283c5-3d35-4dd2-5a96-acaf933fab61_49488e0d-6ae2-5101-c995-f4d56443b1d8_0faa2be8-2e50-59c7-7a5b-2ee59edffbe1_38aa9ffb-ddb5-75be-6536-a58628f435f5_e3e65a0a-c133-43e7-571d-2293e03f85e6_4ca0e9dc-a4de-17ba-f0de-d1d346cb99e2_06310cd8-41c <span>...1023 symbols skipped</span> | 200 OK Content-Length: 94993 Content-Type: text/javascript | clean |
http://i.s-microsoft.com/library/capi/wt_capi.js | 200 OK Content-Length: 26259 Content-Type: application/x-javascript | clean |
http://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=6848d512-e14d-4e09-1194-5de6bc24cbe6_f3c4a4eb-d525-0def-8753-f4835e2f9949_8c693876-7ed8-69ec-3e44-be17b34be6b9_93007181-29a3-a626-49b7-12b98955254f_4200337d-a1fd-0b86-7ace-60bb19a65c23_2cd3c1f7-f2c9-ab4e-5b8e-4b4ff873ecaa_51077a6c-8fc6-7acc-1b57-af19d92ec422 | 200 OK Content-Length: 25948 Content-Type: text/javascript | clean |
http://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=1bec8aa9-e409-b738-fad4-cd9ba3c4141e | 200 OK Content-Length: 637 Content-Type: text/javascript | clean |
http://download.microsoft.com/en-us/download/ | 404 Not Found Content-Length: 1245 Content-Type: application/octet-stream | clean |
http://download.microsoft.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 07 May 2014 14:56:47 GMT Location: http://www.microsoft.com/downloads Server: Microsoft-IIS/8.0 Content-Length: 157 Content-Type: text/html; charset=UTF-8 Content-Disposition: attachment X-N: S | clean |
http://www.microsoft.com/test404page.js | 404 Not Found Content-Length: 57028 Content-Type: text/html | clean |
http://www.microsoft.com/Scripts/wt_capi.js | 404 Not Found Content-Length: 57028 Content-Type: text/html | clean |
http://www.microsoft.com/Scripts/site.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.microsoft.com/shared/core/2/js/js.ashx?c=oneMscomBlade | 200 OK Content-Length: 7133 Content-Type: text/javascript | clean |
http://www.microsoft.com/shared/core/2/js/js.ashx?pt=searchPage& | 200 OK Content-Length: 3 Content-Type: text/javascript | clean |
http://www.microsoft.com/shared/core/2/js/js.ashx?c=oneMscomFooter | 200 OK Content-Length: 12885 Content-Type: text/javascript | clean |
http://nexus.ensighten.com/msft/mscom/Bootstrap.js | 200 OK Content-Length: 15844 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ensightenOptions = { client: 'mscom', clientId: 457, ns: 'Bootstrapper', nexus: "nexus.ensighten.com" }; if ( ensightenOptions && !window[ensightenOptions.ns] ) { window[ensightenOptions.ns]=function(h){var c={},b={};c.version="2.0.3";c.nexus=h.nexus||"nexus.ensighten.com";c.options={interval:h.interval||100,erLoc:h.errorLocation||c.nexus+"/error/e.gif",scLoc:h.serverComponentLocation||c.nexus+"/"+h.client+"/serverComponent.php",sjPath:h.staticJavsc break;}};;}catch(e){Bootstrapper.reportException(e);}});Bootstrapper.globalRuleList='48900;75302;80770'; Bootstrapper.getServerComponent(); } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: download.microsoft.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 07 May 2014 14:56:39 GMT
Location: http://www.microsoft.com/downloads
Server: Microsoft-IIS/8.0
Content-Length: 157
Content-Type: text/html; charset=UTF-8
Content-Disposition: attachment
X-N: S
...157 bytes of data.
GET / HTTP/1.1
Host: download.microsoft.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 07 May 2014 14:56:39 GMT
Location: http://www.microsoft.com/downloads
Server: Microsoft-IIS/8.0
Content-Length: 157
Content-Type: text/html; charset=UTF-8
Content-Disposition: attachment
X-N: S
...157 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: download.microsoft.com
Referer: http://www.google.com/search?q=download.microsoft.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: download.microsoft.com
Referer: http://www.google.com/search?q=download.microsoft.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=download.microsoft.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://download.microsoft.com/
Result: download.microsoft.com is not infected or malware details are not published yet.
Result: download.microsoft.com is not infected or malware details are not published yet.