Scanned pages/files
| Request | Server response | Status |
http://shell.windows.com/ | HTTP/1.1 200 OK Date: Tue, 22 Jul 2014 13:44:16 GMT Accept-Ranges: bytes ETag: "e6896cf2c26bcf1:0" Server: Microsoft-IIS/8.0 Content-Length: 199 Content-Type: text/html Last-Modified: Fri, 09 May 2014 20:12:05 GMT X-Powered-By: ASP.NET | clean |
http://windows.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Tue, 22 Jul 2014 13:44:17 GMT Location: http://windows.microsoft.com/ Server: Microsoft-IIS/8.5 Content-Length: 23 Content-Type: text/html P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ASPSESSIONIDCARDDRTB=PKNNNNBCJGCOHDDFOIPLMJMO; path=/ X-Powered-By: ASP.NET X-UA-Compatible: IE=EmulateIE7 | clean |
http://windows.microsoft.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Date: Tue, 22 Jul 2014 13:44:17 GMT Location: http://windows.microsoft.com/en-us/windows/home Server: Microsoft-IIS/7.5 Content-Length: 110 Content-Type: text/html; charset=utf-8 Expires: Tue, 22 Jul 2014 13:54:18 GMT Last-Modified: Mon, 21 Jul 2014 22:00:55 GMT X-AspNet-Version: 4.0.30319 X-Content-Type-Options: nosniff X-Powered-By: ASP.NET X-UA-Compatible: IE=11 | clean |
http://windows.microsoft.com/en-us/windows/home | 200 OK Content-Length: 85237 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://view.atdmt.com/iaction/fy14_win8_windows_pageload_pl <iframe src="http://view.atdmt.com/iaction/fy14_win8_windows_pageload_pl" width="0" height="0" style="margin:0; border:none;"> | ||
http://windows.microsoft.com/scripts/4.2/wol/modernizr.wol.js | 200 OK Content-Length: 11837 Content-Type: text/javascript | clean |
http://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js | 200 OK Content-Length: 99202 Content-Type: application/x-javascript | clean |
http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.8.3.min.js | 200 OK Content-Length: 93637 Content-Type: application/x-javascript | clean |
http://shell.windows.com/scripts/4.2/wol/wol.common.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://shell.windows.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://js.microsoft.com/library/svy/windows/pre_broker.js | 200 OK Content-Length: 4383 Content-Type: application/x-javascript | clean |
http://js.microsoft.com/library/svy/windows/broker.js | 200 OK Content-Length: 15987 Content-Type: application/x-javascript | clean |
http://res2.windows.microsoft.com/resbox/en/windows/main/67706439-4969-4bc3-9e3b-50770f40b20e_42.js | 200 OK Content-Length: 1194 Content-Type: application/javascript | clean |
http://res2.windows.microsoft.com/resbox/en/windows/main/566128a7-5192-449d-99b0-11b4459eaf1d_8.js | 200 OK Content-Length: 637 Content-Type: application/javascript | clean |
http://res1.windows.microsoft.com/siteresources/siteresource.ashx?id=wolNotificationJS&hash=b803fb6b47dbaa3919c292ff3b405a5f93f07ccd413a81d86f12598fa342ac6d | 200 OK Content-Length: 3102 Content-Type: application/javascript | clean |
http://res1.windows.microsoft.com/resbox/en/6.2/main/1f9ad235-787b-42fa-bfb5-12f191dc0c23_38.js | 200 OK Content-Length: 6142 Content-Type: application/javascript | clean |
http://view.atdmt.com/jaction/FY14_Win8_Windows_PageLoad_PL | 200 OK Content-Length: 1 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shell.windows.com
Result:
HTTP/1.1 200 OK
Date: Tue, 22 Jul 2014 13:44:16 GMT
Accept-Ranges: bytes
ETag: "e6896cf2c26bcf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 199
Content-Type: text/html
Last-Modified: Fri, 09 May 2014 20:12:05 GMT
X-Powered-By: ASP.NET
...199 bytes of data.
GET / HTTP/1.1
Host: shell.windows.com
Result:
HTTP/1.1 200 OK
Date: Tue, 22 Jul 2014 13:44:16 GMT
Accept-Ranges: bytes
ETag: "e6896cf2c26bcf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 199
Content-Type: text/html
Last-Modified: Fri, 09 May 2014 20:12:05 GMT
X-Powered-By: ASP.NET
...199 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: shell.windows.com
Referer: http://www.google.com/search?q=shell.windows.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shell.windows.com
Referer: http://www.google.com/search?q=shell.windows.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shell.windows.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shell.windows.com/
Result: shell.windows.com is not infected or malware details are not published yet.
Result: shell.windows.com is not infected or malware details are not published yet.