• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is there an online Sandbox to check URL's?

You can scan a URL with Virustotal.com, but a "clean site" report from there doesn't necessarily mean it's 100% safe.

Edit: Also, that host is down right now. It's possible that your wife got a phishing email, and the senders had compromised the mpssi.com domain and were using it to host something malicious. Do you know if the site was up when your wife clicked the link? Did she get to a page in her browser?
 
Last edited:
seepy83 said:
You can scan a URL with Virustotal.com, but a "clean site" report from there doesn't necessarily mean it's 100% safe.

Edit: Also, that host is down right now. It's possible that your wife got a phishing email, and the senders had compromised the mpssi.com domain and were using it to host something malicious. Do you know if the site was up when your wife clicked the link? Did she get to a page in her browser?
Click to expand...

Thanks and it came back as clean so nothing really useful.

She said that the browser never showed a page and that she closed the tab within a few seconds when she realized she shouldnt have done it.
 
The blank page could have been enough to compromise her system. A 404 would have been a good thing...
 
Ryland said:
My wife clicked a link in an email from "Target" which doesnt look like it really does anything but wanted to verify that. Does anybody know of an online phising/malware, etc checker that would open the link and see what it does?
Click to expand...

I'd recommend just using Avast SafeZone, part of their antivirus suite. Virtualized Chrome browser, separate from your system. Biggest downside is that it only runs fullscreen. You can reset the VM anytime you want back to scratch. Nice safe way to do the Internet if you don't watch to switch to a Chromebook or Mac.
 
If you're using Thunderbird add the addon Dr.Web Anti-Virus Link Checker. Bitdefender Free will stop you from visiting a site that has malware too.
 
I just joined this forum so that I could reply to the OP (better late than never!) 🙂

base64 decode the value for t in your supplied URL and you will see that it contains shellcode. You can see the x before each hex value, also RS and ACK appear in clear text - these are flags used in TCP (Usually 'reset' = 'R', but maybe this is different)

It is not uncommon for hex values to appear in legit URLs, however they are usually preceded by a '%'. When you see an 'x' used, (plus the filter evasion done by the base64 encoding), you can be fairly certain it's shellcode. And shellcode in a URL is never a good thing.

Cheers!
Russ
 
Ryland said:
My wife clicked a link in an email from "Target" which doesnt look like it really does anything but wanted to verify that. Does anybody know of an online phising/malware, etc checker that would open the link and see what it does?

The link from the email was: http://mpssi.com/results/option.php?t=qqrS0FRmS0k5QshtfD1T9z7SSmGYtQ8dxlkeBujHyOs=
Click to expand...

Old thread that got bumped, but one workaround is to use a browser testing site for web developers, like this one:

https://www.browserling.com/

You have to pay for Win7 access, but Vista & Chrome is reasonably quick. Paste in your link & go! Basically runs it in a VM with an in-browser RDP session, nothing downloads to your computer.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top