Is there an online Sandbox to check URL's?

Toggle sidebar Toggle sidebar
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
You can scan a URL with Virustotal.com, but a "clean site" report from there doesn't necessarily mean it's 100% safe.

Edit: Also, that host is down right now. It's possible that your wife got a phishing email, and the senders had compromised the mpssi.com domain and were using it to host something malicious. Do you know if the site was up when your wife clicked the link? Did she get to a page in her browser?
 
Last edited:

Ryland

Platinum Member
Aug 9, 2001
2,818
13
81
seepy83 said:
You can scan a URL with Virustotal.com, but a "clean site" report from there doesn't necessarily mean it's 100% safe.

Edit: Also, that host is down right now. It's possible that your wife got a phishing email, and the senders had compromised the mpssi.com domain and were using it to host something malicious. Do you know if the site was up when your wife clicked the link? Did she get to a page in her browser?
Click to expand...

Thanks and it came back as clean so nothing really useful.

She said that the browser never showed a page and that she closed the tab within a few seconds when she realized she shouldnt have done it.
 
J

JBT

Lifer
Nov 28, 2001
12,095
1
81
The blank page could have been enough to compromise her system. A 404 would have been a good thing...
 

Kaido

Elite Member & Kitchen Overlord
Feb 14, 2004
48,518
5,340
136
Ryland said:
My wife clicked a link in an email from "Target" which doesnt look like it really does anything but wanted to verify that. Does anybody know of an online phising/malware, etc checker that would open the link and see what it does?
Click to expand...

I'd recommend just using Avast SafeZone, part of their antivirus suite. Virtualized Chrome browser, separate from your system. Biggest downside is that it only runs fullscreen. You can reset the VM anytime you want back to scratch. Nice safe way to do the Internet if you don't watch to switch to a Chromebook or Mac.
 

John Connor

Lifer
Nov 30, 2012
22,840
617
121
If you're using Thunderbird add the addon Dr.Web Anti-Virus Link Checker. Bitdefender Free will stop you from visiting a site that has malware too.
 
R

russ6150

Junior Member
Dec 13, 2016
7
0
6
I just joined this forum so that I could reply to the OP (better late than never!)

base64 decode the value for t in your supplied URL and you will see that it contains shellcode. You can see the x before each hex value, also RS and ACK appear in clear text - these are flags used in TCP (Usually 'reset' = 'R', but maybe this is different)

It is not uncommon for hex values to appear in legit URLs, however they are usually preceded by a '%'. When you see an 'x' used, (plus the filter evasion done by the base64 encoding), you can be fairly certain it's shellcode. And shellcode in a URL is never a good thing.

Cheers!
Russ
 

Kaido

Elite Member & Kitchen Overlord
Feb 14, 2004
48,518
5,340
136
Ryland said:
My wife clicked a link in an email from "Target" which doesnt look like it really does anything but wanted to verify that. Does anybody know of an online phising/malware, etc checker that would open the link and see what it does?

The link from the email was: http://mpssi.com/results/option.php?t=qqrS0FRmS0k5QshtfD1T9z7SSmGYtQ8dxlkeBujHyOs=
Click to expand...

Old thread that got bumped, but one workaround is to use a browser testing site for web developers, like this one:

https://www.browserling.com/

You have to pay for Win7 access, but Vista & Chrome is reasonably quick. Paste in your link & go! Basically runs it in a VM with an in-browser RDP session, nothing downloads to your computer.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |