Author Topic: Heavily obfuscated site  (Read 3114 times)

0 Members and 1 Guest are viewing this topic.

July 06, 2009, 10:17:39 pm
Read 3114 times

Shawn Jefferson

  • Newbie

  • Offline
  • *

  • 8
I don't believe that this site is actually hosting or redirecting to any malware, but it's heavily obfuscated and it set off my IDS system this weekend.  I haven't decoded it successfully yet though, so I can't be completely sure it's not doing something bad.  Going to the site on an analysis machine didn't show anything obviously bad.

Code: [Select]
http://www.amdo.org/
I guess they want to foil any email email harvesters and web crawlers (?). 


July 07, 2009, 12:05:47 am
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 07, 2009, 04:49:26 pm
Reply #2

Shawn Jefferson

  • Newbie

  • Offline
  • *

  • 8
Thanks!  I should have thought of running it through wepawet!  :-[

July 07, 2009, 05:33:13 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net