Suspicious Url: 50.28.15.23 , Engineersedge.com

1. Suspicious Url
2. Reported by neonprimetime security
3. http://neonprimetime.blogspot.com
4.  
5.  
6. ****
7.  
8. Likely a false positive
9.  
10. ****
11.  
12. Snort Rules Matched
13.  
14. INDICATOR-SHELLCODE unescape encoded shellcode (1:25639)
15. INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (1:21039)
16.  
17. ****
18.  
19. 50.28.15.23
20. www.engineersedge.com/denied.html
21.  
22. ****
23.  
24. Content BEFORE decoding
25.  
26. <script language=JavaScript>document.write(unescape('%0d%0a %20%3c%73cript%20l%61%6e%67uage=ja%76a%73c%72%69%70%74%3e%0d%0a%20   if(%77indow.loca%74ion.h%72e%66.substri%6eg%280,4)%21%3d%27htt%70%27)%77%69ndow.lo%63atio%6e = %27http%3a/%2fwww.engin%65%65%72sedge.com/d%65nied%2ehtm%6c%27;%0d%0a%20 %3c/s%63ript%3e%0d%0a%0d%0a%0d%0a%3cscript %6cangu%61ge=%22javascript"%3e%0d%0a %0d%0a%0d%0avar c%6f%20= %6e%65%77%20Objec%74;%0d%0afun%63%74i%6fn rec%61l%63%5fonclick(ctl) {%0d%0a  %69f (%74rue) {%0d%0a%0d%0a%0d%0aco%2ep%31B3=ee%70%61rseF%6coa%74(do%63ument.fo%72m%63.p1%423.%76%61lue);%63o.p1%424=ee%70ars%65Float(%64ocument.for%6dc.p1B4.v%61lue);co.p1B9=eepar%73e%46l%6f%61t%28documen%74%2efor%6dc%2ep1B%39.value%29%3bco%2e%701B%310=eepa%72%73eFloat(%64ocumen%74%2eform%63.%701B1%30.v%61lu%65);cal%63%28%63o);d%6fcum%65nt%2e%66%6frm%63.p1B6%2e%76alu%65=eedi%73play%46%6co%61%74ND(co.p1B6%2c%33);documen%74.f%6f%72%6dc%2ep%31B12.val%75e=eedis%70layF%6coatND(co.p1%421%32,%33);%0d%0a}%3b};%0d%0a%0d%0a%0d%0av%61r %65eisus=1;%76ar%20ee%74ru%65%3d"%54R%55E"%3b%76ar %65efal%73e="FALSE"%3bv%61r e%65dec=".";%76%61r eeth=%22,";var eed%65cr%65g%3dnew%20Re
27.  
28.  
29.  
30. ****
31.  
32. Content AFTER decoding
33.  
34. <script language=JavaScript>document.write(unescape('
35.   <script language=javascript>
36.     if(window.location.href.substring(0,4)!='http')window.location = 'http://www.engineersedge.com/denied.html';
37.   </script>
38.  
39.  
40. <script language="javascript">
41.  
42.  
43. var co = new Object;
44. function recalc_onclick(ctl) {
45.   if (true) {
46.  
47.  
48. co.p1B3=eeparseFloat(document.formc.p1B3.value);co.p1B4=eeparseFloat(document.formc.p1B4.value);co.p1B9=eeparseFloat(document.formc.p1B9.value);co.p1B10=eeparseFloat(document.formc.p1B10.value);calc(co);document.formc.p1B6.value=eedisplayFloatND(co.p1B6,3);document.formc.p1B12.value=eedisplayFloatND(co.p1B12,3);
49. };};
50.  
51.  
52. var eeisus=1;var eetrue="TRUE";var eefalse="FALSE";var eedec=".";var eeth=",";var eedecreg=new Re