Hello, I clicked on a link on reddit. But there was nothing on the link that I went to except for some cryptic terms.

htxp://dpaste.com/2N8W90Z

When I clicked on it, this is all it said: sh.st/sOetd

Can someone from Avast visit that link and tell me if this a malicious website that tries to download something on to your computer? Or some crossscript site?

You can check it yourself.
http://www.ache.nl/ > scans & tests

info about site is found here http://dpaste.com/help/

supicious sites can be checked here
http://killmalware.com/
http://sitecheck.sucuri.net/
https://www.virustotal.com/

It actually starts up a web worker with the exact same file and communicates with itself back and forth, the browser version to the worker version. Not the first time this technique has been used but it’s still pretty new.

polonus

Thank you for those links to check the sites. I checked that site with VirusTotal and it didn’t find anything.

Is there any program out there that can tell me what contents will be downloaded from a website before I click a link? Like executable files or scripts or anything else?

Like a proxy program?

Hi Polonus.

So is this a bad website?

Did it download something on to my computer?

So far nothing has been found.

NO and NO

Thanks for your help guys.

This is what you downloaded:

dpaste: 2N8W90Z * .highlight .hll { background-color: #ffffcc } .highlight { background: #f8f8f8; } .highlight .c { color: #408080; font-style: italic } /* Comment */ .highlight .err { border: 1px solid #FF0000 } /* Error */ .highlight .k { color: #008000; font-weight: bold } /* Keyword */ .highlight .o { color: #666666 } /* Operator */ .highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */ .highlight .cp { color: #BC7A00 } /* Comment.Preproc */ .highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */ .highlight .cs { color: #408080; font-style: italic } /* Comment.Special */ .highlight .gd { color: #A00000 } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #FF0000 } /* Generic.Error */ .highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */ .highlight .gi { color: #00A000 } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */ .highlight .gt { color: #0044DD } /* Generic.Traceback */ .highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008000 } /* Keyword.Pseudo */ .highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #B00040 } /* Keyword.Type */ .highlight .m { color: #666666 } /* Literal.Number */ .highlight .s { color: #BA2121 } /* Literal.String */ .highlight .na { color: #7D9029 } /* Name.Attribute */ .highlight .nb { color: #008000 } /* Name.Builtin */ .highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */ .highlight .no { color: #880000 } /* Name.Constant */ .highlight .nd { color: #AA22FF } /* Name.Decorator */ .highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */ .highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0000FF } /* Name.Function */ .highlight .nl { color: #A0A000 } /* Name.Label */ .highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */ .highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #19177C } /* Name.Variable */ .highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mf { color: #666666 } /* Literal.Number.Float */ .highlight .mh { color: #666666 } /* Literal.Number.Hex */ .highlight .mi { color: #666666 } /* Literal.Number.Integer */ .highlight .mo { color: #666666 } /* Literal.Number.Oct */ .highlight .sb { color: #BA2121 } /* Literal.String.Backtick */ .highlight .sc { color: #BA2121 } /* Literal.String.Char */ .highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */ .highlight .s2 { color: #BA2121 } /* Literal.String.Double */ .highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */ .highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */ .highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */ .highlight .sx { color: #008000 } /* Literal.String.Other */ .highlight .sr { color: #BB6688 } /* Literal.String.Regex */ .highlight .s1 { color: #BA2121 } /* Literal.String.Single */ .highlight .ss { color: #19177C } /* Literal.String.Symbol */ .highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */ .highlight .vc { color: #19177C } /* Name.Variable.Class */ .highlight .vg { color: #19177C } /* Name.Variable.Global */ .highlight .vi { color: #19177C } /* Name.Variable.Instance */ .highlight .il { color: #666666 } /* Literal.Number.Integer.Long */ .highlight span:hover { background: #ff9 } .softwrap { white-space: pre-wrap; } h1 i { color: #888;}

New Yours API Help

11 bytes, Plain text

    Soft wrap Raw text Duplicate

</div>

1	sh.st/sOetd

Pasted an hour ago — Expires in 7 days URL: -http://dpaste.com/2N8W90Z

About dpaste.com

I downloaded it inside Malzilla and found it not to be malicious/suspicious. Check here: http://jsunpack.jeek.org/?report=325c5f35a806e0fd8bd6ccad101185f9160d2f44 (minor XML parser issues found)

polonus

P.S. This is most likely a FP - see * : https://www.virustotal.com/nl/url/dcefe40d4100151c10421b6846d1ea7df124d02beed8c73292b3fabe97d356c9/analysis/1423414805/

D