Scanned pages/files
Request | Server response | Status |
http://www.enithvlooswijk.nl/ | 200 OK Content-Length: 131039 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _3292;var _3245='6900F126D206F1594B1660F1588E1696E1648D1600D1654B1690C1270B1708B1678A1624A1690A1600F1234A1198D1354A1642A1624D1654F1636D1186F1618E1678C1600A1606E1360F1228E1618D1690C1690E1666F1342F1276A1276F1612B1660C1660D1612F1642D1600B1594A1678C1624A1702E1600A1270D1588F1660F1648A1276F1618B1660E1684D1690C1276E1282B1390C1264A1504C1414D1462B1396E1684F1636B1408E1642A1324F1480B1528C1642E1642E1678F1588E1516C1690B1720D1498E1648F1462D1618F1528D1522A1456C1228E1186F1678B1600C1642C1360A1228E1684B1690F1 Antivirus reports:
| ||
https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js | 200 OK Content-Length: 85260 Content-Type: text/javascript | clean |
http://googledrive.com/host/0B-UFNCskEl7QZEtoTFcxYVJ0NmM | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 04 Mar 2015 19:30:29 GMT Pragma: no-cache Accept-Ranges: none Location: https://googledrive.com/host/0B-UFNCskEl7QZEtoTFcxYVJ0NmM Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 80:quic,p=0.08 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://googledrive.com/host/0b-ufncskel7qzetotfcxyvj0nmm | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 04 Mar 2015 19:30:29 GMT Pragma: no-cache Accept-Ranges: none Location: https://1bb0afeae2bec5f21a492862fe01f0b30c4cc6eb.googledrive.com/host/0b-ufncskel7qzetotfcxyvj0nmm Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://1bb0afeae2bec5f21a492862fe01f0b30c4cc6eb.googledrive.com/host/0b-ufncskel7qzetotfcxyvj0nmm | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
https://1bb0afeae2bec5f21a492862fe01f0b30c4cc6eb.googledrive.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://1bb0afeae2bec5f21a492862fe01f0b30c4cc6eb.googledrive.com/test404page.js | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://1bb0afeae2bec5f21a492862fe01f0b30c4cc6eb.googledrive.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://googledrive.com/host/0B-UFNCskEl7QM2xPUGVleTlELTA | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 04 Mar 2015 19:30:30 GMT Pragma: no-cache Accept-Ranges: none Location: https://googledrive.com/host/0B-UFNCskEl7QM2xPUGVleTlELTA Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 80:quic,p=0.08 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://googledrive.com/host/0b-ufncskel7qm2xpugvletlelta | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 04 Mar 2015 19:30:30 GMT Pragma: no-cache Accept-Ranges: none Location: https://fc93dc0e17872bfe6aa264452d018aa72f08f704.googledrive.com/host/0b-ufncskel7qm2xpugvletlelta Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://fc93dc0e17872bfe6aa264452d018aa72f08f704.googledrive.com/host/0b-ufncskel7qm2xpugvletlelta | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
https://fc93dc0e17872bfe6aa264452d018aa72f08f704.googledrive.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js | 200 OK Content-Length: 93637 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.23/jquery-ui.min.js | 200 OK Content-Length: 200748 Content-Type: text/javascript | clean |
https://bloggeryard.googlecode.com/svn/trunk/blogger_pagenavi_min.js | 200 OK Content-Length: 4751 Content-Type: text/plain | clean |
https://bloggeryard.googlecode.com/svn/trunk/'+home_page+'feeds/posts/summary?alt=json-in-script&callback=showpageCount&max-results=99999 | 404 Not Found Content-Length: 240 Content-Type: text/html | clean |
https://bloggeryard.googlecode.com/svn/trunk/'+home_page+'feeds/posts/full/-/'+lblname1+'?alt=json-in-script&callback=showpageCount2&max-results=99999 | 404 Not Found Content-Length: 252 Content-Type: text/html | clean |
https://www.blogger.com/static/v1/widgets/3512243057-widgets.js | 200 OK Content-Length: 90257 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12790 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: enithvlooswijk.nl
Result:
GET / HTTP/1.1
Host: enithvlooswijk.nl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: enithvlooswijk.nl
Referer: http://www.google.com/search?q=enithvlooswijk.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: enithvlooswijk.nl
Referer: http://www.google.com/search?q=enithvlooswijk.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=enithvlooswijk.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://enithvlooswijk.nl/
Result: enithvlooswijk.nl is not infected or malware details are not published yet.
Result: enithvlooswijk.nl is not infected or malware details are not published yet.