Malware Scanner report for javascriptfiles.50plusser.nl

Malicious/Suspicious/Total urls checked: 6/0/18

6 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/12/12

12 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://javascriptfiles.50plusser.nl/	HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 12 Jun 2014 00:41:07 GMT Pragma: no-cache Location: http://www.50plusser.nl/ Server: Apache/2.2.15 (CentOS) Content-Language: nl Content-Length: 48 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=h58rnj79d6fhujassk2nl9l0d2; expires=Sun, 22-Jun-2014 00:41:07 GMT; path=/ X-Powered-By: PHP/5.3.3	clean
http://www.50plusser.nl/	200 OK Content-Length: 120316 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1? <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord= <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://javascriptfiles.50plusser.nl/includes/jquery.js?1347021349	200 OK Content-Length: 91341 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/includes/imageslider/scripts.js	200 OK Content-Length: 3692 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/includes/prettyphoto/js/jquery.prettyPhoto.js?1347021451	200 OK Content-Length: 21852 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/includes/javascripts.js?1382447358	200 OK Content-Length: 19335 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/includes/uploadify/swfobject.js	200 OK Content-Length: 10220 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/includes/uploadify/jquery.uploadify.v2.1.0.min.js	200 OK Content-Length: 7563 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/includes/ajax.js	200 OK Content-Length: 1932 Content-Type: text/javascript	clean
http://s7.addthis.com/js/300/addthis_widget.js	200 OK Content-Length: 6871 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/?page=wachtwoord	HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 12 Jun 2014 00:41:11 GMT Pragma: no-cache Location: http://www.50plusser.nl/?page=wachtwoord Server: Apache/2.2.15 (CentOS) Content-Language: nl Content-Length: 64 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=3eb8k8jfji47vqq7krsvaaalk0; expires=Sun, 22-Jun-2014 00:41:11 GMT; path=/ X-Powered-By: PHP/5.3.3	clean
http://www.50plusser.nl/?page=wachtwoord	200 OK Content-Length: 82013 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1? <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord= <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://www.google.nl/cse/brand?form=cse-search-box&lang=nl	200 OK Content-Length: 2502 Content-Type: text/javascript	clean
http://javascriptfiles.50plusser.nl/?page=gratisaanmelden	HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 12 Jun 2014 00:41:12 GMT Pragma: no-cache Location: http://www.50plusser.nl/?page=gratisaanmelden Server: Apache/2.2.15 (CentOS) Content-Language: nl Content-Length: 69 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=mq01slfs08jsh3la8s9j7v9h15; expires=Sun, 22-Jun-2014 00:41:12 GMT; path=/ X-Powered-By: PHP/5.3.3	clean
http://www.50plusser.nl/?page=gratisaanmelden	200 OK Content-Length: 120361 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord= <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1? <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1?" width="1" height="1" frameborder="0" style="display:none">
http://www.50plusser.nl/?page=magazine&p=artikelen&article_id=5926	200 OK Content-Length: 143414 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord= <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1? <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1?" width="1" height="1" frameborder="0" style="display:none">
http://www.50plusser.nl/?page=magazine	200 OK Content-Length: 115819 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1? <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord= <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://www.50plusser.nl/?page=magazine&p=artikelen&article_id=7406	200 OK Content-Length: 97758 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1? <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord= <iframe src="http://4257210.fls.doubleclick.net/activityi;src=4257210;type=invmedia;cat=mquunhmj;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: javascriptfiles.50plusser.nl

Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 12 Jun 2014 00:41:07 GMT
Pragma: no-cache
Location: http://www.50plusser.nl/
Server: Apache/2.2.15 (CentOS)
Content-Language: nl
Content-Length: 48
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=h58rnj79d6fhujassk2nl9l0d2; expires=Sun, 22-Jun-2014 00:41:07 GMT; path=/
X-Powered-By: PHP/5.3.3

...48 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: javascriptfiles.50plusser.nl
Referer: http://www.google.com/search?q=javascriptfiles.50plusser.nl

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=javascriptfiles.50plusser.nl

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://javascriptfiles.50plusser.nl/

Result: javascriptfiles.50plusser.nl is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for javascriptfiles.50plusser.nl

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools