New scan:

Malware Scanner report for kannou.s1.freexy.net

Malicious/Suspicious/Total urls checked
2/0/17
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/18
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://kannou.s1.freexy.net/
200 OK
Content-Length: 22661
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var str1=<<EOT
<div align="center">
<table border="0">
<tr>
<td><iframe src="http://click.dtiserv2.com/Click882/3006010-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td>
<td><iframe src="http://click.dtiserv2.com/Click650/3103008-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td>
<td><iframe src="http://www.mmaaxx.com/
... 588 bytes are skipped ...
r><br><br>
</td>
</tr>
</table>
</div>
EOT
var str2=<<EOT
<iframe src="http://www.mmaaxx.com/carib/smapho/20060x/index04.html?affid=61755" width="310" height="190" frameborder="no" scrolling="no"></iframe>
<br />
<a href="http://click.dtiserv2.com/Click/1403002-403-61755" target="_blank"><img src="http://affiliate.dtiserv.com/image/h0930_m/1403002.jpg" border="0"></a>
EOT

Antivirus reports:

Ikarus
AdWare.JS.Pornpop
VIPRE
Malware.JS.Generic (JS)
Norman
Iframe.SJ

http://freexy.net/ad/ad.js
200 OK
Content-Length: 1799
Content-Type: application/javascript
clean
http://counter1.fc2.com/counter.php?id=964707
200 Ok
Content-Length: 2826
Content-Type: application/x-javascript
clean
http://freexy.net/ad/heredoc.js
200 OK
Content-Length: 2189
Content-Type: application/javascript
clean
http://kannou.s1.freexy.net/link2.html
200 OK
Content-Length: 8389
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var str1=<<EOT
<div align="center">
<table border="0">
<tr>
<td><iframe src="http://click.dtiserv2.com/Click882/3006010-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td>
<td><iframe src="http://click.dtiserv2.com/Click650/3103008-23-61755" width="120" height="90" frameborder="no" scrolling="no"></iframe></td>
<td><iframe src="http://www.mmaaxx.com/
... 588 bytes are skipped ...
r><br><br>
</td>
</tr>
</table>
</div>
EOT
var str2=<<EOT
<iframe src="http://www.mmaaxx.com/carib/smapho/20060x/index04.html?affid=61755" width="310" height="190" frameborder="no" scrolling="no"></iframe>
<br />
<a href="http://click.dtiserv2.com/Click/1403002-403-61755" target="_blank"><img src="http://affiliate.dtiserv.com/image/h0930_m/1403002.jpg" border="0"></a>
EOT

Antivirus reports:

Ikarus
AdWare.JS.Pornpop
VIPRE
Malware.JS.Generic (JS)
Norman
Iframe.SJ

http://kannou.s1.freexy.net/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Tue, 22 Apr 2014 02:34:33 GMT
Location: http://www.freexy.net/404.html
Server: Apache
Content-Length: 214
Content-Type: text/html; charset=iso-8859-1
clean
http://www.freexy.net/404.html
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Apr 2014 02:34:33 GMT
Accept-Ranges: bytes
ETag: "1c00b38-103-4cd3dd3442400"
Server: Apache
Content-Length: 259
Content-Type: text/html
Last-Modified: Tue, 30 Oct 2012 02:48:48 GMT
clean
http://www.sexpixbox.com/freexy2/sample/index.html
200 OK
Content-Length: 28808
Content-Type: text/html
clean
http://www.sexpixbox.com/iphone_redirect.js
200 OK
Content-Length: 892
Content-Type: application/x-javascript
clean
http://www.sexpixbox.com/urchin.js
200 OK
Content-Length: 21414
Content-Type: application/x-javascript
clean
http://www.sexpixbox.com/aaaaa/js/fav.js
200 OK
Content-Length: 602
Content-Type: application/x-javascript
clean
http://www.sexpixbox.com/google_analytics_6777018.js
200 OK
Content-Length: 431
Content-Type: application/x-javascript
clean
http://www.sexpixbox.com/aaaaa/sample/js/jquery.js
200 OK
Content-Length: 55272
Content-Type: application/x-javascript
clean
http://www.sexpixbox.com/aaaaa/sample/js/menu.js
200 OK
Content-Length: 340
Content-Type: application/x-javascript
clean
http://www.sexpixbox.com/aaaaa/sample/js/yuga.js
200 OK
Content-Length: 10238
Content-Type: application/x-javascript
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://mmaaxx.com/scroll_popup/scroll_popup.js
200 OK
Content-Length: 1049
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: kannou.s1.freexy.net

Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Apr 2014 02:34:27 GMT
Accept-Ranges: bytes
Server: Apache
Content-Type: text/html
Last-Modified: Tue, 01 May 2012 04:47:10 GMT
X-Powered-By: ModLayout/5.0
Second query (visit from search engine):
GET / HTTP/1.1
Host: kannou.s1.freexy.net
Referer: http://www.google.com/search?q=kannou.s1.freexy.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=kannou.s1.freexy.net

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kannou.s1.freexy.net/

Result: kannou.s1.freexy.net is not infected or malware details are not published yet.