Scanned pages/files
Request | Server response | Status |
http://champagnemultipose.com/ | HTTP/1.1 307 Temporary Redirect Date: Sat, 23 Aug 2014 01:04:26 GMT Location: http://www.pagesjaunes.fr Content-Length: 0 | clean |
http://www.pagesjaunes.fr/ | 200 OK Content-Length: 133130 Content-Type: text/html | clean |
http://static2.pagesjaunes.fr/scc/static_4.1425.5/js/pjh.min.js | 200 OK Content-Length: 124063 Content-Type: application/x-javascript | clean |
http://dlive.pagesjaunes.fr/RealMedia/ads/adstream_jx.ads/push.mktr.hp/YES/d075/L07505600@Top | 200 OK Content-Length: 3165 Content-Type: application/x-javascript | clean |
http://static2.pagesjaunes.fr/scc/static_4.1425.5/js/xtcore.js | 200 OK Content-Length: 21669 Content-Type: application/x-javascript | clean |
http://dlive.pagesjaunes.fr/pagesjaunes/pjsbx.js | 200 OK Content-Length: 9 Content-Type: application/x-javascript | clean |
http://static2.pagesjaunes.fr/scc/static_4.1425.5/js/clobs.js?id=pages-jaunes&i=9&ra=10&20111026 | 200 OK Content-Length: 22501 Content-Type: application/x-javascript | clean |
http://www.pagesjaunes.fr/bva/track.js | 200 OK Content-Length: 15105 Content-Type: application/x-javascript | clean |
http://static2.pagesjaunes.fr/scc/static_4.1425.5/js/pjf.min.js | 200 OK Content-Length: 139524 Content-Type: application/x-javascript | clean |
http://static.pagesjaunes.fr/ilo/static_4.1425.2/js/ilo.min.js | 200 OK Content-Length: 1280 Content-Type: application/x-javascript | clean |
http://dlive.pagesjaunes.fr/RealMedia/ads/adstream_jx.ads/PJ2010/PF/YES/r11/d075/L07505600/default@x01 | 200 OK Content-Length: 233 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write ('<div id="PP1">\n'); document.write ('<script type="text/javascript" src="http://ads.horyzon-media.com/call/pubj/14668/108575/6326/M/2014.08.23.01.04.341213775217/[target]?" ></script>\n'); document.write ('</div>'); Antivirus reports:
| ||
http://champagnemultipose.com/test404page.js | HTTP/1.1 307 Temporary Redirect Date: Sat, 23 Aug 2014 01:04:35 GMT Location: http://www.pagesjaunes.fr Content-Length: 0 | clean |
http://www.pagesjaunes.fr/test404page.js | 404 Introuvable Content-Length: 38801 Content-Type: text/html | clean |
http://www.pagesjaunes.fr/pagesblanches | 200 OK Content-Length: 129910 Content-Type: text/html | clean |
http://dlive.pagesjaunes.fr/RealMedia/ads/adstream_jx.ads/PJ2010/PF/PB/r11/d075/L07505600/default@x01 | 200 OK Content-Length: 232 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write ('<div id="PP1">\n'); document.write ('<script type="text/javascript" src="http://ads.horyzon-media.com/call/pubj/14668/108576/6326/M/2014.08.23.01.04.36229591052/[target]?" ></script>\n'); document.write ('</div>'); Antivirus reports:
| ||
http://www.pagesjaunes.fr/pagespro | 200 OK Content-Length: 102491 Content-Type: text/html | clean |
http://dlive.pagesjaunes.fr/RealMedia/ads/adstream_jx.ads/PJ2010/PF/B2B@x01 | 200 OK Content-Length: 315 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: champagnemultipose.com
Result:
HTTP/1.1 307 Temporary Redirect
Date: Sat, 23 Aug 2014 01:04:26 GMT
Location: http://www.pagesjaunes.fr
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: champagnemultipose.com
Result:
HTTP/1.1 307 Temporary Redirect
Date: Sat, 23 Aug 2014 01:04:26 GMT
Location: http://www.pagesjaunes.fr
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: champagnemultipose.com
Referer: http://www.google.com/search?q=champagnemultipose.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: champagnemultipose.com
Referer: http://www.google.com/search?q=champagnemultipose.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=champagnemultipose.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://champagnemultipose.com/
Result: champagnemultipose.com is not infected or malware details are not published yet.
Result: champagnemultipose.com is not infected or malware details are not published yet.