Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: web.crdp-poitiers.org
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 04 Oct 2014 02:04:39 GMT
Location: http://www.cndp.fr/crdp-poitiers/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Set-Cookie: xxlplanBAK=R3174123473; path=/; expires=Sat, 04-Oct-2014 03:12:18 GMT
Set-Cookie: xxlplan=R908440199; path=/; expires=Sat, 04-Oct-2014 03:11:43 GMT
X-Powered-By: PHP/4.4.9
...0 bytes of data.
GET / HTTP/1.1
Host: web.crdp-poitiers.org
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 04 Oct 2014 02:04:39 GMT
Location: http://www.cndp.fr/crdp-poitiers/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Set-Cookie: xxlplanBAK=R3174123473; path=/; expires=Sat, 04-Oct-2014 03:12:18 GMT
Set-Cookie: xxlplan=R908440199; path=/; expires=Sat, 04-Oct-2014 03:11:43 GMT
X-Powered-By: PHP/4.4.9
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: web.crdp-poitiers.org
Referer: http://www.google.com/search?q=web.crdp-poitiers.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: web.crdp-poitiers.org
Referer: http://www.google.com/search?q=web.crdp-poitiers.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://web.crdp-poitiers.org/ | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 02:04:39 GMT Location: http://www.cndp.fr/crdp-poitiers/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: xxlplanBAK=R3174123473; path=/; expires=Sat, 04-Oct-2014 03:12:18 GMT Set-Cookie: xxlplan=R908440199; path=/; expires=Sat, 04-Oct-2014 03:11:43 GMT X-Powered-By: PHP/4.4.9 | clean |
http://www.cndp.fr/crdp-poitiers/ | HTTP/1.1 200 OK Cache-Control: private Connection: close Date: Sat, 04 Oct 2014 02:04:40 GMT Server: Apache Vary: Accept-Encoding Content-Length: 377 Content-Type: text/html Set-Cookie: SERVERID=web011; path=/ | clean |
http://web.crdp-poitiers.cndp.fr/crdp/ | 200 OK Content-Length: 69820 Content-Type: text/html | clean |
http://web.crdp-poitiers.cndp.fr//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 02:04:45 GMT Location: http://web.crdp-poitiers.org/ Server: Apache Vary: Accept-Encoding Content-Length: 213 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: xxlplanBAK=R3174149609; path=/; expires=Sat, 04-Oct-2014 03:08:16 GMT Set-Cookie: xxlplan=R908410796; path=/; expires=Sat, 04-Oct-2014 03:20:50 GMT | clean |
http://web.crdp-poitiers.org/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 02:04:45 GMT Location: http://web.crdp-poitiers.org/ Server: Apache Vary: Accept-Encoding Content-Length: 213 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: xxlplanBAK=R3174119117; path=/; expires=Sat, 04-Oct-2014 03:12:18 GMT Set-Cookie: xxlplan=R908440199; path=/; expires=Sat, 04-Oct-2014 03:06:01 GMT | clean |
http://web.crdp-poitiers.org/crdp/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.44.0-2013.09.15 | 200 OK Content-Length: 14701 Content-Type: application/javascript | clean |
http://web.crdp-poitiers.org/crdp/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.3 | 200 OK Content-Length: 8326 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=web.crdp-poitiers.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://web.crdp-poitiers.org/
Result: web.crdp-poitiers.org is not infected or malware details are not published yet.
Result: web.crdp-poitiers.org is not infected or malware details are not published yet.