The World Resources Institute, or WRI for short, has a sub-domain, namely cait, that is blacklisted by Google with the “This site may be compromised” tag. Details about this tag can be found on various sources.
So, why exactly is Google warning us? Lets look at the urlQuery results. First thing we notice is a redirect to the main domain. Lets look at the header’s return:
First, we know that this is a 302 redirect to the target page of CAIT from the official site. Second, they use an outdated version of Apache. The latest stable release was version 2.4.2 released 2012-04-17. But what is the offending content that this site return? The suspicious element I found is below:
Which returns..
Notice the site name. Detected by two at urlVoid. If you check the history you notice that these are the same results from two months ago. There isn’t really anything on the site however, not even close to a site. Could be associated with phishing.
Outdated sites are more likely to get hacked,
~!Donovan