Scanned pages/files
| Request | Server response | Status |
http://park-cities.unitedcp.com/ | HTTP/1.1 302 Found Cache-Control: store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 00:59:26 GMT Location: http://www.unitedcpdallas.com/ Server: Apache/2.2.25 (Amazon) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Sat, 04 Oct 2014 00:59:26 GMT Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=vu8lrtk5oi4tmgs8df9pgbasu6; expires=Mon, 27-Oct-2014 04:32:46 GMT; path=/; domain=.unitedcp.com X-Powered-By: PHP/5.3.27 | clean |
http://www.unitedcpdallas.com/ | 200 OK Content-Length: 15766 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/sites/default/files/js/js_641a0481f6ab043b94872b1493636177.js | 200 OK Content-Length: 300812 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document tl=term.length; if (match<0) { markup.push(escapeMarkup(text)); return; } markup.push(escapeMarkup(text.substring(0, match))); markup.push("<span class='select2-match'>"); markup.push(escapeMarkup(text.substring(match, match + tl))); markup.push("</span>"); markup.push(escapeMarkup(text.substring(match + tl, text.length))); } Antivirus reports:
| ||
http://park-cities.unitedcp.com/news | HTTP/1.1 302 Found Cache-Control: store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 00:59:37 GMT Location: http://www.unitedcpdallas.com/news Server: Apache/2.2.25 (Amazon) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Sat, 04 Oct 2014 00:59:37 GMT Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=dnd1fhc2vpik8agsnm3rc74ia7; expires=Mon, 27-Oct-2014 04:32:57 GMT; path=/; domain=.unitedcp.com X-Powered-By: PHP/5.3.27 | clean |
http://www.unitedcpdallas.com/news | 200 OK Content-Length: 18244 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/sites/default/files/js/js_bb276e587288411ee31a80ed7cff5ee8.js | 200 OK Content-Length: 300812 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document el = $(el)[0]; var offset = 0; var length = 0; if ('selectionStart' in el) { offset = el.selectionStart; length = el.selectionEnd - offset; } else if ('selection' in document) { el.focus(); var sel = document.selection.createRange(); length = document.selection.createRange().text.length; sel.moveStart('character', -el.v Antivirus reports:
| ||
http://park-cities.unitedcp.com/contact | HTTP/1.1 302 Found Cache-Control: store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 00:59:46 GMT Location: http://www.unitedcpdallas.com/contact Server: Apache/2.2.25 (Amazon) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Sat, 04 Oct 2014 00:59:47 GMT Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=42rg4n8juulgrq4unnrauisql4; expires=Mon, 27-Oct-2014 04:33:07 GMT; path=/; domain=.unitedcp.com X-Powered-By: PHP/5.3.27 | clean |
http://www.unitedcpdallas.com/contact | 200 OK Content-Length: 14818 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/honest-conversations | 403 Forbidden Content-Length: 9120 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/what-we-do | 200 OK Content-Length: 18437 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/sites/all/themes/ucp_rd/js/Flowchart_Banner_edgePreload.js | 200 OK Content-Length: 18466 Content-Type: text/javascript | clean |
http://www.unitedcpdallas.com/about-us | 200 OK Content-Length: 12505 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/personnel | 200 OK Content-Length: 17530 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/signature-services | 200 OK Content-Length: 15658 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/disclosures | 200 OK Content-Length: 11382 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/test404page.js | 404 Not Found Content-Length: 8741 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/advice-planning | 200 OK Content-Length: 12916 Content-Type: text/html | clean |
http://www.unitedcpdallas.com/our-team | 403 Forbidden Content-Length: 27105 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: park-cities.unitedcp.com
Result:
HTTP/1.1 302 Found
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 00:59:26 GMT
Location: http://www.unitedcpdallas.com/
Server: Apache/2.2.25 (Amazon)
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 00:59:26 GMT
Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=vu8lrtk5oi4tmgs8df9pgbasu6; expires=Mon, 27-Oct-2014 04:32:46 GMT; path=/; domain=.unitedcp.com
X-Powered-By: PHP/5.3.27
...0 bytes of data.
GET / HTTP/1.1
Host: park-cities.unitedcp.com
Result:
HTTP/1.1 302 Found
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 00:59:26 GMT
Location: http://www.unitedcpdallas.com/
Server: Apache/2.2.25 (Amazon)
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 00:59:26 GMT
Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=vu8lrtk5oi4tmgs8df9pgbasu6; expires=Mon, 27-Oct-2014 04:32:46 GMT; path=/; domain=.unitedcp.com
X-Powered-By: PHP/5.3.27
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: park-cities.unitedcp.com
Referer: http://www.google.com/search?q=park-cities.unitedcp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: park-cities.unitedcp.com
Referer: http://www.google.com/search?q=park-cities.unitedcp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=park-cities.unitedcp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://park-cities.unitedcp.com/
Result: park-cities.unitedcp.com is not infected or malware details are not published yet.
Result: park-cities.unitedcp.com is not infected or malware details are not published yet.