Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: umasd.org
Result:
HTTP/1.1 302 Found
Cache-Control: private
Date: Mon, 13 Oct 2014 17:20:31 GMT
Location: /site/default.aspx?PageID=1
Server: Microsoft-IIS/7.0
Content-Length: 1047
Content-Type: text/html; charset=utf-8
Set-Cookie: PSN=hLuxnrAa5rkqlfNsJ3tBNQ==; path=/
Set-Cookie: PSDB=kztX/Kv4qe5O6gY21VVXIEAmC3FZAkj2; path=/
Set-Cookie: AccountID=cfEI6tsYEZY=; path=/
Set-Cookie: AccountNumber=NFgLEbAweDRrKDGjHdd/cQ==; path=/
Set-Cookie: AccountName=qQxWLdAFTXb6b/KnzrudBtRHC+6RkaoaYp0+zjFdTMSZ2Zeik5mngg==; path=/
Set-Cookie: APIKey=a8e1d1a6-5bd2-4a84-9067-65e496e1b36d; path=/
Set-Cookie: SWSessionID=33eb83fe-7a4d-428c-a1ab-6e50c9821114; path=/
Set-Cookie: DefaultApplication=CMS; path=/
Set-Cookie: BIGipServerSWC2-WEBC05=2456314890.20480.0000; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...1047 bytes of data.
GET / HTTP/1.1
Host: umasd.org
Result:
HTTP/1.1 302 Found
Cache-Control: private
Date: Mon, 13 Oct 2014 17:20:31 GMT
Location: /site/default.aspx?PageID=1
Server: Microsoft-IIS/7.0
Content-Length: 1047
Content-Type: text/html; charset=utf-8
Set-Cookie: PSN=hLuxnrAa5rkqlfNsJ3tBNQ==; path=/
Set-Cookie: PSDB=kztX/Kv4qe5O6gY21VVXIEAmC3FZAkj2; path=/
Set-Cookie: AccountID=cfEI6tsYEZY=; path=/
Set-Cookie: AccountNumber=NFgLEbAweDRrKDGjHdd/cQ==; path=/
Set-Cookie: AccountName=qQxWLdAFTXb6b/KnzrudBtRHC+6RkaoaYp0+zjFdTMSZ2Zeik5mngg==; path=/
Set-Cookie: APIKey=a8e1d1a6-5bd2-4a84-9067-65e496e1b36d; path=/
Set-Cookie: SWSessionID=33eb83fe-7a4d-428c-a1ab-6e50c9821114; path=/
Set-Cookie: DefaultApplication=CMS; path=/
Set-Cookie: BIGipServerSWC2-WEBC05=2456314890.20480.0000; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...1047 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: umasd.org
Referer: http://www.google.com/search?q=umasd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: umasd.org
Referer: http://www.google.com/search?q=umasd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://umasd.org/ | HTTP/1.1 302 Found Cache-Control: private Date: Mon, 13 Oct 2014 17:20:31 GMT Location: /site/default.aspx?PageID=1 Server: Microsoft-IIS/7.0 Content-Length: 1047 Content-Type: text/html; charset=utf-8 Set-Cookie: PSN=hLuxnrAa5rkqlfNsJ3tBNQ==; path=/ Set-Cookie: PSDB=kztX/Kv4qe5O6gY21VVXIEAmC3FZAkj2; path=/ Set-Cookie: AccountID=cfEI6tsYEZY=; path=/ Set-Cookie: AccountNumber=NFgLEbAweDRrKDGjHdd/cQ==; path=/ Set-Cookie: AccountName=qQxWLdAFTXb6b/KnzrudBtRHC+6RkaoaYp0+zjFdTMSZ2Zeik5mngg==; path=/ Set-Cookie: APIKey=a8e1d1a6-5bd2-4a84-9067-65e496e1b36d; path=/ Set-Cookie: SWSessionID=33eb83fe-7a4d-428c-a1ab-6e50c9821114; path=/ Set-Cookie: DefaultApplication=CMS; path=/ Set-Cookie: BIGipServerSWC2-WEBC05=2456314890.20480.0000; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://umasd.org/site/default.aspx?pageid=1 | 200 OK Content-Length: 138107 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | 200 OK Content-Length: 92629 Content-Type: text/javascript | clean |
http://umasd.org/Static/V2_07_01/GlobalAssets/Scripts/min/jquery-migrate-1.2.1.js | 200 OK Content-Length: 8273 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://umasd.org//extend.schoolwires.com/creative/scripts/joel/rotate.gallery/joel.photoGallery.rotate.v1.0.min.js/ | 404 Not Found Content-Length: 1233 Content-Type: text/html | clean |
http://umasd.org//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js/ | 404 Not Found Content-Length: 1234 Content-Type: text/html | clean |
http://umasd.org/Static/V2_07_01//GlobalAssets/Scripts/min/jquery-migrate-1.2.1.js | 200 OK Content-Length: 8273 Content-Type: application/x-javascript | clean |
http://umasd.org/test404page.js | 404 Not Found Content-Length: 1234 Content-Type: text/html | clean |
http://umasd.org//extend.schoolwires.com/creative/scripts/creative/rotate/simple.creative.GalleryRotate.jQuery.min.js/ | 404 Not Found Content-Length: 1233 Content-Type: text/html | clean |
http://umasd.org/cms/lib7/PA01000379/Centricity/Template/4/scripts/jflickrfeed.js | 200 OK Content-Length: 2470 Content-Type: application/x-javascript | clean |
http://umasd.org/cms/lib7/PA01000379/Centricity/Template/4/scripts/jquery.ba-resize.min.js | 200 OK Content-Length: 1098 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.1/jquery-ui.min.js | 200 OK Content-Length: 228079 Content-Type: text/javascript | clean |
http://umasd.org/Static/V2_07_01/GlobalAssets/Scripts/min/SW-UI.min.js | 200 OK Content-Length: 18613 Content-Type: application/x-javascript | clean |
http://umasd.org/Static/V2_07_01/GlobalAssets/Scripts/Initialize.js | 200 OK Content-Length: 15908 Content-Type: application/x-javascript | clean |
http://umasd.org/Static/V2_07_01/GlobalAssets/Scripts/min/swfobject.min.js | 200 OK Content-Length: 5703 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=umasd.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://umasd.org/
Result: umasd.org is not infected or malware details are not published yet.
Result: umasd.org is not infected or malware details are not published yet.