Scanned pages/files
Request | Server response | Status |
http://united-capital-of-san-diego.unitedcp.com/ | HTTP/1.1 302 Found Cache-Control: store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Fri, 03 Oct 2014 20:23:04 GMT Location: http://www.unitedcpsd.com/ Server: Apache/2.2.25 (Amazon) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Fri, 03 Oct 2014 20:23:04 GMT Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=49hreuenu3kn4ndj9rlfi4m0n1; expires=Sun, 26-Oct-2014 23:56:24 GMT; path=/; domain=.unitedcp.com X-Powered-By: PHP/5.3.27 | clean |
http://www.unitedcpsd.com/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.unitedcpsd.com/test404page.js | 404 Not Found Content-Length: 8714 Content-Type: text/html | clean |
http://www.unitedcpsd.com/sites/default/files/js/js_641a0481f6ab043b94872b1493636177.js | 200 OK Content-Length: 300812 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document tl=term.length; if (match<0) { markup.push(escapeMarkup(text)); return; } markup.push(escapeMarkup(text.substring(0, match))); markup.push("<span class='select2-match'>"); markup.push(escapeMarkup(text.substring(match, match + tl))); markup.push("</span>"); markup.push(escapeMarkup(text.substring(match + tl, text.length))); } Antivirus reports:
| ||
http://www.unitedcpsd.com/news | 200 OK Content-Length: 18213 Content-Type: text/html | clean |
http://www.unitedcpsd.com/sites/default/files/js/js_bb276e587288411ee31a80ed7cff5ee8.js | 200 OK Content-Length: 300812 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document el = $(el)[0]; var offset = 0; var length = 0; if ('selectionStart' in el) { offset = el.selectionStart; length = el.selectionEnd - offset; } else if ('selection' in document) { el.focus(); var sel = document.selection.createRange(); length = document.selection.createRange().text.length; sel.moveStart('character', -el.v Antivirus reports:
| ||
http://www.unitedcpsd.com/contact | 200 OK Content-Length: 14233 Content-Type: text/html | clean |
http://www.unitedcpsd.com/honest-conversations | 403 Forbidden Content-Length: 9093 Content-Type: text/html | clean |
http://www.unitedcpsd.com/what-we-do | 200 OK Content-Length: 18410 Content-Type: text/html | clean |
http://www.unitedcpsd.com/sites/all/themes/ucp_rd/js/Flowchart_Banner_edgePreload.js | 200 OK Content-Length: 18466 Content-Type: text/javascript | clean |
http://www.unitedcpsd.com/about-us | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.unitedcpsd.com/advice-planning | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.unitedcpsd.com/our-team | 403 Forbidden Content-Length: 27078 Content-Type: text/html | clean |
http://www.unitedcpsd.com/who-we-are | 403 Forbidden Content-Length: 27904 Content-Type: text/html | clean |
http://www.unitedcpsd.com/directors?header=0& | 403 Forbidden Content-Length: 27544 Content-Type: text/html | clean |
http://www.unitedcpsd.com/disclosures | 200 OK Content-Length: 11776 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: united-capital-of-san-diego.unitedcp.com
Result:
HTTP/1.1 302 Found
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Oct 2014 20:23:04 GMT
Location: http://www.unitedcpsd.com/
Server: Apache/2.2.25 (Amazon)
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 03 Oct 2014 20:23:04 GMT
Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=49hreuenu3kn4ndj9rlfi4m0n1; expires=Sun, 26-Oct-2014 23:56:24 GMT; path=/; domain=.unitedcp.com
X-Powered-By: PHP/5.3.27
...0 bytes of data.
GET / HTTP/1.1
Host: united-capital-of-san-diego.unitedcp.com
Result:
HTTP/1.1 302 Found
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Oct 2014 20:23:04 GMT
Location: http://www.unitedcpsd.com/
Server: Apache/2.2.25 (Amazon)
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 03 Oct 2014 20:23:04 GMT
Set-Cookie: SESS832a2d7e1bdefd53fe857533dcf9ff95=49hreuenu3kn4ndj9rlfi4m0n1; expires=Sun, 26-Oct-2014 23:56:24 GMT; path=/; domain=.unitedcp.com
X-Powered-By: PHP/5.3.27
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: united-capital-of-san-diego.unitedcp.com
Referer: http://www.google.com/search?q=united-capital-of-san-diego.unitedcp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: united-capital-of-san-diego.unitedcp.com
Referer: http://www.google.com/search?q=united-capital-of-san-diego.unitedcp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=united-capital-of-san-diego.unitedcp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://united-capital-of-san-diego.unitedcp.com/
Result: united-capital-of-san-diego.unitedcp.com is not infected or malware details are not published yet.
Result: united-capital-of-san-diego.unitedcp.com is not infected or malware details are not published yet.