Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bahablades.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 15 Sep 2014 07:03:23 GMT
Location: http://www.leaguelineup.com/bahablades
Server: Apache/2.2.22 (Debian)
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1
...302 bytes of data.
GET / HTTP/1.1
Host: bahablades.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 15 Sep 2014 07:03:23 GMT
Location: http://www.leaguelineup.com/bahablades
Server: Apache/2.2.22 (Debian)
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1
...302 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bahablades.com
Referer: http://www.google.com/search?q=bahablades.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bahablades.com
Referer: http://www.google.com/search?q=bahablades.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://bahablades.com/ | HTTP/1.1 302 Found Connection: close Date: Mon, 15 Sep 2014 07:03:23 GMT Location: http://www.leaguelineup.com/bahablades Server: Apache/2.2.22 (Debian) Content-Length: 302 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.leaguelineup.com/bahablades | HTTP/1.1 301 Moved Permanently Date: Mon, 15 Sep 2014 07:03:05 GMT Location: http://www.leaguelineup.com/bahablades/ Server: Microsoft-IIS/8.5 Content-Length: 162 Content-Type: text/html; charset=UTF-8 X-Powered-By: ASP.NET | clean |
http://www.leaguelineup.com/bahablades/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Mon, 15 Sep 2014 07:03:05 GMT Location: /welcome.asp?url=bahablades Server: Microsoft-IIS/8.5 Content-Length: 148 Content-Type: text/html Set-Cookie: ASPSESSIONIDCQTDSCRS=CEELNMICNFGNGLOMFDKDGLPA; path=/ X-Powered-By: ASP.NET | clean |
http://www.leaguelineup.com/welcome.asp?url=bahablades | 200 OK Content-Length: 61967 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js | 200 OK Content-Length: 228002 Content-Type: text/javascript | clean |
http://bahablades.com/_incl/llv/mediaelement-and-player.min.js | 404 Not Found Content-Length: 318 Content-Type: text/html | clean |
http://bahablades.com/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://s7.addthis.com/js/152/addthis_widget.js | 200 OK Content-Length: 7921 Content-Type: text/javascript | clean |
http://output73.rssinclude.com/output?type=js&id=163943&hash=33d556ef834dc0e42b6f65ec85dc0e4d | 200 OK Content-Length: 5374 Content-Type: text/javascript | clean |
http://output94.rssinclude.com/output?type=js&id=163941&hash=c24710f0d34e6c84048e5b692da3523e | 200 OK Content-Length: 5619 Content-Type: text/javascript | clean |
http://output86.rssinclude.com/output?type=js&id=163942&hash=1b4af09ae87c1a9edff950b454a71a1d | 200 OK Content-Length: 6010 Content-Type: text/javascript | clean |
http://netweather.accuweather.com/adcbin/netweather_v2/netweatherV2ex.asp?partner=netweather&tStyle=normal&logo=1&zipcode=49085&lang=eng&size=13&theme=winter1&metric=0&target=_self | 200 OK Content-Length: 4483 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bahablades.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bahablades.com/
Result: bahablades.com is not infected or malware details are not published yet.
Result: bahablades.com is not infected or malware details are not published yet.