Scanned pages/files
| Request | Server response | Status |
http://www.cincinnati.rivals.com/ | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Tue, 16 Dec 2014 22:21:11 GMT Via: http/1.1 yts248.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://cincinnati.rivals.com? Server: ATS Vary: X-Ssl Content-Length: 151 Content-Type: text/html Expires: -1 Default: private Strict-Transport-Security: max-age=172800 | clean |
https://cincinnati.rivals.com?/ | 200 OK Content-Length: 116649 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: virginiatech.rivals.com <script language="javascript">var SiteID = 943, curSysTime = '12/16/2014 4:21:12 PM'; function RunGenObj(txt) { document.write(txt); } </script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <script language="Javascript"> var RVAsitename = "BearcatReport.com"; var RVAschoolname = "Cincinnati"; var ...[4263 bytes skipped]... | ||
https://ct.yimg.com/mr/js/goldmember08.js | 200 OK Content-Length: 2810 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/goldmember.js | 200 OK Content-Length: 3626 Content-Type: application/x-javascript | clean |
https://us.adserver.yahoo.com/a?f=2022745803&at=&p=sports&l=N&c=r | 200 OK Content-Length: 1478 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/RIVALS_MENU_08.js | 200 OK Content-Length: 3187 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/YAHOO_MENU_08.js | 200 OK Content-Length: 3395 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/insert.js?4 | 200 OK Content-Length: 13593 Content-Type: application/x-javascript | clean |
https://s.yimg.com/ss/rapid-3.9.js | 200 OK Content-Length: 28971 Content-Type: application/javascript | clean |
https://ct.yimg.com/mr/js/teammenus.js | 200 OK Content-Length: 7603 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/CONF_TEAM_MENU_09.js | 200 OK Content-Length: 55066 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: virginiatech.rivals.com var tid = null; var subs_array = new Array("acc","atlantic10","big12","bigeast","bigten","cusa","independents","mwest","pac12","sec","sunbelt","mac","more","aac","junior"); function displaySubs(the_sub){ for (i=0;i<subs_array.length;i++){ var my_sub = document.getElementById(subs_array[i]); my_sub.style.display = "none"; } document.getElementById(the_sub).style.display = ""; } var cats_array ...[4245 bytes skipped]... Decoded script: ...[7566 bytes skipped]... P">Pittsburgh </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://syracuse.rivals.com/default.asp?SR=RivalsFP">Syracuse </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://virginia.rivals.com/default.asp?SR=RivalsFP">Virginia </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://virginiatech.rivals.com/default.asp?SR=RivalsFP">Virginia Tech </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://wakeforest.rivals.com/default.asp?SR=RivalsFP">Wake Forest </a><br> </div> <div id="atlantic10" style="display:none; line-height: 13pt;" class=nohoverY> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://dayton.rivals.com/default.asp?SR=RivalsFP">Dayton </a><b ...[43003 bytes skipped]... | ||
https://ct.yimg.com/mr/js/HS_MENU_08.js | 200 OK Content-Length: 11020 Content-Type: application/x-javascript | clean |
https://us.adserver.yahoo.com/a?f=2022745803&at=&p=sports&l=LREC&c=r | 200 OK Content-Length: 1493 Content-Type: application/x-javascript | clean |
http://www.cincinnati.rivals.com/content.asp?CID=1716287 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Tue, 16 Dec 2014 22:21:18 GMT Via: http/1.1 yts14.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://cincinnati.rivals.com/content.asp?CID=1716287 Server: ATS Vary: X-Ssl Content-Length: 174 Content-Type: text/html Expires: -1 Content: private Strict-Transport-Security: max-age=172800 | clean |
https://cincinnati.rivals.com/content.asp?cid=1716287 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Tue, 16 Dec 2014 22:21:18 GMT Via: http/1.1 yts50.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: /barrier_noentry.asp?sid=943&script=%2Fcontent%2Easp&cid=1716287 Server: ATS Vary: X-Ssl Content-Length: 193 Content-Type: text/html Expires: -1 Content: private Prefetchtop: private Set-Cookie: Subscription=5; expires=Wed, 17-Dec-2014 06:00:00 GMT; domain=.rivals.com; path=/ Strict-Transport-Security: max-age=172800 X-UA-Compatible: IE=EmulateIE7 | clean |
https://cincinnati.rivals.com/barrier_noentry.asp?sid=943&script=%2fcontent%2easp&cid=1716287 | 200 OK Content-Length: 6366 Content-Type: text/html | clean |
https://cincinnati.rivals.com/subscribe.asp?strk=barriercontent&sid=943 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Tue, 16 Dec 2014 22:21:20 GMT Via: http/1.1 yts52.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 1 Location: https://secure.rivals.com/nssubscribe.asp?sid=943&strk=barriercontent&plan=4&term=12&up=4:1 Server: ATS Vary: X-Ssl Content-Length: 228 Content-Type: text/html Expires: -1 Set-Cookie: Subscription=5; expires=Wed, 17-Dec-2014 06:00:00 GMT; domain=.rivals.com; path=/ Strict-Transport-Security: max-age=172800 X-UA-Compatible: IE=EmulateIE7 | clean |
https://secure.rivals.com/nssubscribe.asp?sid=943&strk=barriercontent&plan=4&term=12&up=4:1 | 200 OK Content-Length: 28904 Content-Type: text/html | clean |
https://secure.rivals.com/js/943.js | 200 OK Content-Length: 18 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cincinnati.rivals.com
Result:
GET / HTTP/1.1
Host: cincinnati.rivals.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: cincinnati.rivals.com
Referer: http://www.google.com/search?q=cincinnati.rivals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cincinnati.rivals.com
Referer: http://www.google.com/search?q=cincinnati.rivals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cincinnati.rivals.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cincinnati.rivals.com/
Result: cincinnati.rivals.com is not infected or malware details are not published yet.
Result: cincinnati.rivals.com is not infected or malware details are not published yet.