Scanned pages/files
Request | Server response | Status |
http://clemson.rivals.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 16 Dec 2014 09:24:07 GMT Via: http/1.1 media-border70.global.media.bf1.yahoo.com (ApacheTrafficServer [c s f ]) Location: https://clemson.rivals.com/ Server: ATS Content-Length: 0 Strict-Transport-Security: max-age=172800 | clean |
https://clemson.rivals.com/ | 200 OK Content-Length: 113869 Content-Type: text/html | clean |
https://ct.yimg.com/mr/js/goldmember08.js | 200 OK Content-Length: 2810 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/goldmember.js | 200 OK Content-Length: 3626 Content-Type: application/x-javascript | clean |
https://us.adserver.yahoo.com/a?f=2022745811&at=&p=sports&l=N&c=r | 200 OK Content-Length: 1476 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/RIVALS_MENU_08.js | 200 OK Content-Length: 3187 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/YAHOO_MENU_08.js | 200 OK Content-Length: 3395 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/insert.js?4 | 200 OK Content-Length: 13593 Content-Type: application/x-javascript | clean |
https://s.yimg.com/ss/rapid-3.9.js | 200 OK Content-Length: 28971 Content-Type: application/javascript | clean |
https://ct.yimg.com/mr/js/teammenus.js | 200 OK Content-Length: 7603 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/CONF_TEAM_MENU_09.js | 200 OK Content-Length: 55066 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: virginiatech.rivals.com var tid = null; var subs_array = new Array("acc","atlantic10","big12","bigeast","bigten","cusa","independents","mwest","pac12","sec","sunbelt","mac","more","aac","junior"); function displaySubs(the_sub){ for (i=0;i<subs_array.length;i++){ var my_sub = document.getElementById(subs_array[i]); my_sub.style.display = "none"; } document.getElementById(the_sub).style.display = ""; } var cats_array ...[4245 bytes skipped]... Decoded script: ...[7566 bytes skipped]... P">Pittsburgh </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://syracuse.rivals.com/default.asp?SR=RivalsFP">Syracuse </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://virginia.rivals.com/default.asp?SR=RivalsFP">Virginia </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://virginiatech.rivals.com/default.asp?SR=RivalsFP">Virginia Tech </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://wakeforest.rivals.com/default.asp?SR=RivalsFP">Wake Forest </a><br> </div> <div id="atlantic10" style="display:none; line-height: 13pt;" class=nohoverY> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://dayton.rivals.com/default.asp?SR=RivalsFP">Dayton </a><b ...[43003 bytes skipped]... | ||
https://ct.yimg.com/mr/js/HS_MENU_08.js | 200 OK Content-Length: 11020 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/AC_RunActiveContent.js | 200 OK Content-Length: 8321 Content-Type: application/x-javascript | clean |
https://us.adserver.yahoo.com/a?f=2022745811&at=&p=sports&l=LREC&c=r | 200 OK Content-Length: 1490 Content-Type: application/x-javascript | clean |
http://clemson.rivals.com/content.asp?CID=1715825 | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 16 Dec 2014 09:24:17 GMT Via: http/1.1 media-border54.global.media.bf1.yahoo.com (ApacheTrafficServer [c s f ]) Location: https://clemson.rivals.com/content.asp?CID=1715825 Server: ATS Content-Length: 0 Strict-Transport-Security: max-age=172800 | clean |
https://clemson.rivals.com/content.asp?cid=1715825 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Tue, 16 Dec 2014 09:24:17 GMT Via: http/1.1 media-border91.global.media.bf1.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: /barrier_noentry.asp?sid=911&script=%2Fcontent%2Easp&cid=1715825 Server: ATS Vary: X-Ssl Content-Length: 193 Content-Type: text/html Expires: -1 Content: private Prefetchtop: private Set-Cookie: Subscription=5; expires=Wed, 17-Dec-2014 06:00:00 GMT; domain=.rivals.com; path=/ Strict-Transport-Security: max-age=172800 X-UA-Compatible: IE=EmulateIE7 | clean |
https://clemson.rivals.com/barrier_noentry.asp?sid=911&script=%2fcontent%2easp&cid=1715825 | 200 OK Content-Length: 6369 Content-Type: text/html | clean |
https://clemson.rivals.com/subscribe.asp?strk=barriercontent&sid=911 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Tue, 16 Dec 2014 09:24:19 GMT Via: http/1.1 media-border60.global.media.bf1.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://secure.rivals.com/nssubscribe.asp?sid=911&strk=barriercontent&plan=4&term=12&up=4:1 Server: ATS Vary: X-Ssl Content-Length: 228 Content-Type: text/html Expires: -1 Set-Cookie: Subscription=5; expires=Wed, 17-Dec-2014 06:00:00 GMT; domain=.rivals.com; path=/ Strict-Transport-Security: max-age=172800 X-UA-Compatible: IE=EmulateIE7 | clean |
https://secure.rivals.com/nssubscribe.asp?sid=911&strk=barriercontent&plan=4&term=12&up=4:1 | 200 OK Content-Length: 28823 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: clemson.rivals.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 16 Dec 2014 09:24:07 GMT
Via: http/1.1 media-border70.global.media.bf1.yahoo.com (ApacheTrafficServer [c s f ])
Location: https://clemson.rivals.com/
Server: ATS
Content-Length: 0
Strict-Transport-Security: max-age=172800
...0 bytes of data.
GET / HTTP/1.1
Host: clemson.rivals.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 16 Dec 2014 09:24:07 GMT
Via: http/1.1 media-border70.global.media.bf1.yahoo.com (ApacheTrafficServer [c s f ])
Location: https://clemson.rivals.com/
Server: ATS
Content-Length: 0
Strict-Transport-Security: max-age=172800
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: clemson.rivals.com
Referer: http://www.google.com/search?q=clemson.rivals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: clemson.rivals.com
Referer: http://www.google.com/search?q=clemson.rivals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=clemson.rivals.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://clemson.rivals.com/
Result: clemson.rivals.com is not infected or malware details are not published yet.
Result: clemson.rivals.com is not infected or malware details are not published yet.