Scanned pages/files
| Request | Server response | Status |
http://connecticut.rivals.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 17 Dec 2014 01:46:19 GMT Via: http/1.1 yts56.global.media.ir2.yahoo.com (ApacheTrafficServer [c s f ]) Location: https://connecticut.rivals.com/ Server: ATS Content-Length: 0 Strict-Transport-Security: max-age=172800 | clean |
https://connecticut.rivals.com/ | 200 OK Content-Length: 104987 Content-Type: text/html | clean |
https://ct.yimg.com/mr/js/goldmember08.js | 200 OK Content-Length: 2810 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/goldmember.js | 200 OK Content-Length: 3626 Content-Type: application/x-javascript | clean |
https://us.adserver.yahoo.com/a?f=2022745835&at=&p=sports&l=N&c=r | 200 OK Content-Length: 1475 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/RIVALS_MENU_08.js | 200 OK Content-Length: 3187 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/YAHOO_MENU_08.js | 200 OK Content-Length: 3395 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/insert.js?4 | 200 OK Content-Length: 13593 Content-Type: application/x-javascript | clean |
https://s.yimg.com/ss/rapid-3.9.js | 200 OK Content-Length: 28971 Content-Type: application/javascript | clean |
https://ct.yimg.com/mr/js/teammenus.js | 200 OK Content-Length: 7603 Content-Type: application/x-javascript | clean |
https://ct.yimg.com/mr/js/CONF_TEAM_MENU_09.js | 200 OK Content-Length: 55066 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: virginiatech.rivals.com var tid = null; var subs_array = new Array("acc","atlantic10","big12","bigeast","bigten","cusa","independents","mwest","pac12","sec","sunbelt","mac","more","aac","junior"); function displaySubs(the_sub){ for (i=0;i<subs_array.length;i++){ var my_sub = document.getElementById(subs_array[i]); my_sub.style.display = "none"; } document.getElementById(the_sub).style.display = ""; } var cats_array ...[4245 bytes skipped]... Decoded script: ...[7566 bytes skipped]... P">Pittsburgh </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://syracuse.rivals.com/default.asp?SR=RivalsFP">Syracuse </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://virginia.rivals.com/default.asp?SR=RivalsFP">Virginia </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://virginiatech.rivals.com/default.asp?SR=RivalsFP">Virginia Tech </a><br> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://wakeforest.rivals.com/default.asp?SR=RivalsFP">Wake Forest </a><br> </div> <div id="atlantic10" style="display:none; line-height: 13pt;" class=nohoverY> <img src=https://ct.yimg.com/mr/images/bullet08.gif><a href="http://dayton.rivals.com/default.asp?SR=RivalsFP">Dayton </a><b ...[43003 bytes skipped]... | ||
https://ct.yimg.com/mr/js/HS_MENU_08.js | 200 OK Content-Length: 11020 Content-Type: application/x-javascript | clean |
https://us.adserver.yahoo.com/a?f=2022745835&at=&p=sports&l=LREC&c=r | 200 OK Content-Length: 1489 Content-Type: application/x-javascript | clean |
http://connecticut.rivals.com/content.asp?CID=1716089 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 17 Dec 2014 01:46:26 GMT Via: http/1.1 yts231.global.media.ir2.yahoo.com (ApacheTrafficServer [c s f ]) Location: https://connecticut.rivals.com/content.asp?CID=1716089 Server: ATS Content-Length: 0 Strict-Transport-Security: max-age=172800 | clean |
https://connecticut.rivals.com/content.asp?cid=1716089 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Wed, 17 Dec 2014 01:46:26 GMT Via: http/1.1 yts11.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: /barrier_noentry.asp?sid=1039&script=%2Fcontent%2Easp&cid=1716089 Server: ATS Vary: X-Ssl Content-Length: 194 Content-Type: text/html Expires: -1 Content: private Prefetchtop: private Set-Cookie: Subscription=5; expires=Wed, 17-Dec-2014 06:00:00 GMT; domain=.rivals.com; path=/ Strict-Transport-Security: max-age=172800 X-UA-Compatible: IE=EmulateIE7 | clean |
https://connecticut.rivals.com/barrier_noentry.asp?sid=1039&script=%2fcontent%2easp&cid=1716089 | 200 OK Content-Length: 6508 Content-Type: text/html | clean |
https://connecticut.rivals.com/subscribe.asp?strk=barriercontent&sid=1039 | HTTP/1.1 302 Object moved Cache-Control: max-age=0, private Connection: close Date: Wed, 17 Dec 2014 01:46:27 GMT Via: http/1.1 yts19.global.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://secure.rivals.com/nssubscribe.asp?sid=1039&strk=barriercontent&plan=4&term=12&up=4:1 Server: ATS Vary: X-Ssl Content-Length: 229 Content-Type: text/html Expires: -1 Set-Cookie: Subscription=5; expires=Wed, 17-Dec-2014 06:00:00 GMT; domain=.rivals.com; path=/ Strict-Transport-Security: max-age=172800 X-UA-Compatible: IE=EmulateIE7 | clean |
https://secure.rivals.com/nssubscribe.asp?sid=1039&strk=barriercontent&plan=4&term=12&up=4:1 | 200 OK Content-Length: 28907 Content-Type: text/html | clean |
https://secure.rivals.com/js/1039.js | 200 OK Content-Length: 18 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: connecticut.rivals.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 17 Dec 2014 01:46:19 GMT
Via: http/1.1 yts56.global.media.ir2.yahoo.com (ApacheTrafficServer [c s f ])
Location: https://connecticut.rivals.com/
Server: ATS
Content-Length: 0
Strict-Transport-Security: max-age=172800
...0 bytes of data.
GET / HTTP/1.1
Host: connecticut.rivals.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 17 Dec 2014 01:46:19 GMT
Via: http/1.1 yts56.global.media.ir2.yahoo.com (ApacheTrafficServer [c s f ])
Location: https://connecticut.rivals.com/
Server: ATS
Content-Length: 0
Strict-Transport-Security: max-age=172800
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: connecticut.rivals.com
Referer: http://www.google.com/search?q=connecticut.rivals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: connecticut.rivals.com
Referer: http://www.google.com/search?q=connecticut.rivals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=connecticut.rivals.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://connecticut.rivals.com/
Result: connecticut.rivals.com is not infected or malware details are not published yet.
Result: connecticut.rivals.com is not infected or malware details are not published yet.