Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: harrysrun.ca
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 31 Aug 2014 18:35:21 GMT
Location: http://pmhf3.akaraisin.com/Common/Event/Home.aspx?seid=9295&mid=8
Server: Apache/2.2.22 (Debian)
Content-Length: 332
Content-Type: text/html; charset=iso-8859-1
...332 bytes of data.
GET / HTTP/1.1
Host: harrysrun.ca
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 31 Aug 2014 18:35:21 GMT
Location: http://pmhf3.akaraisin.com/Common/Event/Home.aspx?seid=9295&mid=8
Server: Apache/2.2.22 (Debian)
Content-Length: 332
Content-Type: text/html; charset=iso-8859-1
...332 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: harrysrun.ca
Referer: http://www.google.com/search?q=harrysrun.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: harrysrun.ca
Referer: http://www.google.com/search?q=harrysrun.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://harrysrun.ca/ | HTTP/1.1 302 Found Connection: close Date: Sun, 31 Aug 2014 18:35:21 GMT Location: http://pmhf3.akaraisin.com/Common/Event/Home.aspx?seid=9295&mid=8 Server: Apache/2.2.22 (Debian) Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 | clean |
http://pmhf3.akaraisin.com/common/event/home.aspx?seid=9295&mid=8 | 200 OK Content-Length: 23652 Content-Type: text/html | clean |
http://pmhf3.akaraisin.com/WebResource.axd?d=88fPCn8RbARRZqSrHoq8jwROld06jEtJ3tTFnitzgVOCegPjeWez_WUKB3QeqhJorG9wwDoC8unF_lUmYIsbLCyUfd81&t=635195625120000000 | 200 OK Content-Length: 22346 Content-Type: application/x-javascript | clean |
http://harrysrun.ca/ScriptResource.axd?d=puwwBfMDC2m46eWqBLuK7C3SkmIg6Bwgzt_cs1_FwyNyzjqrUWRmY5Dsh3k3uRrh_ORPZZnlK-o1mN-TArIzRnVt3uYeeRWPuWEePb8L1PfrQENPjk4Osy-a4ENbPdQ8ET00uLmI43iu19o_erpYvecwKZ81&t=ca758f3 | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://harrysrun.ca/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://harrysrun.ca/ScriptResource.axd?d=xTVuULqX43MH3LoXtaQOIx-ux7r_he56ggJO3yF5VgByFi_gjfKgcV3A43iIm4HTKPLolsEuRbqwBi7dv-0Exa3HSux8yut8MWq5x75U8ov4YT1M91hHID5NYdZ-krgyOqJiZJZliiRjbP2dE8WQPOHQlZFdvKGDScsDgGIyoK4VVEyE0&t=ca758f3 | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=harrysrun.ca
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://harrysrun.ca/
Result: harrysrun.ca is not infected or malware details are not published yet.
Result: harrysrun.ca is not infected or malware details are not published yet.