Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=portal.wku.edu
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://portal.wku.edu/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: optimumfertilityformula.com
Result:
GET / HTTP/1.1
Host: optimumfertilityformula.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: optimumfertilityformula.com
Referer: http://www.google.com/search?q=optimumfertilityformula.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: optimumfertilityformula.com
Referer: http://www.google.com/search?q=optimumfertilityformula.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://portal.wku.edu/ | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 19:40:26 GMT Location: https://my.wku.edu/ Server: Apache/2.4.6 (Unix) OpenSSL/1.0.0-fips PHP/5.5.5 Content-Length: 203 Content-Type: text/html; charset=iso-8859-1 | malicious |
https://my.wku.edu/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 01 Oct 2014 19:40:27 GMT Location: https://portal-cas.wku.edu:8447/cas-web/login?service=https%3A%2F%2Fmy.wku.edu%2Fc%2Fportal%2Flogin%3Bjsessionid%3D0E04E04B1286E90A713F19B4BB7D44D5.web2 Server: Apache/2.4.6 (Unix) OpenSSL/1.0.0-fips PHP/5.5.5 Content-Length: 0 Set-Cookie: JSESSIONID=0E04E04B1286E90A713F19B4BB7D44D5.web2; Path=/; Secure Set-Cookie: ROUTEID=.web2; path=/ | malicious |
https://portal-cas.wku.edu:8447/cas-web/login?service=https%3a%2f%2fmy.wku.edu%2fc%2fportal%2flogin%3bjsessionid%3d0e04e04b1286e90a713f19b4bb7d44d5.web2 | 200 OK Content-Length: 9628 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.wku.edu ...[626 bytes skipped]... ;body id="cas" onload="init();"> <div id="header"></div> <div id="content"> <!-- WKUMOD CLM add hook to wkuSessionCookie() to the form submit event --> <form id="fm1" class="fm-v clearfix" method="post" action="/cas-web/login;jsessionid=5F6D731971C8D51ABDBF5A22576902D1?service=https%3a%2f%2fmy.wku.edu%2fc%2fportal%2flogin%3bjsessionid%3d0e04e04b1286e90a713f19b4bb7d44d5.web2" onsubmit="wkuSessionCookie()"> <div class="logo"></div> <!-- WKUMOD JLM Moved logo here --> <div class="box" id="login"> <!-- Congratulations on bringing CAS online! The default authentication handler authenticates where usernames equal passwords: go ahead, try it out. --> ...[3187 bytes skipped]... | ||
https://portal-cas.wku.edu:8447/cas-web/js/common_rosters.js | 200 OK Content-Length: 7515 Content-Type: text/javascript | clean |
http://portal.wku.edu/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 19:40:31 GMT Location: https://my.wku.edu/test404page.js Server: Apache/2.4.6 (Unix) OpenSSL/1.0.0-fips PHP/5.5.5 Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 | malicious |
https://my.wku.edu/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 01 Oct 2014 19:40:32 GMT Location: https://portal-cas.wku.edu:8447/cas-web/login?service=https%3A%2F%2Fmy.wku.edu%2Fc%2Fportal%2Flogin%3Bjsessionid%3D8C906869B083466644E1326F893324A0.web2 Server: Apache/2.4.6 (Unix) OpenSSL/1.0.0-fips PHP/5.5.5 Content-Length: 0 Content-Type: application/javascript Set-Cookie: JSESSIONID=8C906869B083466644E1326F893324A0.web2; Path=/; Secure Set-Cookie: ROUTEID=.web2; path=/ | malicious |
https://portal-cas.wku.edu:8447/cas-web/login?service=https%3a%2f%2fmy.wku.edu%2fc%2fportal%2flogin%3bjsessionid%3d8c906869b083466644e1326f893324a0.web2 | 200 OK Content-Length: 9628 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.wku.edu ...[626 bytes skipped]... ;body id="cas" onload="init();"> <div id="header"></div> <div id="content"> <!-- WKUMOD CLM add hook to wkuSessionCookie() to the form submit event --> <form id="fm1" class="fm-v clearfix" method="post" action="/cas-web/login;jsessionid=DEAAFDF7DF999DBA02DEC66F56A6B8EA?service=https%3a%2f%2fmy.wku.edu%2fc%2fportal%2flogin%3bjsessionid%3d8c906869b083466644e1326f893324a0.web2" onsubmit="wkuSessionCookie()"> <div class="logo"></div> <!-- WKUMOD JLM Moved logo here --> <div class="box" id="login"> <!-- Congratulations on bringing CAS online! The default authentication handler authenticates where usernames equal passwords: go ahead, try it out. --> ...[3187 bytes skipped]... | ||
http://portal-cas.wku.edu:8447/test404page.js | 200 Assumed OK Content-Length: 7 | clean |