Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: qma.com.qa
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 27 Aug 2014 01:31:22 GMT
Location: http://www.qm.org.qa/ar
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.25
...0 bytes of data.
GET / HTTP/1.1
Host: qma.com.qa
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 27 Aug 2014 01:31:22 GMT
Location: http://www.qm.org.qa/ar
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.25
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: qma.com.qa
Referer: http://www.google.com/search?q=qma.com.qa
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: qma.com.qa
Referer: http://www.google.com/search?q=qma.com.qa
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://qma.com.qa/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:22 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://www.qm.org.qa/ar | 200 OK Content-Length: 47494 Content-Type: text/html | clean |
http://www.qm.org.qa/sites/default/files/js/js_xAPl0qIk9eowy_iS9tNkCWXLUVoat94SQT48UBCFkyQ.js | 200 OK Content-Length: 96126 Content-Type: text/javascript | clean |
http://www.qm.org.qa/sites/default/files/js/js_ZDOaep6HA5A0eriyiN-YaNv7MHsjd-FIuFyilZ2o5cw.js | 200 OK Content-Length: 92631 Content-Type: text/javascript | clean |
http://www.qm.org.qa/sites/all/libraries/modernizr/modernizr.min.js?naiczs | 200 OK Content-Length: 11122 Content-Type: application/javascript | clean |
http://www.qm.org.qa/sites/default/files/js/js_1aorD9RPSE_AvqD9rE7ax4sixVcx4rbPtcxSNy4Zbxg.js | 200 OK Content-Length: 73160 Content-Type: text/javascript | clean |
http://www.qm.org.qa/sites/default/files/js/js_mw06s-gYd-ANxp8zZ_N-xVkvD8F3Tf5OMGUGwU-H6zY.js | 200 OK Content-Length: 286 Content-Type: text/javascript | clean |
http://www.qm.org.qa/sites/default/files/js/js_MLS44DoxQnQ5411CVLKo_u5sQ8SmoAr616_KJLxEjXc.js | 200 OK Content-Length: 19634 Content-Type: text/javascript | clean |
http://www.qm.org.qa/sites/default/files/js/js_CAyHa9XiZ4yueDPMXv6BRYFuWpJBxdDIvPyv-ZmvdFg.js | 200 OK Content-Length: 34642 Content-Type: text/javascript | clean |
http://qma.com.qa/ar | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:37 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://www.qm.org.qa/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0 Connection: Close Date: Wed, 27 Aug 2014 01:31:37 GMT Via: 1.1 varnish Age: 0 ETag: "1409103097" Location: http://www.qm.org.qa/en/test404page.js Server: nginx Vary: Accept-Encoding Content-Type: text/html Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Wed, 27 Aug 2014 01:31:37 +0000 X-AH-Environment: prod X-Cache: MISS X-Drupal-Cache: MISS X-Request-ID: v-e37d8fae-2d89-11e4-9329-22000a90093a X-Varnish: 879993748 | clean |
http://www.qm.org.qa/en/test404page.js | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
http://qma.com.qa/ar/%D8%A7%D8%B3%D9%92%D8%AA%D9%8E%D9%83%D9%92%D8%B4%D9%81 | 500 Can't connect to qma.com.qa:80 (ÐÐµÑ Ð¼Ð°ÑÑÑÑÑа до Ñзла) Content-Length: 198 Content-Type: text/plain | clean |
http://qma.com.qa/ar/%D8%A7%D9%84%D8%AD%D9%82%D9%84/%D8%A7%D9%84%D9%85%D8%AA%D8%A7%D8%AD%D9%81-%D9%88%D8%B5%D8%A7%D9%84%D8%A7%D8%AA-%D8%A7%D9%84%D8%B9%D8%B1%D8%B6 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://qma.com.qa/ar/%D8%A7%D9%84%D8%AD%D9%82%D9%84/%D8%A7%D9%84%D9%81%D9%86-%D8%A7%D9%84%D8%B9%D8%A7%D9%85 | 500 Can't connect to qma.com.qa:80 (ÐÐµÑ Ð¼Ð°ÑÑÑÑÑа до Ñзла) Content-Length: 198 Content-Type: text/plain | clean |
http://qma.com.qa/ar/%D8%A7%D9%84%D8%AD%D9%82%D9%84/%D8%A7%D9%84%D8%AA%D8%B1%D8%A7%D8%AB-%D8%A7%D9%84%D8%AB%D9%82%D8%A7%D9%81%D9%8A | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:46 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://qma.com.qa/ar/%D8%A7%D9%84%D9%85%D8%B9%D8%A7%D8%B1%D8%B6 | 500 Can't connect to qma.com.qa:80 (ÐÐµÑ Ð¼Ð°ÑÑÑÑÑа до Ñзла) Content-Length: 198 Content-Type: text/plain | clean |
http://qma.com.qa/ar/%D8%A3%D9%8E%D8%A8%D8%AF%D9%90%D8%B9 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:49 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://qma.com.qa/ar/%D9%85%D8%B7%D8%A7%D9%81%D8%A6-%D8%A7%D9%84%D8%AF%D9%88%D8%AD%D8%A9 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:50 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://qma.com.qa/ar/%D8%A8%D8%B1%D8%A7%D9%85%D8%AC-%D8%A7%D9%84%D8%AA%D8%B9%D9%84%D9%8A%D9%85 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:50 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://qma.com.qa/ar/%D8%AA%D8%B7%D8%A8%D9%8A%D9%82-%D8%AA%D9%88%D9%84%D9%8A%D8%AF-%D8%A7%D9%84%D8%A3%D9%86%D9%85%D8%A7%D8%B7 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:50 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://qma.com.qa/ar/%D8%AA%D9%88%D8%A7%D8%B5%D9%8E%D9%84%D9%92 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 27 Aug 2014 01:31:51 GMT Location: http://www.qm.org.qa/ar Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.25 | clean |
http://qma.com.qa/ar/%D8%B3%D8%B9%D8%A7%D8%AF%D8%A9-%D8%A7%D9%84%D8%B4%D9%8A%D8%AE%D8%A9-%D8%A7%D9%84%D9%85%D9%8A%D8%A7%D8%B3%D8%A9 | 500 Can't connect to qma.com.qa:80 (ÐÐµÑ Ð¼Ð°ÑÑÑÑÑа до Ñзла) Content-Length: 198 Content-Type: text/plain | clean |
http://qma.com.qa/ar/%D9%85%D8%B1%D9%83%D8%B2-%D9%88%D8%B3%D8%A7%D8%A6%D9%84-%D8%A7%D9%84%D8%AA%D9%88%D8%A7%D8%B5%D9%84-%D8%A7%D9%84%D8%A5%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=qma.com.qa
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://qma.com.qa/
Result: qma.com.qa is not infected or malware details are not published yet.
Result: qma.com.qa is not infected or malware details are not published yet.