Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: weeelks.org
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 21 Apr 2015 05:13:18 GMT
Location: http://sports.bluesombrero.com/Default.aspx?tabid=764965
Server: Apache/2.2.22 (Debian)
Content-Length: 317
Content-Type: text/html; charset=iso-8859-1
...317 bytes of data.
GET / HTTP/1.1
Host: weeelks.org
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 21 Apr 2015 05:13:18 GMT
Location: http://sports.bluesombrero.com/Default.aspx?tabid=764965
Server: Apache/2.2.22 (Debian)
Content-Length: 317
Content-Type: text/html; charset=iso-8859-1
...317 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: weeelks.org
Referer: http://www.google.com/search?q=weeelks.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: weeelks.org
Referer: http://www.google.com/search?q=weeelks.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://weeelks.org/ | HTTP/1.1 302 Found Connection: close Date: Tue, 21 Apr 2015 05:13:18 GMT Location: http://sports.bluesombrero.com/Default.aspx?tabid=764965 Server: Apache/2.2.22 (Debian) Content-Length: 317 Content-Type: text/html; charset=iso-8859-1 | clean |
http://sports.bluesombrero.com/default.aspx?tabid=764965 | 200 OK Content-Length: 31527 Content-Type: text/html | clean |
http://sports.bluesombrero.com/resources/shared/scripts/jquery/jquery.min.js?cdv=13 | 200 OK Content-Length: 92633 Content-Type: application/x-javascript | clean |
http://weeelks.org/resources/shared/scripts/jquery/jquery-migrate.min.js?cdv=13 | 404 Not Found Content-Length: 328 Content-Type: text/html | clean |
http://weeelks.org/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://weeelks.org/resources/shared/scripts/jquery/jquery-ui.min.js?cdv=13 | 404 Not Found Content-Length: 323 Content-Type: text/html | clean |
http://weeelks.org/WebResource.axd?d=hRAPtLMkeEihx6wLrp5Jesc296a0HTiiYTo5DhNUweejahaneuKg_1A3r5mTKrFvMSXadJeZ_qH1fTb80&t=635418424260000000 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://weeelks.org/desktopmodules/bsb/bsb.controls/resources/jquery.hoverintent.js?v=10 | 404 Not Found Content-Length: 338 Content-Type: text/html | clean |
http://weeelks.org/desktopmodules/bsb/bsb.controls/resources/jquery.contenthome.helper.js?v=10 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://weeelks.org/desktopmodules/at/at.common.usercontrols/resources/jquery.smallpluggins.js?v=10 | 404 Not Found Content-Length: 349 Content-Type: text/html | clean |
http://weeelks.org/resources/shared/scripts/jquery/jquery-ui.min.js?v=10 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://weeelks.org/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=ScriptManager_TSM&compress=1&_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions%2c+Version%3d4.0.0.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d31bf3856ad364e35%3aen-US%3af319b152-218f-4c14-829d-050a68bb1a61%3aea597d4b%3ab25378d2%3bTelerik.Web.UI%2c+Version%3d2014.1.318.45%2c+Culture%3dneutral%2c+PublicKeyToken%3d121fae78165ba3d4%3ae <span>...164 symbols skipped</span> | 404 Not Found Content-Length: 305 Content-Type: text/html | clean |
http://weeelks.org/js/dnn.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://weeelks.org/js/debug/dnn.modalpopup.js?cdv=13 | 404 Not Found Content-Length: 301 Content-Type: text/html | clean |
http://weeelks.org/js/debug/dnn.servicesframework.js?cdv=13 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://weeelks.org/js/debug/dnncore.js?cdv=13 | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=weeelks.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://weeelks.org/
Result: weeelks.org is not infected or malware details are not published yet.
Result: weeelks.org is not infected or malware details are not published yet.