Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: whats-your-deal.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 20:49:28 GMT
Accept-Ranges: bytes
Server: Apache/2.2
Content-Length: 1309
Content-Type: text/html; charset=UTF-8
Last-Modified: Sun, 10 Mar 2013 06:34:11 GMT
Set-Cookie: X-Mapping-kgmggapi=873999F88A1706F4C38A4CE4E5693989; path=/
...1309 bytes of data.
GET / HTTP/1.1
Host: whats-your-deal.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 20:49:28 GMT
Accept-Ranges: bytes
Server: Apache/2.2
Content-Length: 1309
Content-Type: text/html; charset=UTF-8
Last-Modified: Sun, 10 Mar 2013 06:34:11 GMT
Set-Cookie: X-Mapping-kgmggapi=873999F88A1706F4C38A4CE4E5693989; path=/
...1309 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: whats-your-deal.com
Referer: http://www.google.com/search?q=whats-your-deal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: whats-your-deal.com
Referer: http://www.google.com/search?q=whats-your-deal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://whats-your-deal.com/ | HTTP/1.1 200 OK Connection: close Date: Mon, 29 Sep 2014 20:49:28 GMT Accept-Ranges: bytes Server: Apache/2.2 Content-Length: 1309 Content-Type: text/html; charset=UTF-8 Last-Modified: Sun, 10 Mar 2013 06:34:11 GMT Set-Cookie: X-Mapping-kgmggapi=873999F88A1706F4C38A4CE4E5693989; path=/ | clean |
http://www.whats-your-deal.com/forums/activity.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 20:49:35 GMT Location: http://www.whatsyourdeal.com/ Server: Apache/2.2 Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: X-Mapping-kgmggapi=5272DF74C6DCE2926E1F94C47FC65BFE; path=/ | clean |
http://www.whatsyourdeal.com/ | 200 OK Content-Length: 42073 Content-Type: text/html | clean |
http://www.whatsyourdeal.com/funclib.js | 200 OK Content-Length: 13017 Content-Type: application/x-javascript | clean |
http://whats-your-deal.com/scripts/img-swapper.js | 404 Not Found Content-Length: 293 Content-Type: text/html | clean |
http://whats-your-deal.com/test404page.js | 404 Not Found Content-Length: 285 Content-Type: text/html | clean |
http://whats-your-deal.com/scripts/AC_RunActiveContent.js | 404 Not Found Content-Length: 301 Content-Type: text/html | clean |
http://whats-your-deal.com/spry/SpryAccordion.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://whats-your-deal.com/scripts/AC_ActiveX.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://web.archive.org/web/20110718035236js_/http://www.whatsyourdeal.com/swfobject.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Sep 2014 20:49:35 GMT Location: /web/20110718035209js_/http://www.whatsyourdeal.com/swfobject.js Server: Tengine/2.0.3 Content-Type: application/x-javascript Link: <http://www.whatsyourdeal.com/swfobject.js>; rel="original" Set-Cookie: wayback_server=59; Domain=archive.org; Path=/; Expires=Wed, 29-Oct-14 20:49:35 GMT; Set-Cookie: wb_total_perf=232; Expires=Mon, 29-Sep-2014 20:50:35 GMT; Path=/web/20110718035236js_/http://www.whatsyourdeal.com/swfobject.js X-Archive-Playback: 0 X-Archive-Wayback-Perf: [IndexLoad: 230, IndexQueryTotal: 230, Total: 232] X-Page-Cache: MISS | clean |
http://web.archive.org/web/20110718035209js_/http://www.whatsyourdeal.com/swfobject.js | 200 OK Content-Length: 10553 Content-Type: application/x-javascript | clean |
http://www.whatsyourdeal.com/scripts/loginlib.js | 200 OK Content-Length: 5220 Content-Type: application/x-javascript | clean |
http://whats-your-deal.com/funclib.js | 404 Not Found Content-Length: 281 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whats-your-deal.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whats-your-deal.com/
Result: whats-your-deal.com is not infected or malware details are not published yet.
Result: whats-your-deal.com is not infected or malware details are not published yet.