Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ixxx.ws
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 27 May 2015 11:44:48 GMT
Location: http://www.ixxx.ws/
Server: cloudflare-nginx
Content-Type: text/html; charset=iso-8859-1
CF-RAY: 1ed1784affb015ad-FRA
Set-Cookie: __cfduid=da9a7cffe6cf8ef5532be6d0ac054f0261432727087; expires=Thu, 26-May-16 11:44:47 GMT; path=/; domain=.ixxx.ws; HttpOnly
X-Cache: HIT from Backend
GET / HTTP/1.1
Host: ixxx.ws
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 27 May 2015 11:44:48 GMT
Location: http://www.ixxx.ws/
Server: cloudflare-nginx
Content-Type: text/html; charset=iso-8859-1
CF-RAY: 1ed1784affb015ad-FRA
Set-Cookie: __cfduid=da9a7cffe6cf8ef5532be6d0ac054f0261432727087; expires=Thu, 26-May-16 11:44:47 GMT; path=/; domain=.ixxx.ws; HttpOnly
X-Cache: HIT from Backend
Second query (visit from search engine):
GET / HTTP/1.1
Host: ixxx.ws
Referer: http://www.google.com/search?q=ixxx.ws
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ixxx.ws
Referer: http://www.google.com/search?q=ixxx.ws
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://ixxx.ws/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 27 May 2015 11:44:48 GMT Location: http://www.ixxx.ws/ Server: cloudflare-nginx Content-Type: text/html; charset=iso-8859-1 CF-RAY: 1ed1784affb015ad-FRA Set-Cookie: __cfduid=da9a7cffe6cf8ef5532be6d0ac054f0261432727087; expires=Thu, 26-May-16 11:44:47 GMT; path=/; domain=.ixxx.ws; HttpOnly X-Cache: HIT from Backend | clean |
http://www.ixxx.ws/ | 200 OK Content-Length: 64859 Content-Type: text/html | clean |
http://www.ixxx.ws/js/html5.js | 200 OK Content-Length: 293 Content-Type: application/javascript | clean |
http://www.ixxx.ws/js/jquery-1.6.1.min.js | 200 OK Content-Length: 91342 Content-Type: application/javascript | clean |
http://www.ixxx.ws/js/jquery-ui-1.8.18.custom.min.js | 200 OK Content-Length: 210423 Content-Type: application/javascript | clean |
http://www.ixxx.ws/js/jquery.easing.min.js | 200 OK Content-Length: 8299 Content-Type: application/javascript | clean |
http://www.ixxx.ws/js/cbox/jquery.colorbox.js | 200 OK Content-Length: 9570 Content-Type: application/javascript | clean |
http://ads.juicyads.com/jsclients/jac.js | 200 OK Content-Length: 91344 Content-Type: application/x-javascript | clean |
http://pl109872.puhtml.com/e1/95/99/e195999e06f8019f228b099c046fe72d.js | 200 OK Content-Length: 11671 Content-Type: application/javascript | clean |
http://ads.mobidea.com/popunder.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://ads.mobidea.com/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ixxx.ws
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ixxx.ws/
Result: ixxx.ws is not infected or malware details are not published yet.
Result: ixxx.ws is not infected or malware details are not published yet.