Scanned pages/files
Request | Server response | Status |
http://www.thecrossingzine.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 07 Mar 2015 22:18:18 GMT Pragma: no-cache Location: http://thecrossingzine.com/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fd4e293e36833475ceff5eb74217ef74; path=/ Set-Cookie: wpsc_customer_cookie_96f21a43d2df9104fc948473f7103000=_9pTQ8Y7C%28xbo%7C1425939498%7Cabbcf6c5725386a7bd5d6b5e12bdd587; expires=Mon, 09-Mar-2015 22:18:18 GMT; path=/; httponly X-Pingback: http://thecrossingzine.com/xmlrpc.php | clean |
http://thecrossingzine.com/ | 200 OK Content-Length: 85656 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Islamic State ...[8099 bytes skipped]... a:has(img)").not(".nolightbox").filter( function() { return /\.(jpe?g|png|gif|bmp)$/i.test(jQuery(this).attr('href')) }); jQuery("a.fancybox").fancybox({ 'cyclic': false, 'autoScale': false, 'padding': </script><html><head><style>body{background-color: black; color: transparent}</style></head><body><center><h1 style="color: red">Hacked by Islamic State</h1><img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAkQAAAFFCAYAAAANVPJiAAAgAElEQVR4nOydeZwUxfn/Pz3Xzt677L3LwsJy34dBUBQRPAAVETFi1GC8Qcnvi+IRLxJjNPEiEr/eRmJExUSTeEWjSFQSEL4qKpfLci2wCCyw9+5c9fuD1KSmpqqnZ3ZhZp3n/XrVq2f6qHqqu7rq009VVxsAGAiCIAiCIJIYW7wNIAiCIAiCiDckiAiCIAiCSHpIEBEEQRAEkfSQICIIgiAIIukhQUQQBEEQRNJDgoggCIIgiKSHBBFBEARBEEkPCSKCOI7k5uZixowZsNvt8TaFIAiCECBBRBDHibKyMjzxxBNYvnw5hg8fHm9zCIIgCAE7gEXxNoIgvu+UlpZi6dKlOO+882AYBgYOHIi3334bLS0t8TatS5CSkoJJ ...[80062 bytes skipped]... | ||
http://thecrossingzine.com//use.typekit.net/cmd5brg.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 07 Mar 2015 22:18:22 GMT Pragma: no-cache Location: http://thecrossingzine.com/use.typekit.net/cmd5brg.js/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=aac087ff2c53c6a36a8fe23e43e1d6ca; path=/ Set-Cookie: wpsc_customer_cookie_96f21a43d2df9104fc948473f7103000=_pNylwH1wyR05%7C1425939502%7C1ac80a63ccc4c62c50b7635b9ee09dee; expires=Mon, 09-Mar-2015 22:18:22 GMT; path=/; httponly X-Pingback: http://thecrossingzine.com/xmlrpc.php | clean |
http://thecrossingzine.com/use.typekit.net/cmd5brg.js/ | 404 Not Found Content-Length: 75315 Content-Type: text/html | clean |
http://thecrossingzine.com//ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 07 Mar 2015 22:18:26 GMT Pragma: no-cache Location: http://thecrossingzine.com/ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=dce7ed05af8dca837fd9a2f197d3db08; path=/ Set-Cookie: wpsc_customer_cookie_96f21a43d2df9104fc948473f7103000=_%29Pl%28I333yphq%7C1425939506%7C49175a4b61797b10bfe68f8a0eeba227; expires=Mon, 09-Mar-2015 22:18:26 GMT; path=/; httponly X-Pingback: http://thecrossingzine.com/xmlrpc.php | clean |
http://thecrossingzine.com/ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js/ | 404 Not Found Content-Length: 75315 Content-Type: text/html | clean |
http://thecrossingzine.com//ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 07 Mar 2015 22:18:29 GMT Pragma: no-cache Location: http://thecrossingzine.com/ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=ebe02f8cfb8bb2e888511dd9796c71e0; path=/ Set-Cookie: wpsc_customer_cookie_96f21a43d2df9104fc948473f7103000=_geBT%26awQ0eds%7C1425939509%7Cc1fbedc5a51464f0701d33a12cd00ec1; expires=Mon, 09-Mar-2015 22:18:29 GMT; path=/; httponly X-Pingback: http://thecrossingzine.com/xmlrpc.php | clean |
http://thecrossingzine.com/ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/jquery-ui.min.js/ | 404 Not Found Content-Length: 75315 Content-Type: text/html | clean |
http://thecrossingzine.com/wp-content/plugins/mootools-collapsing-archives/js/mootools-core-1.3.2-full-nocompat-yc.js?ver=1.3.2 | 200 OK Content-Length: 82619 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/mootools-collapsing-archives/js/mootools-more-1.3.2.1-yc.js?ver=1.3.2 | 200 OK Content-Length: 24153 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/mootools-collapsing-archives/js/collapsFunctions-1.3.js?ver=1.3.2 | 200 OK Content-Length: 3301 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/wp-e-commerce.js?ver=3.8.9.5.649230 | 200 OK Content-Length: 30065 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/jquery.infieldlabel.min.js?ver=3.8.9.5.649230 | 200 OK Content-Length: 1787 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/ajax.js?ver=3.8.9.5.649230 | 200 OK Content-Length: 2693 Content-Type: application/javascript | clean |
http://thecrossingzine.com/index.php?wpsc_user_dynamic_js=true&ver=3.8.9.5.649230 | 200 OK Content-Length: 1021 Content-Type: text/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/wp-e-commerce/wpsc-admin/js/jquery.livequery.js?ver=1.0.3 | 200 OK Content-Length: 6714 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/user.js?ver=3.8.9.5649230 | 200 OK Content-Length: 14672 Content-Type: application/javascript | clean |
http://thecrossingzine.com/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.4 | 200 OK Content-Length: 15667 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thecrossingzine.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 07 Mar 2015 22:18:19 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=4409ab440c3cb7c60f02597bde201536; path=/
Set-Cookie: wpsc_customer_cookie_96f21a43d2df9104fc948473f7103000=_HqS%23aL%24M2P%21r%7C1425939499%7C57ec211d338255f5392e942dd5a0238a; expires=Mon, 09-Mar-2015 22:18:19 GMT; path=/; httponly
X-Pingback: http://thecrossingzine.com/xmlrpc.php
GET / HTTP/1.1
Host: thecrossingzine.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 07 Mar 2015 22:18:19 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=4409ab440c3cb7c60f02597bde201536; path=/
Set-Cookie: wpsc_customer_cookie_96f21a43d2df9104fc948473f7103000=_HqS%23aL%24M2P%21r%7C1425939499%7C57ec211d338255f5392e942dd5a0238a; expires=Mon, 09-Mar-2015 22:18:19 GMT; path=/; httponly
X-Pingback: http://thecrossingzine.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: thecrossingzine.com
Referer: http://www.google.com/search?q=thecrossingzine.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thecrossingzine.com
Referer: http://www.google.com/search?q=thecrossingzine.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thecrossingzine.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thecrossingzine.com/
Result: thecrossingzine.com is not infected or malware details are not published yet.
Result: thecrossingzine.com is not infected or malware details are not published yet.