Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xfilesnews.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 27 Feb 2015 15:26:13 GMT
Pragma: no-cache
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 19d2bc9ca106dfe609a8ca62c51a2d7e=12c5df7782e32ecfc2cbc9134e7cb6bb; path=/
X-Powered-By: PHP/5.3.25
GET / HTTP/1.1
Host: xfilesnews.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 27 Feb 2015 15:26:13 GMT
Pragma: no-cache
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 19d2bc9ca106dfe609a8ca62c51a2d7e=12c5df7782e32ecfc2cbc9134e7cb6bb; path=/
X-Powered-By: PHP/5.3.25
Second query (visit from search engine):
GET / HTTP/1.1
Host: xfilesnews.com
Referer: http://www.google.com/search?q=xfilesnews.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xfilesnews.com
Referer: http://www.google.com/search?q=xfilesnews.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://xfilesnews.com/ | 200 OK Content-Length: 69930 Content-Type: text/html | clean |
http://xfilesnews.com/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
http://xfilesnews.com/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/javascript | clean |
http://xfilesnews.com/media/system/js/caption.js | 200 OK Content-Length: 729 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 161933 Content-Type: application/x-javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 115360 Content-Type: application/javascript | clean |
http://xfilesnews.com/plugins/system/jcemediabox/js/jcemediabox.js?f164ea24e8567d41a795089153b69cd9 | 200 OK Content-Length: 56983 Content-Type: application/javascript | clean |
http://xfilesnews.com/plugins/content/highslide/highslide-full.packed.js | 200 OK Content-Length: 47966 Content-Type: application/javascript | clean |
http://xfilesnews.com/plugins/content/highslide/easing_equations.js | 200 OK Content-Length: 9105 Content-Type: application/javascript | clean |
http://xfilesnews.com/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 9759 Content-Type: application/javascript | clean |
http://xfilesnews.com/plugins/content/highslide/config/js/highslide-sitesettings.js | 200 OK Content-Length: 7372 Content-Type: application/javascript | clean |
http://xfilesnews.com/media/system/js/mootools-more.js | 200 OK Content-Length: 238331 Content-Type: application/javascript | clean |
http://xfilesnews.com/plugins/system/rokbox/assets/js/rokbox.js | 200 OK Content-Length: 55369 Content-Type: application/javascript | clean |
http://xfilesnews.com/libraries/gantry/js/gantry-totop.js | 200 OK Content-Length: 378 Content-Type: application/javascript | clean |
http://xfilesnews.com/libraries/gantry/js/gantry-smartload.js | 200 OK Content-Length: 2815 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xfilesnews.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xfilesnews.com/
Result: xfilesnews.com is not infected or malware details are not published yet.
Result: xfilesnews.com is not infected or malware details are not published yet.