Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xjocurimasini.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 30 Sep 2014 00:58:33 GMT
Location: http://al3ab.y4yy.com
Server: nginx admin
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
X-Cache: HIT from Backend
...229 bytes of data.
GET / HTTP/1.1
Host: xjocurimasini.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 30 Sep 2014 00:58:33 GMT
Location: http://al3ab.y4yy.com
Server: nginx admin
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
X-Cache: HIT from Backend
...229 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xjocurimasini.com
Referer: http://www.google.com/search?q=xjocurimasini.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xjocurimasini.com
Referer: http://www.google.com/search?q=xjocurimasini.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://xjocurimasini.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 30 Sep 2014 00:58:33 GMT Location: http://al3ab.y4yy.com Server: nginx admin Content-Length: 229 Content-Type: text/html; charset=iso-8859-1 X-Cache: HIT from Backend | clean |
http://al3ab.y4yy.com/ | 200 OK Content-Length: 34436 Content-Type: text/html | clean |
http://al3ab.y4yy.com/jscripts/jquery.js | 200 OK Content-Length: 71582 Content-Type: application/x-javascript | clean |
http://al3ab.y4yy.com/jscripts/global.js | 200 OK Content-Length: 19442 Content-Type: application/x-javascript | clean |
http://al3ab.y4yy.com/jscripts/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/x-javascript | clean |
http://al3ab.y4yy.com/templates/y4yy2014/js/jquery.easing.min.js | 200 OK Content-Length: 4824 Content-Type: application/x-javascript | clean |
http://al3ab.y4yy.com/jscripts/rounq.js | 200 OK Content-Length: 1350 Content-Type: application/x-javascript | clean |
http://al3ab.y4yy.com/templates/y4yy2014/js/jquery.reveal.js | 200 OK Content-Length: 4850 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21412 Content-Type: text/javascript | clean |
http://xjocurimasini.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 30 Sep 2014 00:58:40 GMT Location: http://al3ab.y4yy.compagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: nginx admin Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 X-Cache: HIT from Backend | clean |
http://al3ab.y4yy.compagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 500 Can't connect to al3ab.y4yy.compagead2.googlesyndication.com:80 (Bad hostname) Content-Length: 218 Content-Type: text/plain | clean |
http://al3ab.y4yy.compagead2.googlesyndication.com/test404page.js | 500 Can't connect to al3ab.y4yy.compagead2.googlesyndication.com:80 (Bad hostname) Content-Length: 218 Content-Type: text/plain | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12497 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xjocurimasini.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xjocurimasini.com/
Result: xjocurimasini.com is not infected or malware details are not published yet.
Result: xjocurimasini.com is not infected or malware details are not published yet.