Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xossip.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Thu, 22 Jan 2015 19:39:38 GMT
Pragma: private
Server: nginx/1.2.8
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: xblastvisit=1421955578; expires=Fri, 22-Jan-2016 19:39:38 GMT; path=/
Set-Cookie: xblastactivity=0; expires=Fri, 22-Jan-2016 19:39:38 GMT; path=/
GET / HTTP/1.1
Host: xossip.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Thu, 22 Jan 2015 19:39:38 GMT
Pragma: private
Server: nginx/1.2.8
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: xblastvisit=1421955578; expires=Fri, 22-Jan-2016 19:39:38 GMT; path=/
Set-Cookie: xblastactivity=0; expires=Fri, 22-Jan-2016 19:39:38 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: xossip.com
Referer: http://www.google.com/search?q=xossip.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xossip.com
Referer: http://www.google.com/search?q=xossip.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://xossip.com/ | 200 OK Content-Length: 52784 Content-Type: text/html | clean |
http://ads4pubs.com/www/delivery/spcjs.php?id=2&block=1&cb=1616157863 | 200 OK Content-Length: 2316 Content-Type: application/x-javascript | clean |
http://srv.xossip.com/clientscript/vbulletin_global.js?v=361 | 200 OK Content-Length: 37284 Content-Type: application/x-javascript | clean |
http://srv.xossip.com/clientscript/vbulletin_menu.js?v=361 | 200 OK Content-Length: 16160 Content-Type: application/x-javascript | clean |
http://srv.xossip.com/clientscript/vbulletin_md5.js?v=361 | 200 OK Content-Length: 9661 Content-Type: application/x-javascript | clean |
http://srv.xossip.com/clientscript/vbulletin_read_marker.js?v=361 | 200 OK Content-Length: 6818 Content-Type: application/x-javascript | clean |
http://xossip.com//go.mobisla.com/notice.php?p=37736&interactive=1&pushup=1/ | 404 Not Found Content-Length: 16 Content-Type: text/html | clean |
http://xossip.com/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Thu, 22 Jan 2015 19:39:43 GMT Server: nginx/1.2.8 Content-Type: text/html | clean |
http://www.xossip.com/ | 200 OK Content-Length: 52708 Content-Type: text/html | clean |
http://ads4pubs.com/www/delivery/spcjs.php?id=2&block=1&cb=2146301840 | 200 OK Content-Length: 2316 Content-Type: application/x-javascript | clean |
http://xossip.com/register.php?s=52f94d8be877fc1683c59ac1a7ddbe91 | 200 OK Content-Length: 7894 Content-Type: text/html | clean |
http://ads4pubs.com/www/delivery/spcjs.php?id=2&block=1&cb=897439334 | 200 OK Content-Length: 2314 Content-Type: application/x-javascript | clean |
http://xossip.com/sendmessage.php | 200 OK Content-Length: 13686 Content-Type: text/html | clean |
http://ads4pubs.com/www/delivery/spcjs.php?id=2&block=1&cb=1863665094 | 200 OK Content-Length: 2316 Content-Type: application/x-javascript | clean |
http://api.recaptcha.net/challenge?k=6LcejccSAAAAAOQnTs_fpyDVC_n5fX2rkaAhhpuI | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 22 Jan 2015 19:39:53 GMT Pragma: no-cache Accept-Ranges: none Location: http://www.google.com/recaptcha/api/challenge?k=6LcejccSAAAAAOQnTs_fpyDVC_n5fX2rkaAhhpuI Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic,p=0.02 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.com/recaptcha/api/challenge?k=6lcejccsaaaaaoqnts_fpydvc_n5fx2rkaahhpui | 200 OK Content-Length: 67 Content-Type: text/javascript | clean |
http://xossip.com/login.php?s=52f94d8be877fc1683c59ac1a7ddbe91&do=lostpw | 200 OK Content-Length: 11984 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xossip.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xossip.com/
Result: xossip.com is not infected or malware details are not published yet.
Result: xossip.com is not infected or malware details are not published yet.