Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxnxnnx.info
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 17:54:31 GMT
Location: http://www.xxnxnnx.info/
Server: nginx
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Set-Cookie: blog_newvisitor=1; expires=Sat, 04-Oct-2014 18:00:27 GMT; path=/
Set-Cookie: wfvt_3391344847=5430345761b1f; expires=Sat, 04-Oct-2014 18:24:31 GMT; path=/; httponly
X-Pingback: http://www.xxnxnnx.info/xmlrpc.php
X-Powered-By: PHP/5.3.23
GET / HTTP/1.1
Host: xxnxnnx.info
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 17:54:31 GMT
Location: http://www.xxnxnnx.info/
Server: nginx
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Set-Cookie: blog_newvisitor=1; expires=Sat, 04-Oct-2014 18:00:27 GMT; path=/
Set-Cookie: wfvt_3391344847=5430345761b1f; expires=Sat, 04-Oct-2014 18:24:31 GMT; path=/; httponly
X-Pingback: http://www.xxnxnnx.info/xmlrpc.php
X-Powered-By: PHP/5.3.23
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxnxnnx.info
Referer: http://www.google.com/search?q=xxnxnnx.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxnxnnx.info
Referer: http://www.google.com/search?q=xxnxnnx.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://xxnxnnx.info/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 17:54:31 GMT Location: http://www.xxnxnnx.info/ Server: nginx Vary: Cookie Content-Type: text/html; charset=UTF-8 Set-Cookie: blog_newvisitor=1; expires=Sat, 04-Oct-2014 18:00:27 GMT; path=/ Set-Cookie: wfvt_3391344847=5430345761b1f; expires=Sat, 04-Oct-2014 18:24:31 GMT; path=/; httponly X-Pingback: http://www.xxnxnnx.info/xmlrpc.php X-Powered-By: PHP/5.3.23 | clean |
http://www.xxnxnnx.info/ | 200 OK Content-Length: 34331 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://demonpictures.info/js/clickunder.js | 200 OK Content-Length: 205 Content-Type: application/x-javascript | clean |
http://www.xxnxnnx.info/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://www.xxnxnnx.info/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://www.xxnxnnx.info/wp-content/plugins/fake-traffic-blaster//js/ftblaster.js?ver=1.0 | 200 OK Content-Length: 656 Content-Type: application/x-javascript | clean |
http://adspaces.ero-advertising.com/adspace/209473.js | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/209474.js | 200 OK Content-Length: 2431 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214848.js | 200 OK Content-Length: 1282 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/214849.js | 200 OK Content-Length: 1282 Content-Type: application/javascript | clean |
http://xxnxnnx.info/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 04 Oct 2014 17:54:35 GMT Pragma: no-cache Location: http://www.xxnxnnx.info/test404page.js Server: nginx Vary: Cookie Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: blog_newvisitor=1; expires=Sat, 04-Oct-2014 18:00:31 GMT; path=/ Set-Cookie: wfvt_3391344847=5430345bc39a9; expires=Sat, 04-Oct-2014 18:24:35 GMT; path=/; httponly X-Pingback: http://www.xxnxnnx.info/xmlrpc.php X-Powered-By: PHP/5.3.23 | clean |
http://www.xxnxnnx.info/test404page.js | 404 Not Found Content-Length: 34009 Content-Type: text/html | clean |
http://www.xxnxnnx.info/feed | 200 OK Content-Length: 17757 Content-Type: text/xml | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxnxnnx.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xxnxnnx.info/
Result: xxnxnnx.info is not infected or malware details are not published yet.
Result: xxnxnnx.info is not infected or malware details are not published yet.