Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ziddu.com
Result:
GET / HTTP/1.1
Host: ziddu.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ziddu.com
Referer: http://www.google.com/search?q=ziddu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ziddu.com
Referer: http://www.google.com/search?q=ziddu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.ziddu.com/ads/banner18060.php | 200 OK Content-Length: 500 Content-Type: text/html | clean |
http://www.ziddu.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 02 Oct 2014 09:57:52 GMT Location: http://www.ziddu.com/notfound.php Server: Apache Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.ziddu.com/notfound.php | HTTP/1.1 302 Found Connection: close Date: Thu, 02 Oct 2014 09:57:52 GMT Location: http://downloads.ziddu.com/notfound.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 | clean |
http://downloads.ziddu.com/notfound.php | 200 OK Content-Length: 18303 Content-Type: text/html | clean |
http://downloads.ziddu.com/js/modernizr.custom.79639.js | 200 OK Content-Length: 8856 Content-Type: application/x-javascript | clean |
http://www.ziddu.com/js/jquery.min.js | 200 OK Content-Length: 93435 Content-Type: application/x-javascript | clean |
http://www.ziddu.com/js/cf-interstitials.js | 200 OK Content-Length: 8082 Content-Type: application/x-javascript | clean |
http://ib.adnxs.com/ttj?id=3331784 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:54 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D3331784 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=6685773260599589552; path=/; expires=Wed, 31-Dec-2014 09:57:54 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d3331784 | 200 OK Content-Length: 1010 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412243874&bdh=v37uLi-ddqug4ZiEWL35MkNW-Yc.'+c+'&id=3331784 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:54 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412243874%26bdh%3Dv37uLi-ddqug4ZiEWL35MkNW-Yc.%27%2Bc%2B%27%26id%3D3331784 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:54 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2800103475760121557; path=/; expires=Wed, 31-Dec-2014 09:57:54 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412243874%26bdh%3dv37uli-ddqug4ziewl35mknw-yc.%27%2bc%2b%27%26id%3d3331784 | 200 OK Content-Length: 391 Content-Type: application/javascript | clean |
http://ib.adnxs.com/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?id=3369176 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:55 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D3369176 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2589244070716564549; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d3369176 | 200 OK Content-Length: 1010 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412243875&bdh=BU0jr_Er60JGx-KWLA1GTZEJiMA.'+c+'&id=3369176 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:55 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412243875%26bdh%3DBU0jr_Er60JGx-KWLA1GTZEJiMA.%27%2Bc%2B%27%26id%3D3369176 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=6581704928666466490; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412243875%26bdh%3dbu0jr_er60jgx-kwla1gtzejima.%27%2bc%2b%27%26id%3d3369176 | 200 OK Content-Length: 392 Content-Type: application/javascript | clean |
http://resources.infolinks.com/js/infolinks_main.js | 200 OK Content-Length: 2361 Content-Type: application/x-javascript | clean |
http://ib.adnxs.com/ttj?id=3331807 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:55 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D3331807 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=1497498930579742839; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d3331807 | 200 OK Content-Length: 1010 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412243875&bdh=BU0jr_Er60JGx-KWLA1GTZEJiMA.'+c+'&id=3331807 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:55 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412243875%26bdh%3DBU0jr_Er60JGx-KWLA1GTZEJiMA.%27%2Bc%2B%27%26id%3D3331807 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=163020275859656970; path=/; expires=Wed, 31-Dec-2014 09:57:55 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412243875%26bdh%3dbu0jr_er60jgx-kwla1gtzejima.%27%2bc%2b%27%26id%3d3331807 | 200 OK Content-Length: 217 Content-Type: application/javascript | clean |
http://ib.adnxs.com/ttj?id=3337094 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:56 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D3337094 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:56 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:56 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=3310270586981128410; path=/; expires=Wed, 31-Dec-2014 09:57:56 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d3337094 | 200 OK Content-Length: 1010 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412243876&bdh=IaDhKX0zopbrIzumBdy3rQO0Du4.'+c+'&id=3337094 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Thu, 02 Oct 2014 09:57:56 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412243876%26bdh%3DIaDhKX0zopbrIzumBdy3rQO0Du4.%27%2Bc%2B%27%26id%3D3337094 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Wed, 31-Dec-2014 09:57:56 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Fri, 03-Oct-2014 09:57:56 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2462360965601188510; path=/; expires=Wed, 31-Dec-2014 09:57:56 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412243876%26bdh%3diadhkx0zopbrizumbdy3rqo0du4.%27%2bc%2b%27%26id%3d3337094 | 200 OK Content-Length: 222 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ziddu.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ziddu.com/
Result: ziddu.com is not infected or malware details are not published yet.
Result: ziddu.com is not infected or malware details are not published yet.