Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zippyman.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 01 Dec 2015 22:43:39 GMT
Accept-Ranges: bytes
ETag: "51a-49d4b677a02c0"
Server: Apache
Vary: Accept-Encoding
Content-Length: 1306
Content-Type: text/html
Last-Modified: Sun, 27 Feb 2011 22:51:31 GMT
...1306 bytes of data.
GET / HTTP/1.1
Host: zippyman.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 01 Dec 2015 22:43:39 GMT
Accept-Ranges: bytes
ETag: "51a-49d4b677a02c0"
Server: Apache
Vary: Accept-Encoding
Content-Length: 1306
Content-Type: text/html
Last-Modified: Sun, 27 Feb 2011 22:51:31 GMT
...1306 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: zippyman.com
Referer: http://www.google.com/search?q=zippyman.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zippyman.com
Referer: http://www.google.com/search?q=zippyman.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://zippyman.com/ | HTTP/1.1 200 OK Connection: close Date: Tue, 01 Dec 2015 22:43:39 GMT Accept-Ranges: bytes ETag: "51a-49d4b677a02c0" Server: Apache Vary: Accept-Encoding Content-Length: 1306 Content-Type: text/html Last-Modified: Sun, 27 Feb 2011 22:51:31 GMT | clean |
https://www.facebook.com/ant.hacktim | HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, must-revalidate Connection: close Date: Tue, 01 Dec 2015 22:43:37 GMT Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html Expires: Sat, 01 Jan 2000 00:00:00 GMT P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Public-Key-Pins-Report-Only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/" Set-Cookie: reg_ext_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.facebook.com; httponly Strict-Transport-Security: max-age=15552000; preload X-Content-Type-Options: nosniff X-FB-Debug: Am4bUDCRTTrOLxTKgVsKaiyWNixW7H0ZW7wEgWhG82N+rNxVk98z5UEKDktITaBA1qvewx6KzsJoP3FwQEm5ng== X-Frame-Options: DENY X-UA-Compatible: IE=edge,chrome=1 X-XSS-Protection: 0 | clean |
https://www.facebook.com/ant.hacktim?_fb_noscript=1 | 404 Not Found Content-Length: 25441 Content-Type: text/html | clean |
https://static.xx.fbcdn.net/rsrc.php/v2/yQ/r/kkzmfTE_zAL.js | 200 OK Content-Length: 113263 Content-Type: application/x-javascript | clean |
http://zippyman.com/recover/initiate?lwv=110 | 404 Not Found Content-Length: 333 Content-Type: text/html | clean |
http://zippyman.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://zippyman.com/r.php?locale=lt_LT | 404 Not Found Content-Length: 322 Content-Type: text/html | clean |
http://zippyman.com/help/?ref=404 | 404 Not Found Content-Length: 322 Content-Type: text/html | clean |
http://zippyman.com/r.php | 404 Not Found Content-Length: 322 Content-Type: text/html | clean |
http://zippyman.com/login/ | 404 Not Found Content-Length: 323 Content-Type: text/html | clean |
http://zippyman.com/lite/ | 404 Not Found Content-Length: 322 Content-Type: text/html | clean |
http://zippyman.com/mobile/?ref=pf | 404 Not Found Content-Length: 324 Content-Type: text/html | clean |
http://zippyman.com/find-friends?ref=pf | 404 Not Found Content-Length: 329 Content-Type: text/html | clean |
http://zippyman.com/badges/?ref=pf | 404 Not Found Content-Length: 324 Content-Type: text/html | clean |
http://zippyman.com/directory/people/ | 404 Not Found Content-Length: 334 Content-Type: text/html | clean |
http://zippyman.com/directory/pages/ | 404 Not Found Content-Length: 333 Content-Type: text/html | clean |
http://zippyman.com/places/ | 404 Not Found Content-Length: 324 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zippyman.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zippyman.com/
Result: zippyman.com is not infected or malware details are not published yet.
Result: zippyman.com is not infected or malware details are not published yet.