Cannot get to https://app.webinspector.com/recent_detections

My browser won’t open this uri, because of too many redirects. Is this a browser cache problem or are cookies being blocked?
Or could it be something at my ISP?
For this I get a privacy error: htxps://199.66.200.37/recent%20detections
See these allerted via PHISH-Watch:
Up(nil): 199.66.200.37 to 199.66.200.37 webinspector dot com htxp://app.webinspector.com/public/url_feedbacks
Up(nil): 199.66.200.37 to 199.66.200.37 webinspector dot com htxp://app.webinspector.com/online_scan?note=7

Via webproxy I can get where I wanna go: http://www.webproxy.net/view?q=http%3A%2F%2Fapp.webinspector.com%2Frecent_detections

polonus

https://app.webinspector.com/recent_detections
Not opening with all shields disabled.
Must be a problem on the site.

https://app.webinspector.com
Opening without a problem.

hxxps://app.webinspector.com/recent_detections opening fine here on chrome

Means as Eddy reports it too, this redirect loop could just be for our aerea.
Can anyone check that?
Here I can get there via a 302 error initially, see: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http://app.webinspector.com/recent_detections&acceptheader=&useragentheader=
See:

HTTP/1.1 302 Found
Date: Fri, 24 Oct 2014 16:42:04 GMT
Server: Apache
Location: http://app.webinspector.com/recent_detections
Content-Length: 300
Content-Type: text/html; charset=iso-8859-1

polonus

Reason to believe there is phishing going on there. Re: http://jsunpack.jeek.org/?report=3ef03c5e3c72e937bd7b6c379415f1a6a4e5b094
via -server.iad.liveperson.net/hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=/www.instantssl.com/ssl-certificate-images/liveperson/sales
See this dork: http://xss.cx/2011/09/18/ghdb/dork-xss-reflected-cross-site-scripting-cwe79-capec86-javascript-handler-style-attribute-injection-onmouseover-example-poc-report-01.html
See for warnings on asafa-scan: https://asafaweb.com/Scan?Url=server.iad.liveperson.net%2Fhc%2F61298727%2Fx.js%3Fcmd%3Dfile%26amp%3Bfile%3DchatScript3%26amp%3Bsite%3D61298727%26amp%3B%26amp%3BimageUrl%3D%2Fwww.instantssl.com%2Fssl-certificate-images%2Fliveperson%2Fsale
See on Set-Cookies which may create the redirect-loop problem: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=server.iad.liveperson.net%2Fhc%2F61298727%2Fx.js%3Fcmd%3Dfile%26amp%3Bfile%3DchatScript3%26amp%3Bsite%3D61298727%26amp%3B%26amp%3BimageUrl%3D%2Fwww.instantssl.com%2Fssl-certificate-images%2Fliveperson%2Fsale&useragentheader=&acceptheader=

polonus

Via a smartphone I can get to that uri
It is on the same wifi connection, but on W8 does not resolve.

pol

To-day I could not log-in to http://www.msn.com/nl-nl?pc=XXXXX&ocid=XXXXXXX
What is causing this? Is it with Google Chrome or is it with my ISP.
I think the first as in IE all sites open without any hesitation so it is browser related.
This took some time to be resolved with the Google Chrome browser renderer:
http://jsunpack.jeek.org/?report=e9a285f3f1645493b1f63921e737ac32f470efb4
Open link with NoScript active in a VM or sandbox - for security research only.
In Google Chrome I get: info: [script] app.webinspector.com/assets/application-8a32489ca49a3dfa26b88de8747c29f0.js
info: [decodingLevel=0] found JavaScript
error: undefined variable document.URL
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var document.URL = 1;
error: line:1: …^
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3:
error: line:3: …^
&
app.webinspector.com/js/utm.js benign
[nothing detected] (script) app.webinspector.com/js/utm.js
status: (referer=app.webinspector.com/assets/javascript:false;)
hangs on this script: server.iad.liveperson.net/hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=/www.instantssl.com/ssl-certificate-images/liveperson/sales

suspicious: info: [iframe] app.webinspector.com/assets/javascript:false;
info: [decodingLevel=0] found JavaScript
error: undefined function d.getElementsByTagName
error: undefined variable d
suspicious
I get initia;;y this response: The document has moved here.


http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http://app.webinspector.com/recent_detections&acceptheader=&useragentheader=

polonus

Header security, just one setting is OK:
Security Headers for https://app.webinspector.com/recent_detections
Using user-agent for Chrome 31.0-WinXP 32-bit

Result Category Name Actual Value Our Recommendation
Missing Framing X-Frame-Options Use ‘sameorigin’
Warning Transport Strict-Transport-Security max-age=15768000 Use ‘max-age=31536000; includeSubDomains’
Missing Content X-Content-Type-Options Use ‘nosniff’
Correct Content Content-Type text/html; charset=utf-8 Use ‘text/html;charset=utf-8’
Missing XSS X-XSS-Protection Use ‘1; mode=block’
Warning Cookies Set-Cookie risk=; path=/; expir…ov-2014 17:23:07 GMT Add ‘secure; httponly;’
Warning Cookies Set-Cookie list=50; path=/; exp…ov-2014 17:23:07 GMT Add ‘secure; httponly;’
Warning Cookies Set-Cookie _WI_session=e6a0e0ce…:38:07 GMT; HttpOnly Add ‘secure;’
Warning Caching Cache-Control max-age=0, private, must-revalidate Add ‘no-cache, no-store’
Missing Caching Pragma Use ‘no-cache’
Missing Caching Expires Use ‘-1’
Missing Access Control X-Permitted-Cross-Domain-Policies Use ‘master-only’
Missing Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src ‘self’, avoid ‘unsafe-inline’ and ‘unsafe-eval’
Other Headers
Name Value
ETag “c590764761591ea9e394ca9051561269”
X-Request-Id 7f0ba18b65fc97db2780b66f2d4c2f97
X-UA-Compatible IE=Edge,chrome=1
Date Mon, 27 Oct 2014 17:23:07 GMT
X-Rack-Cache miss
Connection Keep-Alive
Status 200
Keep-Alive timeout=5, max=100
Content-Length 25140
Server Apache

polonus

All by it’s own the issue was solved, webpage uri now resolves normally without any redirect loop alert.
Haven’t a clue, but apparently it was at the server side.
Must reveal I used this check: http://best-seo-tools.net/googlecheck/

polonus