Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: a3body.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 19:28:11 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wc_session_cookie_d0bc567a8d043883e799b5dab6c5e46a=l3r6QwLzYomb5IaQzQj1WNPaAKEIwtiH%7C%7C1422646092%7C%7C1422642492%7C%7C400e4aba69e2176ff9d7cd4681cb182e; expires=Fri, 30-Jan-2015 19:28:12 GMT; path=/; httponly
Set-Cookie: woocommerce_items_in_cart=0; expires=Wed, 28-Jan-2015 18:28:12 GMT; path=/
Set-Cookie: woocommerce_cart_hash=0; expires=Wed, 28-Jan-2015 18:28:12 GMT; path=/
X-Pingback: http://a3body.com/xmlrpc.php
GET / HTTP/1.1
Host: a3body.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 19:28:11 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wc_session_cookie_d0bc567a8d043883e799b5dab6c5e46a=l3r6QwLzYomb5IaQzQj1WNPaAKEIwtiH%7C%7C1422646092%7C%7C1422642492%7C%7C400e4aba69e2176ff9d7cd4681cb182e; expires=Fri, 30-Jan-2015 19:28:12 GMT; path=/; httponly
Set-Cookie: woocommerce_items_in_cart=0; expires=Wed, 28-Jan-2015 18:28:12 GMT; path=/
Set-Cookie: woocommerce_cart_hash=0; expires=Wed, 28-Jan-2015 18:28:12 GMT; path=/
X-Pingback: http://a3body.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: a3body.com
Referer: http://www.google.com/search?q=a3body.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: a3body.com
Referer: http://www.google.com/search?q=a3body.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.a3body.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 Jan 2015 19:28:08 GMT Location: http://a3body.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: wc_session_cookie_d0bc567a8d043883e799b5dab6c5e46a=eF2IAMAAlcflrRjTDbFyTyn5qZ2OhGjw%7C%7C1422646090%7C%7C1422642490%7C%7Cd0ca3c9b6eb40db9f659997a4d325320; expires=Fri, 30-Jan-2015 19:28:10 GMT; path=/; httponly Set-Cookie: woocommerce_items_in_cart=0; expires=Wed, 28-Jan-2015 18:28:10 GMT; path=/ Set-Cookie: woocommerce_cart_hash=0; expires=Wed, 28-Jan-2015 18:28:10 GMT; path=/ X-Pingback: http://a3body.com/xmlrpc.php | clean |
http://a3body.com/ | 200 OK Content-Length: 51038 Content-Type: text/html | clean |
http://a3body.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://a3body.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://a3body.com/wp-content/plugins/jquery-collapse-o-matic/js/collapse.min.js?ver=1.5.1 | 200 OK Content-Length: 8802 Content-Type: application/javascript | clean |
http://a3body.com/wp-content/plugins/jquery-collapse-o-matic/js/jquery.livequery.min.js?ver=1.0 | 200 OK Content-Length: 3007 Content-Type: application/javascript | clean |
http://a3body.com/wp-content/themes/spreadr/js/jquery.easing.1.3.js?ver=3.9.1 | 200 OK Content-Length: 8101 Content-Type: application/javascript | clean |
https://apis.google.com/js/plusone.js?ver=3.9.1 | 200 OK Content-Length: 12813 Content-Type: application/javascript | clean |
http://twitter.com/javascripts/blogger.js?ver=3.9.1 | HTTP/1.1 301 Moved Permanently Date: Wed, 28 Jan 2015 19:28:17 UTC Location: https://twitter.com/javascripts/blogger.js?ver=3.9.1 Server: tsa_b Content-Length: 0 Set-Cookie: guest_id=v1%3A142247329759461281; Domain=.twitter.com; Path=/; Expires=Fri, 27-Jan-2017 19:28:17 UTC X-Connection-Hash: 1ea4e5fee2dce0270254150c12dd0e02 X-Response-Time: 2 | clean |
https://twitter.com/javascripts/blogger.js?ver=3.9.1 | 404 Not Found Content-Length: 4311 Content-Type: text/html | clean |
https://abs.twimg.com/errors/404-4f54405af9c0bcdecbe656ca8893f7a9.js | 200 OK Content-Length: 10803 Content-Type: application/javascript | clean |
https://twitter.com/ | 200 OK Content-Length: 59635 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/en/init.f12e4bccf03dd5bde411545dce8e6fd5eeaca364.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=id | 200 OK Content-Length: 59927 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/id/init.969a3a222ab03aea0d6634fc47bd6b30a70ed0b7.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=msa | 200 OK Content-Length: 60097 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/msa/init.f5d8773a14eac39c31698a7aeb06ee23df00c417.js | 200 OK Content-Length: 303363 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=a3body.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://a3body.com/
Result: a3body.com is not infected or malware details are not published yet.
Result: a3body.com is not infected or malware details are not published yet.