Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kimklaverblogs.wholefoodnation.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 03:54:35 GMT
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Link: <http://wp.me/1xXRx>; rel=shortlink
Set-Cookie: wfvt_3268987817=542f6f79c11a0; expires=Sat, 04-Oct-2014 04:24:33 GMT; path=/; httponly
X-Pingback: http://kimklaverblogs.com/xmlrpc.php
GET / HTTP/1.1
Host: kimklaverblogs.wholefoodnation.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 03:54:35 GMT
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Link: <http://wp.me/1xXRx>; rel=shortlink
Set-Cookie: wfvt_3268987817=542f6f79c11a0; expires=Sat, 04-Oct-2014 04:24:33 GMT; path=/; httponly
X-Pingback: http://kimklaverblogs.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: kimklaverblogs.wholefoodnation.com
Referer: http://www.google.com/search?q=kimklaverblogs.wholefoodnation.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kimklaverblogs.wholefoodnation.com
Referer: http://www.google.com/search?q=kimklaverblogs.wholefoodnation.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://kimklaverblogs.wholefoodnation.com/ | 200 OK Content-Length: 73943 Content-Type: text/html | clean |
http://kimklaverblogs.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://kimklaverblogs.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://webplayer.yahooapis.com/player-beta.js | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=300 Connection: close Date: Sat, 04 Oct 2014 03:54:41 GMT Via: HTTP/1.1 web11.use45.mobstor.bf1.yahoo.com UserFiberFramework/1.0, http/1.1 l9.ycs.dee.yahoo.com (ApacheTrafficServer) Age: 1 Location: http://bcp-usw45.zenfs.com/ptw/webplayer/player-beta.js?noredirect=1&visited=gops.use45.mobstor.vip.bf1.yahoo.com Server: ATS Vary: Accept-Encoding Content-Length: 25 Content-Type: text/html; charset=iso-8859-1 Expires: Sat, 04 Oct 2014 03:59:41 GMT X-Ysws-Error-Detail: not_in_objectstore X-Ysws-Request-Id: d21aeac1-6aed-49b6-b8c7-0eca08a80970 X-Ysws-Visited-Replicas: gops.use45.mobstor.vip.bf1.yahoo.com | clean |
http://bcp-usw45.zenfs.com/ptw/webplayer/player-beta.js?noredirect=1&visited=gops.use45.mobstor.vip.bf1.yahoo.com | 404 Not Found Content-Length: 25 Content-Type: text/html | clean |
http://bcp-usw45.zenfs.com/test404page.js | 400 Bad Request Content-Length: 18 | clean |
http://kimklaverblogs.com/wp-content/plugins/jetpack/modules/shortcodes/js/jquery.cycle.js?ver=2.9999.8 | 200 OK Content-Length: 52470 Content-Type: application/javascript | clean |
http://kimklaverblogs.com/wp-content/plugins/jetpack/modules/shortcodes/js/slideshow-shortcode.js?ver=20121214.1 | 200 OK Content-Length: 5554 Content-Type: application/javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201440 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Octaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://kimklaverblogs.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.9.2 | 200 OK Content-Length: 959 Content-Type: application/javascript | clean |
http://kimklaverblogs.com/wp-content/themes/ward-pro/library/js/bootstrap.min.js?ver=3.0.0 | 200 OK Content-Length: 27726 Content-Type: application/javascript | clean |
http://kimklaverblogs.com/wp-content/themes/ward-pro/library/js/theme.js?ver=3.9.2 | 200 OK Content-Length: 1557 Content-Type: application/javascript | clean |
http://kimklaverblogs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=20121205 | 200 OK Content-Length: 39177 Content-Type: application/javascript | clean |
http://stats.wp.com/e-201440.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kimklaverblogs.wholefoodnation.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kimklaverblogs.wholefoodnation.com/
Result: kimklaverblogs.wholefoodnation.com is not infected or malware details are not published yet.
Result: kimklaverblogs.wholefoodnation.com is not infected or malware details are not published yet.